API Reference
All endpoints live under /api/v1/ and support authentication via Clerk session tokens or API keys. Upload files, query analytics, configure connectivity, and manage users programmatically.
Authentication
Choose the authentication method that fits your integration — interactive sessions for web apps, API keys for service-to-service.
For interactive applications. Users authenticate through Clerk and receive session tokens that include scope, permissions, and organization context.
For programmatic access and service-to-service communication. Scoped to an organization with configurable permissions.
Endpoints
All endpoints are prefixed with /api/v1/ and return JSON responses.
POST /api/v1/upload — Send HL7 V2 or CCDA files with organization context. Returns a processing job ID for status tracking. Supports multipart file upload.
GET /api/v1/analytics/summary — Scope-filtered patient demographics, encounter counts, and medication stats. GET /api/v1/analytics/trends — Time-series analytics with configurable date ranges.
GET/POST /api/v1/admin/connectivity — Configure data sources (GCS, S3, Azure, FTP, SFTP, API) per organization. POST /test to verify connections before activation.
GET/POST /api/v1/members — List, invite, and manage organization members. Roles and permissions sync through Clerk with automatic dual-database propagation.
GET /api/v1/rbac/roles — List available roles. GET /api/v1/rbac/permissions — Permission catalog with Can flag mapping. GET /api/v1/rbac/audit — Audit log of permission changes.
GET/POST /api/v1/cms — Create, update, and publish content — blog posts, legal documents, job listings, and marketing pages. Supports draft/published workflow.
GET /api/v1/team — Team member directory and collaboration tools. Includes Google Workspace integration for directory sync.
GET/POST /api/v1/crm — Customer relationship management for tracking leads, organizations, and engagement across the platform.
GET /api/v1/billing — Stripe-integrated billing management. Subscription status, usage metrics, and invoice history per organization.
Developer Notes
All endpoints accept JSON request bodies (application/json) except the upload endpoint, which accepts multipart/form-data. Responses are always JSON with consistent error shapes.
Most endpoints automatically filter results by the authenticated user's scope. Platform admins see all data. HIE users see their network. Providers see their org. No manual org filtering needed.
Errors return structured JSON with status code, error type, and human-readable message. 401 for auth failures, 403 for permission denials, 422 for validation errors.
API endpoints are rate-limited per organization. Rate limit headers (X-RateLimit-Limit, X-RateLimit-Remaining) are included in responses.
API Keys
Create and manage API keys from your organization's settings page. Full documentation at /docs/api-keys.
Navigate to Settings → API Keys and create a key using a preset or custom configuration.
Pass your API key in the Authorization header of every request.
Get started
Start processing HL7 messages, ensure data quality, and enable FHIR-based interoperability — all from one platform.