Overview
The Currently API gives you programmatic access to clinical data, analytics, pipeline processing, and organization management. All endpoints live under https://app.currently.health/api/v1 and return JSON.
Data is automatically scoped to your organization. A provider key sees only that provider's data; an HIE key sees data across its child providers; a patient key sees only the patient's own records.
Authentication
Pass your API key as a Bearer token in the Authorization header:
Authorization: Bearer aq_prv_your_key_here
Keys follow the format aq_<scope>_<32chars>. The scope prefix identifies the access level:
aq_prv_
Provider
aq_hie_
HIE
aq_pat_
Patient
aq_plt_
Platform
Important: API keys are shown only at creation time. Store them in environment variables or a secrets manager — never in source code.
Rate limits
Every key has per-minute (RPM) and per-day (RPD) limits enforced via a sliding window. Defaults vary by scope:
| Scope | Default RPM | Max RPM | Max RPD |
|---|---|---|---|
| Provider | 120 | 300 | 50,000 |
| HIE | 60 | 500 | 100,000 |
| Platform | 120 | 1,000 | 200,000 |
| Patient | 30 | 60 | 10,000 |
Every response includes rate limit headers:
X-RateLimit-Limit: 120 X-RateLimit-Remaining: 87 X-RateLimit-Reset: 1712234400 Retry-After: 42 # only on 429 responses
Errors
The API uses standard HTTP status codes. All errors return a JSON body:
| Code | Meaning | Action |
|---|---|---|
| 400 | Bad Request | Check request body and query parameters. |
| 401 | Unauthorized | Verify your API key is valid and not expired. |
| 403 | Forbidden | Your key lacks the required capability. |
| 404 | Not Found | The resource doesn't exist or isn't in your scope. |
| 429 | Too Many Requests | Wait for Retry-After seconds before retrying. |
| 500 | Server Error | Retry with exponential backoff. |
{
"error": "Rate limit exceeded",
"limit_type": "rpm",
"retry_after_seconds": 42
}Questions? Reach out to support@currently.health