Skip to main content
DELETE
/
appointments
/
{id}
curl -X DELETE "https://app.medisync.me/api/appointments/65f8a1b2c3d4e5f6789012ef" \
  -H "Authorization: Bearer <JWT>"
{
  "success": true
}

Overview

Permanently deletes an appointment. Access is owner-only: the appointment’s doctor_id must match the caller, otherwise a 403 Forbidden is returned.
This action is irreversible. The appointment and every document attached to it are permanently removed.

Authentication

Authorization
string
required
Bearer token for authenticated access.
Authorization: Bearer <JWT>

Path Parameters

id
string
required
Appointment ObjectId to delete. Owner-only. A malformed value fails with a 400 cast error.

Response

success
boolean
Whether the deletion succeeded. On success the body is { "success": true } with no data.

Example Request

curl -X DELETE "https://app.medisync.me/api/appointments/65f8a1b2c3d4e5f6789012ef" \
  -H "Authorization: Bearer <JWT>"

Example Response

{
  "success": true
}

Error Responses

{
  "success": false,
  "error": "Appointment not found"
}
{
  "success": false,
  "error": "Forbidden"
}
{
  "success": false,
  "error": "Cast to ObjectId failed for value \"abc\" (type string) at path \"_id\" for model \"Appointment\""
}
{
  "success": false,
  "message": "Unauthorized"
}
403 Forbidden is returned when the appointment is owned by a different doctor. A missing or invalid Bearer token returns 401 with a message key.

Side Effects

  • Every document attached to the appointment is cascade-deleted along with it.
  • Other appointments that share the same case_id are not affected.