Skip to main content
POST
/
appointments
/
update
/
{id}
curl -X POST "https://app.medisync.me/api/appointments/update/65f8a1b2c3d4e5f6789012ef" \
  -H "Authorization: Bearer <JWT>" \
  -H "Content-Type: application/json" \
  -d '{
    "status": "finished",
    "notes": "Konsultation abgeschlossen"
  }'
{
  "success": true,
  "data": {
    "_id": "65f8a1b2c3d4e5f6789012ef",
    "name": "Allgemeine Beratung",
    "date": "2026-07-15T00:00:00.000Z",
    "time": "14:30",
    "status": "finished",
    "error_reason": null,
    "doctor_id": "65f0a1b2c3d4e5f678901234",
    "notes": "Konsultation abgeschlossen",
    "language": "de",
    "notes_type": null,
    "appointment_type": "in_person",
    "room": null,
    "duration_minutes": 30,
    "deletionDate": "2026-07-29T00:00:00.000Z",
    "booking_status": "none",
    "booking": null,
    "createdAt": "2026-07-02T09:12:00.000Z",
    "updatedAt": "2026-07-02T10:20:00.000Z",
    "__v": 0
  }
}

Overview

Updates an existing appointment. Access is owner-only: the appointment’s doctor_id must match the caller, otherwise a 403 Forbidden is returned. Ownership cannot be changed — any doctor_id sent in the body is ignored.
Most fields use a fallback assignment (value || existing), so sending an empty or falsy value does not overwrite the current value — for example notes cannot be cleared with "". Only room, error_reason and doctor_note can be explicitly cleared.

Authentication

Authorization
string
required
Bearer token for authenticated access.
Authorization: Bearer <JWT>

Path Parameters

id
string
required
Appointment ObjectId to update. Owner-only.

Body Parameters

name
string
New title. A falsy value is ignored.
date
string
New date. Blocked with 409 on externally-synced appointments.
time
string
New time. Blocked with 409 on externally-synced appointments.
duration_minutes
number
Duration in minutes, 5480; otherwise 400. Blocked with 409 on externally-synced appointments.
status
string
Recording lifecycle status. Status transitions are timestamped internally.
error_reason
string
Failure reason. Unlike most fields, this can be explicitly cleared to null or an empty string.
recording_id
string
Recording id. A falsy value is ignored.
recording_url
string
Recording URL. A falsy value is ignored.
recording_key
string
Recording storage key. A falsy value is ignored.
notes
string
Private clinical notes. A falsy value is ignored (cannot be cleared with "").
language
string
Language code. A falsy value is ignored.
notes_type
string
Notes template key. A falsy value is ignored.
appointment_type
string
Appointment type. A falsy value is ignored.
room
string
Room / location label. An empty string clears it to null. Independent of the external-readonly guard.
doctor_note
string
Patient-facing note. Only applied when the appointment already has a booking.

Response

success
boolean
Whether the request succeeded.
data
object
The updated appointment object (same shape as Get Appointment).
Additional fields may appear on the appointment object. Treat any field not documented here as opaque.

Example Request

curl -X POST "https://app.medisync.me/api/appointments/update/65f8a1b2c3d4e5f6789012ef" \
  -H "Authorization: Bearer <JWT>" \
  -H "Content-Type: application/json" \
  -d '{
    "status": "finished",
    "notes": "Konsultation abgeschlossen"
  }'

Example Response

{
  "success": true,
  "data": {
    "_id": "65f8a1b2c3d4e5f6789012ef",
    "name": "Allgemeine Beratung",
    "date": "2026-07-15T00:00:00.000Z",
    "time": "14:30",
    "status": "finished",
    "error_reason": null,
    "doctor_id": "65f0a1b2c3d4e5f678901234",
    "notes": "Konsultation abgeschlossen",
    "language": "de",
    "notes_type": null,
    "appointment_type": "in_person",
    "room": null,
    "duration_minutes": 30,
    "deletionDate": "2026-07-29T00:00:00.000Z",
    "booking_status": "none",
    "booking": null,
    "createdAt": "2026-07-02T09:12:00.000Z",
    "updatedAt": "2026-07-02T10:20:00.000Z",
    "__v": 0
  }
}

Error Responses

{
  "success": false,
  "error": "Appointment not found"
}
{
  "success": false,
  "error": "Forbidden"
}
{
  "success": false,
  "code": "EXTERNAL_APPOINTMENT_READONLY",
  "error": "Externally synced appointments cannot be rescheduled here"
}
{
  "success": false,
  "error": "duration_minutes must be between 5 and 480"
}
{
  "success": false,
  "message": "Unauthorized"
}
EXTERNAL_APPOINTMENT_READONLY is returned when the appointment was synced from an external booking system and the request tries to change its date, time or duration_minutes. 403 Forbidden is returned when the appointment is owned by a different doctor. A missing or invalid Bearer token returns 401 with a message key.