> ## Documentation Index
> Fetch the complete documentation index at: https://docs.medisync.me/llms.txt
> Use this file to discover all available pages before exploring further.

# Download Medical Document

> Download the document file attached to an appointment

## Overview

Returns the raw file bytes of a document attached to an appointment. The lookup is keyed by appointment ID and scoped to the authenticated doctor, returning the first document on that appointment owned by the caller.

The response `Content-Type` reflects the stored file's MIME type, so this endpoint serves PDFs **and** images (`application/pdf`, `image/png`, `image/jpeg`, `image/webp`).

<Info>
  This is a read endpoint and is **not** plan-gated. A document owned by another doctor is treated as not found (`404`).
</Info>

## Authentication

<ParamField header="Authorization" type="string" required>
  Bearer token for authenticated access. The doctor's ID is extracted from the JWT token and used to scope the lookup.

  ```
  Authorization: Bearer your_jwt_token_here
  ```
</ParamField>

## Path Parameters

<ParamField path="id" type="string" required>
  The appointment ID (ObjectId). Returns the first document on that appointment owned by the authenticated doctor.
</ParamField>

## Response

On success the endpoint returns the file bytes (not JSON) with download headers.

<ResponseField name="Content-Type" type="header">
  The stored file's MIME type — e.g. `application/pdf`, `image/png`, `image/jpeg`, `image/webp`.
</ResponseField>

<ResponseField name="Content-Disposition" type="header">
  Attachment header. The filename is derived from the storage key with the leading appointment-ID segment removed; it still includes the timestamp segment (e.g. `1719920400000_lab_results.pdf`).
</ResponseField>

On error the endpoint returns JSON:

<ResponseField name="success" type="boolean">
  Always `false` for errors
</ResponseField>

<ResponseField name="error" type="string">
  Error message describing what went wrong
</ResponseField>

## Example Request

<RequestExample>
  ```bash cURL theme={null}
  curl -X GET \
    'https://app.medisync.me/api/documents/get/665e0b9d3f2a1c4d8e7f0a12' \
    -H 'Authorization: Bearer your_jwt_token_here' \
    --output document.pdf
  ```

  ```javascript JavaScript theme={null}
  const response = await fetch(
    'https://app.medisync.me/api/documents/get/665e0b9d3f2a1c4d8e7f0a12',
    {
      method: 'GET',
      headers: { Authorization: 'Bearer your_jwt_token_here' },
    }
  );

  if (response.ok) {
    const blob = await response.blob();
    const url = window.URL.createObjectURL(blob);
    const a = document.createElement('a');
    a.href = url;
    a.download = 'document.pdf';
    a.click();
  }
  ```

  ```python Python theme={null}
  import requests

  response = requests.get(
      'https://app.medisync.me/api/documents/get/665e0b9d3f2a1c4d8e7f0a12',
      headers={'Authorization': 'Bearer your_jwt_token_here'},
  )

  if response.status_code == 200:
      with open('document.pdf', 'wb') as f:
          f.write(response.content)
  ```
</RequestExample>

## Example Response

<ResponseExample>
  ```http Success (headers + body) theme={null}
  HTTP/1.1 200 OK
  Content-Type: application/pdf
  Content-Disposition: attachment; filename="1719920400000_lab_results.pdf"

  <binary file bytes>
  ```
</ResponseExample>

## Error Responses

<ResponseExample>
  ```json 404 Document not found (or not owned by caller) theme={null}
  {
    "success": false,
    "error": "Document not found"
  }
  ```

  ```json 500 Empty/missing object in storage theme={null}
  {
    "success": false,
    "error": "Failed to retrieve document content from storage"
  }
  ```

  ```json 500 Retrieval error theme={null}
  {
    "success": false,
    "error": "Error retrieving document"
  }
  ```

  ```json 401 Unauthorized theme={null}
  {
    "success": false,
    "message": "Unauthorized"
  }
  ```
</ResponseExample>
