Skip to main content
GET
/
documents
/
{id}
curl -X GET \
  'https://app.medisync.me/api/documents/665e0b9d3f2a1c4d8e7f0a12' \
  -H 'Authorization: Bearer your_jwt_token_here'
const response = await fetch(
  'https://app.medisync.me/api/documents/665e0b9d3f2a1c4d8e7f0a12',
  {
    method: 'GET',
    headers: { Authorization: 'Bearer your_jwt_token_here' },
  }
);

const result = await response.json();
import requests

response = requests.get(
    'https://app.medisync.me/api/documents/665e0b9d3f2a1c4d8e7f0a12',
    headers={'Authorization': 'Bearer your_jwt_token_here'},
)

result = response.json()
{
  "success": true,
  "data": [
    {
      "_id": "66a3f1c2b8e4d21f9c0a7b31",
      "appointment_id": "665e0b9d3f2a1c4d8e7f0a12",
      "document_url": "https://storage.medisync.me/665e0b9d3f2a1c4d8e7f0a12_1719920400000_lab_results.pdf",
      "document_key": "665e0b9d3f2a1c4d8e7f0a12_1719920400000_lab_results.pdf",
      "doctor_id": "6512a7c9e4b0a1f2d3c45678",
      "file_name": "lab_results.pdf",
      "title": "lab_results.pdf",
      "file_type": "pdf",
      "mime_type": "application/pdf",
      "source": "upload",
      "extraction_status": "done",
      "include_in_context": true,
      "createdAt": "2026-07-02T14:30:00.000Z",
      "updatedAt": "2026-07-02T14:31:12.000Z",
      "__v": 0
    }
  ]
}
{
  "success": true,
  "data": []
}

Overview

Returns the documents attached to a specific appointment that are owned by the authenticated doctor. The query is scoped to both the appointment ID and the calling doctor, so documents attached by another doctor are not returned. The response is always an array. If nothing matches, it returns 200 with an empty data array.
This is a read endpoint and is not plan-gated: it keeps working even for accounts that do not have the documents.attach_additional feature, so previously attached documents remain accessible.

Authentication

Authorization
string
required
Bearer token for authenticated access. The doctor’s ID is extracted from the JWT token and used to scope results.
Authorization: Bearer your_jwt_token_here

Path Parameters

id
string
required
The appointment ID (ObjectId) whose documents should be listed. Only documents owned by the authenticated doctor are returned.

Response

success
boolean
Whether the request was successful
data
array
Array of document records owned by the authenticated doctor on this appointment. Empty when none match.
error
string
Error message (only present when success is false)
Additional fields may be present on each document object and should be treated as opaque. There is no pagination and no guaranteed sort order.

Example Request

curl -X GET \
  'https://app.medisync.me/api/documents/665e0b9d3f2a1c4d8e7f0a12' \
  -H 'Authorization: Bearer your_jwt_token_here'
const response = await fetch(
  'https://app.medisync.me/api/documents/665e0b9d3f2a1c4d8e7f0a12',
  {
    method: 'GET',
    headers: { Authorization: 'Bearer your_jwt_token_here' },
  }
);

const result = await response.json();
import requests

response = requests.get(
    'https://app.medisync.me/api/documents/665e0b9d3f2a1c4d8e7f0a12',
    headers={'Authorization': 'Bearer your_jwt_token_here'},
)

result = response.json()

Example Response

{
  "success": true,
  "data": [
    {
      "_id": "66a3f1c2b8e4d21f9c0a7b31",
      "appointment_id": "665e0b9d3f2a1c4d8e7f0a12",
      "document_url": "https://storage.medisync.me/665e0b9d3f2a1c4d8e7f0a12_1719920400000_lab_results.pdf",
      "document_key": "665e0b9d3f2a1c4d8e7f0a12_1719920400000_lab_results.pdf",
      "doctor_id": "6512a7c9e4b0a1f2d3c45678",
      "file_name": "lab_results.pdf",
      "title": "lab_results.pdf",
      "file_type": "pdf",
      "mime_type": "application/pdf",
      "source": "upload",
      "extraction_status": "done",
      "include_in_context": true,
      "createdAt": "2026-07-02T14:30:00.000Z",
      "updatedAt": "2026-07-02T14:31:12.000Z",
      "__v": 0
    }
  ]
}
{
  "success": true,
  "data": []
}

Error Responses

{
  "success": false,
  "error": "Error fetching documents by appointment ID"
}
{
  "success": false,
  "message": "Unauthorized"
}