> ## Documentation Index
> Fetch the complete documentation index at: https://docs.medisync.me/llms.txt
> Use this file to discover all available pages before exploring further.

# Get Documents by Doctor

> List all documents owned by your own account

## Overview

Returns every document owned by the authenticated doctor, across all appointments. This is effectively a "list all my documents" endpoint.

Access is **self-only**: the `id` in the path must equal the authenticated user's own ID. Any other value returns `403 Forbidden` — you cannot view another doctor's documents.

<Info>
  This is a read endpoint and is **not** plan-gated. The result is a single array with no pagination and no guaranteed sort order.
</Info>

## Authentication

<ParamField header="Authorization" type="string" required>
  Bearer token for authenticated access. The doctor's ID is extracted from the JWT token and must match the path `id`.

  ```
  Authorization: Bearer your_jwt_token_here
  ```
</ParamField>

## Path Parameters

<ParamField path="id" type="string" required>
  Must equal the authenticated user's own ID (ObjectId). Any other value returns `403 Forbidden`.
</ParamField>

## Response

<ResponseField name="success" type="boolean">
  Whether the request was successful
</ResponseField>

<ResponseField name="data" type="array">
  Array of all document records owned by the authenticated doctor. Empty when the doctor has no documents.

  <Expandable title="Document Object">
    <ResponseField name="_id" type="string">
      Unique document identifier (ObjectId)
    </ResponseField>

    <ResponseField name="appointment_id" type="string">
      The appointment this document is attached to
    </ResponseField>

    <ResponseField name="document_url" type="string">
      Opaque storage URL for the document
    </ResponseField>

    <ResponseField name="document_key" type="string">
      Storage key. Format: `{appointment_id}_{timestamp}_{original_filename}`
    </ResponseField>

    <ResponseField name="doctor_id" type="string">
      ObjectId of the owning doctor (equal to your own ID)
    </ResponseField>

    <ResponseField name="file_name" type="string">
      Original filename of the document
    </ResponseField>

    <ResponseField name="title" type="string">
      Display title (defaults to the original filename)
    </ResponseField>

    <ResponseField name="file_type" type="string">
      Inferred short file type (e.g. `pdf`, `png`, `jpeg`, `webp`)
    </ResponseField>

    <ResponseField name="mime_type" type="string">
      MIME type of the stored file
    </ResponseField>

    <ResponseField name="source" type="string">
      Origin of the document (e.g. `upload`)
    </ResponseField>

    <ResponseField name="extraction_status" type="string">
      Text-extraction state (e.g. `pending`, `done`)
    </ResponseField>

    <ResponseField name="include_in_context" type="boolean">
      Whether the document is included when building context
    </ResponseField>

    <ResponseField name="createdAt" type="string">
      Creation timestamp (ISO 8601)
    </ResponseField>

    <ResponseField name="updatedAt" type="string">
      Last-update timestamp (ISO 8601)
    </ResponseField>

    <ResponseField name="__v" type="number">
      Internal record version
    </ResponseField>
  </Expandable>
</ResponseField>

<ResponseField name="error" type="string">
  Error message (only present when `success` is `false`)
</ResponseField>

<Note>
  Additional fields may be present on each document object and should be treated as opaque.
</Note>

## Example Request

<RequestExample>
  ```bash cURL theme={null}
  curl -X GET \
    'https://app.medisync.me/api/documents/doctor/6512a7c9e4b0a1f2d3c45678' \
    -H 'Authorization: Bearer your_jwt_token_here'
  ```

  ```javascript JavaScript theme={null}
  const response = await fetch(
    'https://app.medisync.me/api/documents/doctor/6512a7c9e4b0a1f2d3c45678',
    {
      method: 'GET',
      headers: { Authorization: 'Bearer your_jwt_token_here' },
    }
  );

  const result = await response.json();
  ```

  ```python Python theme={null}
  import requests

  response = requests.get(
      'https://app.medisync.me/api/documents/doctor/6512a7c9e4b0a1f2d3c45678',
      headers={'Authorization': 'Bearer your_jwt_token_here'},
  )

  result = response.json()
  ```
</RequestExample>

## Example Response

<ResponseExample>
  ```json Response theme={null}
  {
    "success": true,
    "data": [
      {
        "_id": "66a3f1c2b8e4d21f9c0a7b31",
        "appointment_id": "665e0b9d3f2a1c4d8e7f0a12",
        "document_url": "https://storage.medisync.me/665e0b9d3f2a1c4d8e7f0a12_1719920400000_lab_results.pdf",
        "document_key": "665e0b9d3f2a1c4d8e7f0a12_1719920400000_lab_results.pdf",
        "doctor_id": "6512a7c9e4b0a1f2d3c45678",
        "file_name": "lab_results.pdf",
        "title": "lab_results.pdf",
        "file_type": "pdf",
        "mime_type": "application/pdf",
        "source": "upload",
        "extraction_status": "done",
        "include_in_context": true,
        "createdAt": "2026-07-02T14:30:00.000Z",
        "updatedAt": "2026-07-02T14:31:12.000Z",
        "__v": 0
      }
    ]
  }
  ```

  ```json Empty result theme={null}
  {
    "success": true,
    "data": []
  }
  ```
</ResponseExample>

## Error Responses

<ResponseExample>
  ```json 403 Requesting another doctor's documents theme={null}
  {
    "success": false,
    "error": "Forbidden"
  }
  ```

  ```json 400 Query error theme={null}
  {
    "success": false,
    "error": "Error fetching documents by doctor ID"
  }
  ```

  ```json 401 Unauthorized theme={null}
  {
    "success": false,
    "message": "Unauthorized"
  }
  ```
</ResponseExample>
