Overview
The MediSync Dashboard API is a REST API for managing appointments, recordings, transcriptions, and AI-generated clinical notes and documents. All endpoints are JWT-authenticated and scoped to the authenticated doctor.API basics
Base URL
Authentication
Core resources
Appointments
Appointments
Medical appointments with full lifecycle management.
GET /appointments/doctors— list the authenticated doctor’s appointmentsPOST /appointments/add— create an appointmentGET /appointments/get/{id}— get one appointment
Recordings
Recordings
Audio recordings attached to an appointment.
POST /recordings/add/{appointmentId}— upload a recordingGET /recordings/{appointmentId}— get an appointment’s recordingDELETE /recordings/{appointmentId}— delete a recording
Notes
Notes
AI-generated clinical notes.
POST /notes/add/{appointmentId}— create/update notesGET /notes/{appointmentId}— get clinical notes
Request format
Standard headers
File uploads
File-upload endpoints usemultipart/form-data:
Response format
Success
Most successful responses wrap the payload in adata field:
Error
Error bodies are JSON. The shape depends on the layer: the auth middleware uses amessage field, while route handlers use an error field. Platform messages are returned in German.
Common patterns
Resource relationships
Workflow
Ownership
Every resource is scoped to the authenticated doctor. Requesting a resource you do not own returns403 Forbidden; an unknown id returns 404.
Status codes
| Code | Meaning | Usage |
|---|---|---|
| 200 | OK | Successful GET, POST, PUT, DELETE |
| 201 | Created | Registration |
| 400 | Bad Request | Validation error, malformed id |
| 401 | Unauthorized | Missing, invalid, or revoked token |
| 403 | Forbidden | Not the owner, or subscription required |
| 404 | Not Found | Resource does not exist |
| 409 | Conflict | Duplicate resource (e.g. slot already taken) |
| 429 | Too Many Requests | Rate limit exceeded (login) |
| 500 | Internal Server Error | Unexpected server-side error |
Health check
Verify API connectivity (no authentication required):Rate limiting
Only the login endpoint is rate limited (10 attempts / 15 minutes per email). Other endpoints are not rate limited, but you should still implement sensible retry/backoff and handle429 responses defensively.
Support
Support
Technical support and integration help — support@medisync.me
Next steps
Authentication
How to authenticate and obtain a token.
Quickstart
A complete walkthrough from login to AI-generated notes.