Skip to main content

Overview

The MediSync Dashboard API is a REST API for managing appointments, recordings, transcriptions, and AI-generated clinical notes and documents. All endpoints are JWT-authenticated and scoped to the authenticated doctor.

API basics

Base URL

https://app.medisync.me/api/
All endpoints are relative to this base URL.

Authentication

Authorization: Bearer YOUR_JWT_TOKEN
A JWT is required for all protected endpoints.

Core resources

Medical appointments with full lifecycle management.
  • GET /appointments/doctors — list the authenticated doctor’s appointments
  • POST /appointments/add — create an appointment
  • GET /appointments/get/{id} — get one appointment
Features: status tracking and the AI processing workflow.
Audio recordings attached to an appointment.
  • POST /recordings/add/{appointmentId} — upload a recording
  • GET /recordings/{appointmentId} — get an appointment’s recording
  • DELETE /recordings/{appointmentId} — delete a recording
Features: multi-format upload; automatic transcription.
AI-generated clinical notes.
  • POST /notes/add/{appointmentId} — create/update notes
  • GET /notes/{appointmentId} — get clinical notes
Features: structured (SOAP) clinical documentation.

Request format

Standard headers

Content-Type: application/json
Authorization: Bearer YOUR_JWT_TOKEN
The user id is taken from the JWT — no separate user id parameter is required.

File uploads

File-upload endpoints use multipart/form-data:
curl -X POST https://app.medisync.me/api/recordings/add/665f8a1b2c3d4e5f6789012f3 \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -F "audio=@recording.wav"

Response format

Success

Most successful responses wrap the payload in a data field:
{
  "success": true,
  "data": {
    // resource or array of resources
  }
}

Error

Error bodies are JSON. The shape depends on the layer: the auth middleware uses a message field, while route handlers use an error field. Platform messages are returned in German.
{
  "success": false,
  "error": "Appointment not found"
}

Common patterns

Resource relationships

Workflow

1

Create appointment

POST /appointments/add
2

Upload recording

POST /recordings/add/{appointmentId}
3

Get transcription

GET /transcriptions/{appointmentId}
4

Get notes

GET /notes/{appointmentId} — generated automatically from the transcription
5

Attach documents

POST /documents/upload

Ownership

Every resource is scoped to the authenticated doctor. Requesting a resource you do not own returns 403 Forbidden; an unknown id returns 404.

Status codes

CodeMeaningUsage
200OKSuccessful GET, POST, PUT, DELETE
201CreatedRegistration
400Bad RequestValidation error, malformed id
401UnauthorizedMissing, invalid, or revoked token
403ForbiddenNot the owner, or subscription required
404Not FoundResource does not exist
409ConflictDuplicate resource (e.g. slot already taken)
429Too Many RequestsRate limit exceeded (login)
500Internal Server ErrorUnexpected server-side error

Health check

Verify API connectivity (no authentication required):
curl -X GET https://app.medisync.me/api
{ "status": "ok" }

Rate limiting

Only the login endpoint is rate limited (10 attempts / 15 minutes per email). Other endpoints are not rate limited, but you should still implement sensible retry/backoff and handle 429 responses defensively.

Support

Support

Technical support and integration help — support@medisync.me

Next steps

Authentication

How to authenticate and obtain a token.

Quickstart

A complete walkthrough from login to AI-generated notes.