> ## Documentation Index
> Fetch the complete documentation index at: https://docs.medisync.me/llms.txt
> Use this file to discover all available pages before exploring further.

# API Reference

> Reference for the MediSync Dashboard (REST) API

## Overview

The MediSync **Dashboard API** is a REST API for managing appointments, recordings, transcriptions, and AI-generated clinical notes and documents. All endpoints are JWT-authenticated and scoped to the authenticated doctor.

## API basics

<CardGroup cols={2}>
  <Card title="Base URL" icon="link">
    ```
    https://app.medisync.me/api/
    ```

    All endpoints are relative to this base URL.
  </Card>

  <Card title="Authentication" icon="shield-check">
    ```
    Authorization: Bearer YOUR_JWT_TOKEN
    ```

    A JWT is required for all protected endpoints.
  </Card>
</CardGroup>

## Core resources

<AccordionGroup>
  <Accordion icon="stethoscope" title="Appointments">
    Medical appointments with full lifecycle management.

    * `GET /appointments/doctors` — list the authenticated doctor's appointments
    * `POST /appointments/add` — create an appointment
    * `GET /appointments/get/{id}` — get one appointment

    Features: status tracking and the AI processing workflow.
  </Accordion>

  <Accordion icon="microphone" title="Recordings">
    Audio recordings attached to an appointment.

    * `POST /recordings/add/{appointmentId}` — upload a recording
    * `GET /recordings/{appointmentId}` — get an appointment's recording
    * `DELETE /recordings/{appointmentId}` — delete a recording

    Features: multi-format upload; automatic transcription.
  </Accordion>

  <Accordion icon="file-text" title="Notes">
    AI-generated clinical notes.

    * `POST /notes/add/{appointmentId}` — create/update notes
    * `GET /notes/{appointmentId}` — get clinical notes

    Features: structured (SOAP) clinical documentation.
  </Accordion>
</AccordionGroup>

## Request format

### Standard headers

```bash theme={null}
Content-Type: application/json
Authorization: Bearer YOUR_JWT_TOKEN
```

The user id is taken from the JWT — no separate user id parameter is required.

### File uploads

File-upload endpoints use `multipart/form-data`:

```bash theme={null}
curl -X POST https://app.medisync.me/api/recordings/add/665f8a1b2c3d4e5f6789012f3 \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -F "audio=@recording.wav"
```

## Response format

### Success

Most successful responses wrap the payload in a `data` field:

```json theme={null}
{
  "success": true,
  "data": {
    // resource or array of resources
  }
}
```

### Error

Error bodies are JSON. The shape depends on the layer: the auth middleware uses a `message` field, while route handlers use an `error` field. Platform messages are returned in **German**.

```json theme={null}
{
  "success": false,
  "error": "Appointment not found"
}
```

## Common patterns

### Resource relationships

```mermaid theme={null}
graph TD
    A[Doctor] --> C[Appointment]
    C --> D[Recording]
    C --> E[Transcription]
    C --> F[Notes]
    C --> G[Documents]
```

### Workflow

<Steps>
  <Step title="Create appointment">
    `POST /appointments/add`
  </Step>

  <Step title="Upload recording">
    `POST /recordings/add/{appointmentId}`
  </Step>

  <Step title="Get transcription">
    `GET /transcriptions/{appointmentId}`
  </Step>

  <Step title="Get notes">
    `GET /notes/{appointmentId}` — generated automatically from the transcription
  </Step>

  <Step title="Attach documents">
    `POST /documents/upload`
  </Step>
</Steps>

### Ownership

Every resource is scoped to the authenticated doctor. Requesting a resource you do not own returns `403 Forbidden`; an unknown id returns `404`.

## Status codes

| Code | Meaning               | Usage                                        |
| ---- | --------------------- | -------------------------------------------- |
| 200  | OK                    | Successful GET, POST, PUT, DELETE            |
| 201  | Created               | Registration                                 |
| 400  | Bad Request           | Validation error, malformed id               |
| 401  | Unauthorized          | Missing, invalid, or revoked token           |
| 403  | Forbidden             | Not the owner, or subscription required      |
| 404  | Not Found             | Resource does not exist                      |
| 409  | Conflict              | Duplicate resource (e.g. slot already taken) |
| 429  | Too Many Requests     | Rate limit exceeded (login)                  |
| 500  | Internal Server Error | Unexpected server-side error                 |

## Health check

Verify API connectivity (no authentication required):

```bash theme={null}
curl -X GET https://app.medisync.me/api
```

```json theme={null}
{ "status": "ok" }
```

## Rate limiting

Only the login endpoint is rate limited (10 attempts / 15 minutes per email). Other endpoints are not rate limited, but you should still implement sensible retry/backoff and handle `429` responses defensively.

## Support

<Card title="Support" icon="life-ring" href="mailto:support@medisync.me">
  Technical support and integration help — [support@medisync.me](mailto:support@medisync.me)
</Card>

## Next steps

<CardGroup cols={2}>
  <Card title="Authentication" icon="key" href="/authentication">
    How to authenticate and obtain a token.
  </Card>

  <Card title="Quickstart" icon="rocket" href="/quickstart">
    A complete walkthrough from login to AI-generated notes.
  </Card>
</CardGroup>
