Skip to main content
DELETE
/
notes
/
{id}
curl -X DELETE \
  'https://app.medisync.me/api/notes/665f1c2a9b1e8a0012ab34cd' \
  -H 'Authorization: Bearer your_jwt_token_here'
const response = await fetch(
  'https://app.medisync.me/api/notes/665f1c2a9b1e8a0012ab34cd',
  {
    method: 'DELETE',
    headers: {
      'Authorization': 'Bearer your_jwt_token_here'
    }
  }
);

const result = await response.json();
import requests

response = requests.delete(
    'https://app.medisync.me/api/notes/665f1c2a9b1e8a0012ab34cd',
    headers={
        'Authorization': 'Bearer your_jwt_token_here'
    }
)

result = response.json()
{
  "success": true
}

Overview

Delete a notes document by its own ID. This performs a permanent (hard) deletion of the notes record.
Permanent deletion: This operation permanently removes the notes document. It cannot be undone.
The path parameter is the notes document ID, not the appointment ID. Ownership is verified through the note’s appointment: if the note belongs to an appointment owned by another doctor, the request returns 403 Forbidden and nothing is deleted.

Authentication

Authorization
string
required
Bearer token for authenticated access. The doctor (user) identity is taken from the JWT.
Authorization: Bearer your_jwt_token_here
A missing or invalid token returns 401 with a message field. See Error Responses.

Path Parameters

id
string
required
Notes document ID (MongoDB ObjectId, 24 hex characters) to delete — not the appointment ID.

Response

success
boolean
Indicates whether the operation succeeded.
error
string
Error message (only present when success is false).

Example Request

curl -X DELETE \
  'https://app.medisync.me/api/notes/665f1c2a9b1e8a0012ab34cd' \
  -H 'Authorization: Bearer your_jwt_token_here'
const response = await fetch(
  'https://app.medisync.me/api/notes/665f1c2a9b1e8a0012ab34cd',
  {
    method: 'DELETE',
    headers: {
      'Authorization': 'Bearer your_jwt_token_here'
    }
  }
);

const result = await response.json();
import requests

response = requests.delete(
    'https://app.medisync.me/api/notes/665f1c2a9b1e8a0012ab34cd',
    headers={
        'Authorization': 'Bearer your_jwt_token_here'
    }
)

result = response.json()

Example Response

{
  "success": true
}

Error Responses

{
  "success": false,
  "message": "Unauthorized"
}
{
  "success": false,
  "message": "Session ended on this device because you signed in elsewhere.",
  "code": "SESSION_REVOKED"
}
{
  "success": false,
  "error": "Forbidden"
}
{
  "success": false,
  "error": "Cast to ObjectId failed for value \"xyz\" (type string) at path \"_id\" for model \"Notes\""
}

Behavior Notes

  • Idempotent: Deleting a notes document that does not exist (already gone) returns 200 { "success": true }. There is no 404 for delete.
  • Ownership check: If the note is found and its appointment is owned by a different doctor, the request returns 403 Forbidden without deleting.
  • Hard delete: Records are removed permanently. There is no soft delete and no cascade to associated appointments or other records.
  • 400 responses: Generic failures — such as a malformed ObjectId — are returned as 400 with the underlying error message in the error field.

Status Codes

  • 200 — Notes deleted, or already absent (idempotent).
  • 400 — Invalid ID or server error.
  • 401 — Missing, invalid, or revoked authentication token.
  • 403 — Note belongs to an appointment owned by another doctor.