> ## Documentation Index
> Fetch the complete documentation index at: https://docs.medisync.me/llms.txt
> Use this file to discover all available pages before exploring further.

# Get Notes by Appointment

> Retrieve the notes stored for an appointment

## Overview

Retrieve the notes associated with a specific appointment. The system stores a single notes document per appointment, so in practice the returned array holds either zero or one element. When the appointment exists and is owned by the caller but has no notes yet, an empty array is returned.

<Note>
  This operation is scoped to the owning doctor. The appointment identified by `{id}` must belong to the authenticated user. A request for an appointment you do not own returns `403 Forbidden`, and an unknown appointment returns `404 Appointment not found` (not an empty array).
</Note>

## Authentication

<ParamField header="Authorization" type="string" required>
  Bearer token for authenticated access. The doctor (user) identity is taken from the JWT.

  ```
  Authorization: Bearer your_jwt_token_here
  ```
</ParamField>

A missing or invalid token returns `401` with a `message` field. See [Error Responses](#error-responses).

## Path Parameters

<ParamField path="id" type="string" required>
  Appointment ID (MongoDB ObjectId, 24 hex characters) whose notes to retrieve. Must be owned by the authenticated doctor.
</ParamField>

## Response

<ResponseField name="success" type="boolean">
  Indicates whether the operation succeeded.
</ResponseField>

<ResponseField name="data" type="array">
  Array of notes documents for the appointment. Holds 0 or 1 element in practice.

  <Expandable title="notes object properties">
    <ResponseField name="_id" type="string">
      Unique identifier for the notes document (MongoDB ObjectId).
    </ResponseField>

    <ResponseField name="appointment_id" type="string">
      The appointment ID these notes belong to.
    </ResponseField>

    <ResponseField name="notes" type="string">
      The clinical notes content.
    </ResponseField>

    <ResponseField name="summary" type="string">
      Summary of the notes.
    </ResponseField>

    <ResponseField name="citations" type="array">
      Citation objects, or `null` when none are present.
    </ResponseField>

    <ResponseField name="createdAt" type="string">
      ISO 8601 timestamp when the notes were created.
    </ResponseField>

    <ResponseField name="updatedAt" type="string">
      ISO 8601 timestamp when the notes were last updated.
    </ResponseField>
  </Expandable>
</ResponseField>

<ResponseField name="error" type="string">
  Error message (only present when `success` is `false`).
</ResponseField>

<Note>
  Each notes object may contain additional fields beyond those listed above. Treat any unlisted fields as opaque.
</Note>

## Example Request

<RequestExample>
  ```bash cURL theme={null}
  curl -X GET \
    'https://app.medisync.me/api/notes/664e0b1f7c2a5e0011fa9911' \
    -H 'Authorization: Bearer your_jwt_token_here'
  ```

  ```javascript JavaScript theme={null}
  const response = await fetch(
    'https://app.medisync.me/api/notes/664e0b1f7c2a5e0011fa9911',
    {
      method: 'GET',
      headers: {
        'Authorization': 'Bearer your_jwt_token_here'
      }
    }
  );

  const result = await response.json();
  ```

  ```python Python theme={null}
  import requests

  response = requests.get(
      'https://app.medisync.me/api/notes/664e0b1f7c2a5e0011fa9911',
      headers={
          'Authorization': 'Bearer your_jwt_token_here'
      }
  )

  result = response.json()
  ```
</RequestExample>

## Example Response

<ResponseExample>
  ```json Notes found theme={null}
  {
    "success": true,
    "data": [
      {
        "_id": "665f1c2a9b1e8a0012ab34cd",
        "appointment_id": "664e0b1f7c2a5e0011fa9911",
        "notes": "Patient presented with chest pain. EKG normal.",
        "summary": "Chest pain, normal findings",
        "citations": null,
        "createdAt": "2026-06-30T10:30:00.000Z",
        "updatedAt": "2026-06-30T11:15:00.000Z"
      }
    ]
  }
  ```

  ```json No notes yet theme={null}
  {
    "success": true,
    "data": []
  }
  ```
</ResponseExample>

## Error Responses

<ResponseExample>
  ```json 401 Unauthorized (missing/invalid token) theme={null}
  {
    "success": false,
    "message": "Unauthorized"
  }
  ```

  ```json 401 Unauthorized (session revoked) theme={null}
  {
    "success": false,
    "message": "Session ended on this device because you signed in elsewhere.",
    "code": "SESSION_REVOKED"
  }
  ```

  ```json 403 Forbidden (not appointment owner) theme={null}
  {
    "success": false,
    "error": "Forbidden"
  }
  ```

  ```json 404 Appointment not found theme={null}
  {
    "success": false,
    "error": "Appointment not found"
  }
  ```
</ResponseExample>

## Status Codes

* **200** — Notes retrieved successfully (including an empty array when no notes exist).
* **401** — Missing, invalid, or revoked authentication token.
* **403** — Authenticated user does not own the appointment.
* **404** — Appointment not found.
