This overview will explain the basic guidelines and conventions of the Dock Health API. It contains all the necessary instructions and examples to get you up and running with Dock Health.
The Dock Health API follows standard REST conventions. While the examples shown here use cURL, the API is accessible using any convenient HTTPS client library in the programming language of your choice.
Integrating Dock Health into your application begins with the creation of your initial Dock Health user account at: https://app.dock.health. Creation of the account will require a business email address, password, mobile phone for two-factor authentication via SMS, and your organization's domain and name.
This account will function as your initial account owner, so you should use an email address and phone appropriate for administrative accounts. The organization name can be any name of your choosing but must be unique across all of Dock Health. For this reason, we recommend that you use your organization's domain name.
IMPORTANT: Make a note of the domain
and email
address used to create your account in Dock Health.
IMPORTANT: You will need them to continue provisioning your developer account!
Once this initial account is set up, you can use the API to create additional organizations and users.
Dock Health authenticates your requests using your developer API keys, which consist of an api_key
, client_id
and a
client_secret
.
Email Dock Health at mailto://support@dock.health to request your keys. You will need to supply the domain and email of the account you created in Step 1.
To protect your data, make sure to keep your API keys private -- do not share them via email or messaging, and do not
commit them to any source code repositories. Dock Health recommends creating API_KEY
, CLIENT_ID
, andCLIENT_SECRET
environment variables in your development and deployment environments and referencing those environment variables in
your code.
Dock Health supports two environments. Use the DEVELOPMENT
environment to test your code and the PRODUCTION
environment for your live application. To make changing environments easier, we recommend creating two additional
environment variables:
AUTH_URL
should be set to the Dock Health Authorization server URL appropriate for your environment:- DEVELOPMENT: https://partner-auth-dev.dockhealth.app
- PRODUCTION: https://partner-auth.dock.health
API_URL
should be set to the Dock Health API server URL appropriate for your environment:- DEVELOPMENT: https://partner-api-dev.dockhealth.app
- PRODUCTION: https://partner-api.dock.health
Each request you make to the Dock Health API requires you to supply an Authorization token. The request must contain three elements:
- The
client_id
you requested in Step 2. - The
client_secret
you requested in Step 2. - The scope(s) of the request. These must be one or more of the following and will be explained in detail later:
system.developer.read
- Read developer info as the system account.system.org.read
- Read org info as the system account.system.user.read
- Read user info as the system account.user.all.read
- Read data accessible by the specified user.user.all.write
- Write data accessible by the specified user.patient.all.read
- Read data associated with the specified patient.patient.all.write
- Write data associated with the specified patient.
Example Authorization Request:
curl --request POST \
--url $AUTH_URL/oauth2/token \
--data grant_type=client_credentials \
--data client_id=7g6n9c10zl2ktkd52vff8glfln \
--data client_secret=2hafgq78dbhqal73tgs003345getyyuldggh54dsgfsjg563amo \
--data scope="dockhealth/system.developer.read dockhealth/system.developer.write"
IMPORTANT: Multiple scopes must be separated by a single space!
Example Authorization Response:
{
"access_token": "eyJraWQiOiJyYTAraGdJUlhDTEZJNlNKY0ladjNMdmVITUJoTDJhbGciOiJSUzI1NiJ9.eyJzdWIiOiI2aHBvdGkzMWNpOWpmcjY2VzcyIsInNjb3BlIjoiaHR0cHM6XC9cL2ludGVybmFsLWFwaS1kZXYuZG9ja2hlYWx0aC5hcHBcL2FsbC5yZWFkIiwiYXV0aF90aW1lIjoxNjA0NTI3MjQ5LCJpc3MiOiJodHRwczpcL1wvY29nbml0by1pZHAudXMtZWFzdC0xLmFtYXpvbmF3cy5jb21cL3VzLWVhc3QtMV8wRTRnSW12S1oiLCJleHAiOjE2MDQ1Mjc1NDksImlhdCI6MTYwNDUyNzI0OSwidmVyc2lvbiI6MiwianRpIjoiM2E5OGEwMzYtNTJjYy00OGI4LWFkN2ItZDY4OWIxOTFjNmY3IiwiY2xpZW50X2lkIjoiNmhwb3RpMzFjaTlqZnBpc3NpZjl0a2x1bG4ifQ.BefiIDU8X4Miqb7c_BsrO0XBGOUiPbau8qF6ka0s_0diTPoI5Na6R31-ZZxgoJhgowJfrGGjbjCl2wILRqWe0CWKLdwe2y4mAixW7c7RC44tH2VV1IMMYz5E7jPkQaxay-9JWHwoujwKYnky1mEB4ZLNkHxIe4bcUeQT5CXtllvgzaQltY51h16vO3PtC0DRpXmrj0lmGlcw23spkh5pyAMIkdQLiyMGLDE-TeiNnew1-9lRPUBVSLuJjtUCSOneLVGeW5MI63_sWdj1kSvuq1V2tdeTJOdrWOz93fhog7P8sGcv39XUgVit0TQonaMfA7BnhP9NBDt3iWbN4dUr1g",
"expires_in": 300,
"token_type": "Bearer"
}
A successful authorization request will return an access_token
, which must be supplied in subsequent requests. The
access token supplied will expire after expires_in
seconds, after which, you must request a new token. Requests
made with same access token will be limited to the scopes specified when requesting the token.
While it is currently permissible to specify multiple scopes when requesting an access token it is highly recommended that you specify a single scope and request an access token for each scope needed.
You are now able to make an authenticated API request. All API requests require at least the following headers:
x-api-key
must be set to theAPI_KEY
you received from Dock Health.Authorization
must be set to theaccess_token
value you received when making your Authorization request in Step 3.
Authenticated requests also require that the scope requested in your Authorization request matches the scope required for the specified endpoint. See the rest of this quickstart, as well as the API reference for the scope required for each endpoint. The Dock Health API reference is available in three formats - OpenAPI (yaml), Redoc, and Swagger:
- OpenAPI: https://partner-api-dev.dockhealth.app/api-docs
- Redoc: https://partner-api-dev.dockhealth.app/api-docs/redoc
- Swagger: https://partner-api-dev.dockhealth.app/api-docs/swagger
For example, to request your Developer account info, you must request dockhealth/system.developer.read
scope when
making your Authorization request, and supply the returned access_token
as the authorization header, along with your
api key:
Example Request:
curl --request GET \
--url $API_URL/api/v1/developer \
--header "x-api-key: jga49hff490msgeyytihbm35f138dfchhgj63Opl" \
--header "Authorization: eyJraWQiOiJyYTAraGdJUlhDTEZJNlNKY0ladjNMdmVITUJoTDhGTGhOWEhLRWFCNlwvST0iLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiI2aHBvdGkzMWNpOWpmcGlzc2lmOXRrbHVsbiIsInRva2VuX3VzZSI6ImFjY2VzcyIsInNjb3BlIjoiZG9ja2hlYWx0aFwvc3lzdGVtLmRldmVsb3Blci5yZWFkIiwiYXV0aF90aW1lIjoxNjE0NTU0OTMzLCJpc3MiOiJodHRwczpcL1wvY29nbml0by1pZHAudXMtZWFzdC0xLmFtYXpvbmF3cy5jb21cL3VzLWVhc3QtMV8wRTRnSW12S1oiLCJleHAiOjE2MTQ1NTUyMzMsImlhdCI6MTYxNDU1NDkzMywidmVyc2lvbiI6MiwianRpIjoiMjU3ZTRkZGYtNThmZi00MGVlLThiNWEtMzE1MjkxMGQ1NDQ4IiwiY2xpZW50X2lkIjoiNmhwb3RpMzFjaTlqZnBpc3NpZjl0a2x1bG4ifQ.XRUBBdgGOCRcy4WW4mjEaGcc4W9S-JV0AbuKmM2PlQvqopmzizETN_NSz-3ScLbfyd_g5JO0Jfr2eimnMQSeYDU3sVhSs1CNiT8VhEps_9BVwvthQtFdFAnjzGXM7FSsSp-7amzb4Q29KtlIP3tUsgM6mmgha4c3fcRBmP1RDw2op6NP5sUrQRamQz7gz-PLqjEUJS1fSJLCR1Wcp05LaHIgaOlhCfDMzLBTV7UXC9WqmpQ6yFWYZuVmwOq8rwCrEeqXZ0oVvarDuwpx1pWVOUAUKq4giEj_hy8CjzdXkqyfyEt1-BZe93gFWuqgAZVOrVp4OgEqUp8KX6SDnfoh3A"
Example Response:
{
"contactName": "John Smith",
"contactEmail": "john.smith@example.com",
"contactPhone": "1-212-555-1212",
"organizations": [
{
"organizationIdentifier": "3cec036e-604d-45a9-b83c-0bb7aa157baa",
"name": "Smith Clinic, P.C.",
"subscription": "30 Day Trial"
}
]
}
Congratulations! You should now be able to make full use of the Dock Health API in your own applications.
See the remainder of this README for more information on the data model, request scopes, request format, and errors.
The Dock Health API Developer Guide (this document) and client examples are available at our public GitHub API repository (this repo): https://github.com/DockHealth/dockhealth-api.
Please see the examples section of this repo for full working examples covering the full onboarding lifecycle!
The Dock Health API reference is available in three formats - OpenAPI (yaml), Redoc, and Swagger:
- OpenAPI: https://partner-api-dev.dockhealth.app/api-docs
- Redoc: https://partner-api-dev.dockhealth.app/api-docs/redoc
- Swagger: https://partner-api-dev.dockhealth.app/api-docs/swagger
Finally, if you have any trouble, please don't hesitate to reach out for help. Either:
- Create an issue in this repo: https://github.com/DockHealth/dockhealth-api/issues.
- Email us at mailto://support@dock.health.
Thanks for using Dock Health!
- A single
Developer
has one or moreOrganizations
.- A single
Organization
has one or morePatients
.- A single
Patient
has one or moreNotes
.
- A single
- A single
Organization
has one or moreUsers
. - A single
Organization
has one or moreLists
.- A single
List
has one or moreGroups
.- A single
Group
has one or moreTasks
.- A single
Task
has zero or moreSubTasks
.- A single
Task
has zero or one existingPatients
. - A single
Task
orSubTask
has zero or moreAssignees
, which are existingUsers
. - A single
Task
orSubTask
has zero or moreAttachments
. - A single
Task
orSubTask
has zero or moreComments
.
- A single
- A single
- A single
- A single
- A single
Scopes are loosely based on the FHIR standard, with the following deviations from the standard:
- Dock Health scope names use dots
.
instead of slashes/
as separators. - Dock Health does not allow wildcard
*.
scopes.
The naming convention is defined as follows:
scope-name = resource-context "." resource-type "." modification-rights
resource-context = ("system" / "user" / "patient")
resource-type = (name) # `all` used in place of wildcards
modification-rights = ("read" / "write")
system.developer.read
- Read developer info as the system account.system.org.read
- Read org info as the system account.system.user.read
- Read user info as the system account.
IMPORTANT: The system
scopes are limited! All other activity must happen on behalf of a user!
user.all.read
- Read data accessible by the specified user.user.all.write
- Write data accessible by the specified user.
NOTE: An org is required for user operations, and the user must be part of the specified org.
patient.all.read
- Read data associated with the specified patient.patient.all.write
- Write data associated with the specified patient.
NOTE: A user and org are for patient operations, and the user and patient must be part of the specified org.
- SYSTEM requests require two headers to be set:
x-api-key
must be set to your api key created during account provisioning.Authorization
must be set to theaccess_token
returned from your Authentication request.- The
access_token
in turn contains yourclient_id
,client_secret
, andscopes
.
- The
- ORGANIZATION requests require the SYSTEM headers AND one additional header:
x-user-id
must be set to the identifier of a given user.
- ALL OTHER requests require the SYSTEM headers, AND two additional headers:
x-user-id
must be set to the identifier of a given user.x-organization-id
must be set to the identifier of an organization to which the specified user is a member.
Dock Health endpoints generally follow these usage conventions:
GET /v1/user/160f9192-40c2-11ea-a4e8-124feabd863a
returns the user for the specified userIdentifier
.
NOTE that the entity
is referred to in the singular even when getting a list:
GET /api/v1/user
returns a list of users.
GET /api/v1/user/someuseridentifier
returns a single user.
GET /api/v1/organization
returns a list of organizations for the USER_ID
supplied in the request header:
GET /api/v1/user
returns a list of users for the ORGANIZATION_ID
and USER_ID
supplied in the request headers:
POST /api/v1/user
creates a new user.
PATCH /api/v1/user/someuseridentifier
updates the supplied values ONLY on the existing user.
PUT /api/v1/user/someuseridentifier
entirely replaces the existing user with the supplied values.
DELETE /api/v1/user/someuseridentifier
(soft) deletes an existing user.
IMPORTANT: Currently, Dock Health ONLY supports soft-deletions! Any deleted item is actually still retrievable via
the API, but its active
attribute will be set to false
.
To fetch only non-deleted (active
) items from the API, use the search
endpoints, supplying active=true
as one
of the search parameters. Alternatively, retrieve items from the API and filter any inactive items from the returned
results.
Dock Health uses conventional HTTP response codes to indicate the success or failure of an API request. In general:
- Codes in the 2xx range indicate success.
- Codes in the 4xx range indicate an error that failed given the information provided.
- Codes in the 5xx range indicate an error with Dock Health servers.
Specific Error Codes:
200 - OK. Everything worked as expected.
201 - Created. The requested item was created as expected.
400 - Bad Request. The request was unacceptable, often due to missing a required parameter.
401 - Unauthorized. No valid API key provided.
402 - Request Failed. The parameters were valid but the request failed.
403 - Forbidden. The API key doesn't have permissions to perform the request.
404 - Not Found. The requested resource doesn't exist.
409 - Conflict. The request conflicts with another request (perhaps due to using the same idempotent key).
429 - Too Many Requests. Too many requests hit the API too quickly. We recommend an exponential backoff of your requests.
5xx - Server Errors.
In the event of an error, an error response will also be returned. Error responses have the following attributes:
timestamp
The timestamp at which the error occurred.status
The http status code of the error. This will match the http status code returned by the server.error
The error message corresponding to the http status code.message
The Dock Health error message specific to the error that occurred.path
The URI of the request that generated the error.
Example Error Response:
{
"timestamp": "2021-03-01T19:45:25.064Z",
"status": 403,
"error": "Forbidden",
"message": "HeyDocAccessDeniedException: Not authorized to access patient note: 51b95ccd-4bbe-11ea-a4e8-124feabd863a",
"path": "/api/v1/patient/b7b51675-316d-4f60-a8b2-93b19f93129b/note/51b95ccd-4bbe-11ea-a4e8-124feabd863a"
}
The Dock Health API Developer Guide (this document) and client examples are available at our public GitHub API repository (this repo): https://github.com/DockHealth/dockhealth-api.
Please see the examples section of this repo for full working examples covering the full onboarding lifecycle!
The Dock Health API reference is available in three formats - OpenAPI (yaml), Redoc, and Swagger:
- OpenAPI: https://partner-api-dev.dockhealth.app/api-docs
- Redoc: https://partner-api-dev.dockhealth.app/api-docs/redoc
- Swagger: https://partner-api-dev.dockhealth.app/api-docs/swagger
If you have any trouble, please don't hesitate to reach out for help. Either:
- Create an issue in this repo: https://github.com/DockHealth/dockhealth-api/issues.
- Email us at mailto://support@dock.health.