Authentication

The WioClinic Developer API uses API key pairs for authentication. Each key pair consists of:

Field	Prefix	Description
Key ID	`wc_live_`	Public identifier
Secret	`wcs_live_`	Private secret — shown only once at creation

Making Authenticated Requests

Include both values in the Authorization header, separated by a colon:

Authorization: Developer wc_live_abc123xyz:wcs_live_secretvalue

Example (cURL)

curl https://wioclinic.services/api/developer/v1/patients \
  -H "Authorization: Developer wc_live_abc123xyz:wcs_live_secretvalue"

Example (PHP)

$response = $httpClient->request('GET', 'https://wioclinic.services/api/developer/v1/patients', [
    'headers' => [
        'Authorization' => 'Developer ' . $keyId . ':' . $secret,
    ],
]);

Managing API Keys

API keys are created and managed in the WioClinic dashboard:

Org Console → Clinic Settings → Developer API

From there you can:

Create new key pairs with specific scopes
Revoke existing keys
View key metadata (creation date, last used)

:::warning Secret visibility The secret (wcs_…) is shown only once at creation time. Store it securely — it cannot be retrieved again. :::

Scopes

Each API key has a set of scopes that determine which endpoints it can access. Requests to endpoints outside the key's scopes return 403 Forbidden.

See Scopes Reference for the full list.

Making Authenticated Requests​

Example (cURL)​

Example (PHP)​

Managing API Keys​

Scopes​

Making Authenticated Requests

Example (cURL)

Example (PHP)

Managing API Keys

Scopes