Scopes Reference
Each API key is granted a set of scopes at creation time. Requests to endpoints outside the key's scopes return 403 Forbidden.
Available Scopes
| Scope | Grants Access To |
|---|---|
patient.read | List and get patients |
patient.write | Create and update patients |
appointment.read | List and get appointments |
appointment.write | Create and cancel appointments |
appointment.read.availability | Check available time slots |
finance.read | Read invoices and payments |
communication.read.sms | List communication logs |
communication.write.sms | Send SMS messages |
communication.write.email | Send email messages |
webhook.read | List webhook endpoints |
webhook.write | Create, update, and delete webhooks |
Principle of Least Privilege
Assign only the scopes your integration actually needs. For example:
- A scheduling integration needs
appointment.read,appointment.write,appointment.read.availability - A notification service needs
patient.read,communication.write.sms - A reporting tool needs
patient.read,appointment.read,finance.read