API Reference

Authentication & Session

All requests require a Bearer token in the Authorization header, except auth endpoints themselves. OTP-based login is the primary patient flow.

POST /auth/patient/request-otp Request OTP to patient mobile number ▾

Sends an OTP via SMS (Twilio) or WhatsApp to the patient's registered phone number. Rate-limited to prevent abuse.

Request Body

Parameter	Type	Required	Description
phone	string	required	E.164 format phone number, e.g. +919876543210
channel	enum	optional	sms (default) or whatsapp

Response — 200 OK

JSON

{
  "status": "otp_sent",
  "expires_in": 300,
  "channel": "sms"
}

POST /auth/patient/verify-otp Verify OTP and return session tokens ▾

Verifies the OTP and returns an access token (JWT) and a refresh token (HttpOnly cookie).

Parameter	Type	Required	Description
phone	string	required	Same phone used for request-otp
otp	string	required	6-digit OTP received

Response — 200 OK

JSON

{
  "access_token": "eyJhbGciOiJIUzI1NiIs...",
  "token_type": "bearer",
  "expires_in": 900,
  "user": {
    "id": "pat_01JFGH3K2MNPQ4RS5TUVWXYZ",
    "phone": "+919876543210",
    "role": "patient"
  }
}

POST /auth/google Google OAuth login ▾

Exchange a Google ID token for a PatientPulse session. Suitable for web app login flows.

Parameter	Type	Required	Description
id_token	string	required	Google ID token from OAuth flow

GET /auth/me Get current authenticated user profile ▾

Returns the full profile of the currently authenticated user including role, organization, and permissions.

🔐 Authentication Required

Include Authorization: Bearer <token> header.

AI & Clinical Intelligence

PatientPulse ships a full AI suite — lab interpretation, ambient clinical scribe, demand forecasting, and staffing recommendations. AI endpoints require AI_ENABLED=true in your environment.

POST /ai/interpret-lab-report AI interpretation of uploaded lab report ▾

Pass a lab report (PDF or image reference) and receive structured clinical interpretation — abnormal flags, trend markers, recommended actions.

Parameter	Type	Required	Description
record_id	string	required	ID of uploaded health record
patient_id	string	required	Patient to contextualize results against
include_history	boolean	optional	Compare against prior lab results (default: true)

Response — 200 OK

JSON

{
  "interpretation": {
    "summary": "HbA1c elevated at 7.8% — borderline diabetic range.",
    "abnormal_markers": [
      { "name": "HbA1c", "value": "7.8%", "flag": "HIGH" },
      { "name": "Triglycerides", "value": "210 mg/dL", "flag": "HIGH" }
    ],
    "recommendations": ["Repeat HbA1c in 3 months", "Dietary consult advised"],
    "confidence": 0.91
  }
}

POST /ai/ambient-scribe Generate clinical notes from consultation audio/text ▾

Submit consultation transcript or audio reference; receive a structured SOAP note with chief complaint, history, assessment, and plan.

Parameter	Type	Required	Description
transcript	string	required*	Consultation transcript text
audio_url	string	optional	URL to audio recording (*one of transcript or audio_url required)
appointment_id	string	optional	Link note to existing appointment

GET /forecast OPD/Emergency demand forecast ▾

Returns ML-generated demand forecast (XGBoost + Prophet ensemble) for OPD and Emergency departments. Used for capacity planning and staffing optimization.

Query Param	Type	Description
department	enum	opd, emergency, ipd
horizon_days	integer	Forecast horizon (1–14 days)
org_id	string	Filter by organization

FHIR R4 Interoperability

PatientPulse implements HL7 FHIR R4 for patient data export and interoperability. Use these endpoints to fetch FHIR-compliant bundles for any patient.

GET /interop/fhir/r4/patients/{patient_id} Export patient as FHIR R4 bundle ▾

Returns a complete FHIR R4 Bundle containing Patient, Conditions, Medications, Observations, and Appointments resources.

Response — 200 OK

FHIR JSON

{
  "resourceType": "Bundle",
  "type": "collection",
  "entry": [
    {
      "resource": {
        "resourceType": "Patient",
        "id": "pat_01JFGH3K2MNPQ4RS5TUVWXYZ",
        "name": [{ "text": "Ramesh Kumar" }],
        "birthDate": "1985-04-15",
        "identifier": [{ "system": "https://abha.gov.in", "value": "12-3456-7890-1234" }]
      }
    }
  ]
}

ABDM / ABHA Integration

First-class ABDM (Ayushman Bharat Digital Mission) integration. Link ABHA IDs, push/pull PHR records, and sync with HFR/HPR registries.

GET /interop/abdm/identity-links/{link_request_id} Get ABHA identity link status ▾

Poll the status of an ABHA identity linking request. Links are initiated via the mobile app and processed asynchronously by the ABDM connector.

POST /interop/abdm/phr-push Push PHR records to ABDM health locker ▾

Triggered automatically on consult completion (Feature 7A). Can also be called manually to push specific records to a patient's ABHA-linked health locker.

✦ Auto-triggered on Consult Completion

Set ABDM_AUTO_PUSH_ON_CONSULT=true to enable automatic FHIR bundle push after each consultation.

Appointments

POST /appointments Book a new appointment ▾

Parameter	Type	Required	Description
patient_id	string	required	Patient identifier
doctor_id	string	required	Assigned doctor
slot_id	string	required	Availability slot from GET /availability/slots
visit_type	enum	required	opd, telemedicine, followup
notes	string	optional	Chief complaint or notes for doctor

GET /availability/slots List available appointment slots ▾

Query Param	Type	Description
doctor_id	string	Filter by doctor
date	date	Target date (ISO 8601)
specialty	string	Filter by medical specialty

Insurance & Claims

POST /insurance/claims File a new insurance claim ▾

Submit a pre-authorization or claim to the payer via NHCX. Returns a correlation_id for status polling.

GET /insurance/nhcx/claim-status/{correlation_id} Poll NHCX claim status ▾

Polls the National Health Claims Exchange for real-time claim status using the correlation ID returned at claim submission.

PulseVault Mobile API Node.js / Express

The PulseVault mobile backend provides 88 endpoints for the Android consumer app. Base URL: https://api.pulsevault.in/v1

POST /v1/auth/request-otp Request OTP (Vault) ▾

Identical contract to PatientPulse auth. Can be proxied to canonical PatientPulse backend via NODE_AUTH_PROXY_ENABLED=true.

GET /v1/profiles/{profileId}/vault Get patient health record vault ▾

Returns all health records for a profile, grouped by category (labs, prescriptions, imaging, discharge summaries).

Response — 200 OK

JSON

{
  "profile_id": "prof_abc123",
  "records": {
    "labs": [/* ... */],
    "prescriptions": [/* ... */],
    "imaging": [/* ... */]
  },
  "total_records": 47,
  "last_updated": "2025-11-14T10:30:00Z"
}

POST /v1/profiles/{profileId}/records/{recordId}/extraction-jobs Start AI marker extraction from a record ▾

Queues an async AI job to extract structured health markers (diagnoses, medications, vitals) from a health record document.

Errors & Rate Limits

All error responses are JSON with an error key. The table below covers every non-2xx status your integration should handle.

HTTP Status	error code	When it happens	Fix
401	invalid_api_key	Key not found, revoked, or environment mismatch (sandbox key on production endpoint)	Issue a new key in the Developer Portal
402	plan_required	Your plan tier is below the minimum required for this endpoint (e.g. calling AI features on the free plan)	Upgrade at developer-portal.html#plans
402	subscription_required	Attempted to issue a production key with no active paid subscription	Subscribe via Razorpay on the Developer Portal
429	quota_exceeded	Monthly API call quota exhausted for your plan (free: 10K, growth: 500K)	Upgrade plan or wait for the monthly reset
422	validation_error	Request body fails schema validation	Check the `detail` array for field-level messages
404	not_found	Resource (patient, appointment, claim…) does not exist or belongs to a different org	Verify the ID and your org_id
500	internal_error	Unexpected server error	Retry with exponential back-off; open a GitHub issue if persistent

Rate-Limit Headers

Every response from an API-key-authenticated request carries these headers:

Header	Value	Notes
X-RateLimit-Limit	10000 / 500000 / unlimited	Monthly quota for your plan
X-RateLimit-Remaining	integer ≥ 0	Calls left this calendar month
X-RateLimit-Period	monthly	Resets on the 1st of each month

Example 429 Response

JSON

{
  "error": "quota_exceeded",
  "monthly_calls": 10001,
  "quota": 10000,
  "plan": "free",
  "reset": "first day of next calendar month",
  "upgrade_url": "https://patientpulse.in/developer-portal#plans"
}

Developer Keys API

Manage API keys programmatically. All routes require an org-admin JWT token in the Authorization: Bearer <jwt> header.

POST /developer/keys Issue a new sandbox or production API key ▾

Field	Type	Required	Description
environment	enum	optional	`sandbox` (default) or `production`. Production requires an active paid subscription.
scopes	string[]	optional	Permission scopes: `read:patients`, `write:appointments`, `ai:interpret`, `interop:fhir`, `admin:org`, etc.
label	string	optional	Human-readable label, max 120 chars

⚠ Plaintext shown once only

The full key is returned in the response and never stored. Store it securely immediately — you cannot retrieve it again.

GET /developer/keys List all keys for the authenticated org (no plaintext) ▾

Query Param	Type	Description
include_revoked	bool	Default `false`. Set `true` to include revoked keys in the response.

DELETE /developer/keys/{key_id} Revoke a key immediately ▾

Sets revoked_at timestamp. All subsequent requests using this key will receive 401 invalid_api_key. Irreversible — rotate instead if you need a replacement.

POST /developer/keys/{key_id}/rotate Revoke + reissue with identical settings ▾

Atomically revokes the old key and creates a replacement with the same environment, plan, scopes, and label. The new plaintext key is returned once.

GET /developer/usage API usage metrics for your org ▾

Query Param	Values	Description
period	7d · 30d · 90d	Lookback window (default 30d)
key_id	integer	Filter to a specific key

Authentication & Session

Request Body

Response — 200 OK

Response — 200 OK

AI & Clinical Intelligence

Response — 200 OK

FHIR R4 Interoperability

Response — 200 OK

ABDM / ABHA Integration

Appointments

Insurance & Claims

PulseVault Mobile API Node.js / Express

Response — 200 OK

Errors & Rate Limits

Rate-Limit Headers

Example 429 Response

Developer Keys API

Try It