API Reference
REST API for IntakePilot integration.
Base URL: https://api.intakepilot.com
Authentication
All API requests require a JWT bearer token.
curl -H "Authorization: Bearer YOUR_TOKEN" \
https://api.intakepilot.com/api/v1/patients
Get token from login or your account settings.
Common Endpoints
GET /api/v1/patients
List patients in your clinic.
Parameters:
limit(int) - Results per page, default 50offset(int) - Pagination offset, default 0search(string) - Search by name or DOB
Example:
GET /api/v1/patients?limit=50&offset=0&search=Smith
Response:
{
"data": [
{
"id": "123e4567-e89b-12d3-a456-426614174000",
"first_name": "Jane",
"last_name": "Smith",
"date_of_birth": "1985-03-15",
"clinic_id": "clinic-uuid",
"created_at": "2024-01-01T10:00:00Z"
}
],
"pagination": {
"total": 1,
"limit": 50,
"offset": 0
}
}
POST /api/v1/patients
Create a new patient.
Body:
{
"first_name": "Jane",
"last_name": "Smith",
"date_of_birth": "1985-03-15",
"phi_data": {
"contact": {
"email": "jane@example.com",
"phone": "555-0123"
}
}
}
Response: Created patient object
GET /api/v1/patients/:id
Get patient details.
Response: Single patient object with full details
PATCH /api/v1/patients/:id
Update patient information.
Body: Fields to update
{
"first_name": "Jane",
"phi_data": {
"contact": {
"email": "newemail@example.com"
}
}
}
POST /api/v1/form-assignments
Assign a form to a patient.
Body:
{
"patient_id": "patient-uuid",
"form_template_id": "template-uuid",
"assigned_by_user_id": "user-uuid"
}
Response:
{
"id": "assignment-uuid",
"patient_id": "patient-uuid",
"form_template_id": "template-uuid",
"status": "pending",
"portal_link": "https://intakepilot.com/portal/unique-token",
"created_at": "2024-01-01T10:00:00Z"
}
GET /api/v1/form-submissions
List form submissions.
Parameters:
status- Filter by statuspatient_id- Filter by patientlimit/offset- Pagination
Response: Array of submissions
GET /api/v1/form-submissions/:id
Get submission details.
Response:
{
"id": "submission-uuid",
"patient_id": "patient-uuid",
"form_type": "TMS Intake",
"form_version": "1.0",
"form_data": { ... },
"processing_results": {
"summaries": {
"clinician": "...",
"patient": "...",
"pa": "..."
}
},
"submission_status": "submitted",
"created_at": "2024-01-01T10:00:00Z"
}
PATCH /api/v1/tms/intake/:id
Update submission (change status, add summaries).
Body:
{
"status": "approved",
"clinician_summary": "...",
"patient_summary": "...",
"pa_summary": "..."
}
Summaries are stored in processing_results.summaries JSONB.
GET /api/v1/superadmin/audit/logs
View audit logs (admin only).
Parameters:
limit/offset- Paginationevent_type- Filter by eventuser_id- Filter by userresource_type- Filter by resource
Response: Array of audit log entries
Rate Limiting
100 requests per minute per user.
Exceeded limits return 429 Too Many Requests.
Error Responses
All errors return standard format:
{
"error": "Error message here",
"details": "Additional context",
"code": "ERROR_CODE"
}
Status Codes:
400- Bad Request (invalid input)401- Unauthorized (invalid token)403- Forbidden (insufficient permissions)404- Not Found429- Rate Limited500- Server Error
RLS and Security
All API requests enforce row-level security.
Users only see data from their clinic (determined by JWT token).
Session context is set automatically from JWT claims.
CORS
API allows CORS requests from:
- intakepilot.com
- localhost (development)
Webhooks
Coming soon. Subscribe to events like:
- form_submitted
- status_changed
- patient_created