Skip to main content

Making Requests

Every call to the Healos External API follows the same pattern. Read this once, and the rest of the API Reference is just details.

Request Anatomy

METHOD  {base_url}/{resource}[/{id}]
        X-API-Key: hlsk_your_key_here
        Content-Type: application/json   ← writes only
        { ...json body... }              ← writes only
  • Base URL: https://api.healos.ai/ext-api/v1 (or http://localhost:8787/ext-api/v1 in local development).
  • X-API-Key is required on every request. See Authentication.
  • Content-Type: application/json is required for POST, PATCH, and PUT.

Your First Call — List Patients

curl https://api.healos.ai/ext-api/v1/patients \
  -H "X-API-Key: hlsk_your_key_here"
Response: 
{
  "data": [
    {
      "id": "1743552000000",
      "name": "Maria Santos",
      "created_at": "2026-03-15T09:30:00.000Z"
    }
  ],
  "meta": {
    "page": 1,
    "limit": 20,
    "total_pages": 1
  }
}
Patient id is a BigInt serialized as a string. Always treat it as an opaque string — don’t parse it as a number, and don’t assume a length.

Pagination

List endpoints accept page and limit query parameters. Defaults are page=1 and limit=20. Use meta.total_pages to know when you’ve reached the end. 
curl "https://api.healos.ai/ext-api/v1/patients?page=2&limit=50" \
  -H "X-API-Key: hlsk_your_key_here"

Creating a Resource

Write endpoints take a JSON body. The schema for each body is in the API Reference — stick to the documented fields. Extra fields are rejected with a 400 validation error. 
curl https://api.healos.ai/ext-api/v1/patients \
  -H "X-API-Key: hlsk_your_key_here" \
  -H "Content-Type: application/json" \
  -d '{"name": "Maria Santos"}'
Response (201 Created): 
{
  "data": {
    "id": "1743552000000",
    "name": "Maria Santos",
    "created_at": "2026-03-15T09:30:00.000Z",
    "pronouns": null,
    "notes": null,
    "consent": false
  }
}
POST, PATCH, and DELETE require a *:write scope for the resource. A key without it gets a 403. See Authentication → Scopes.

Reading One Resource By ID

curl https://api.healos.ai/ext-api/v1/patients/1743552000000 \
  -H "X-API-Key: hlsk_your_key_here"
You can grab a patient’s ID from the Healos web app — it’s shown as a copy-to-clipboard badge next to the patient name in the visit and record headers.
A 404 on a specific ID may mean the resource does not exist or belongs to another user. This is intentional — see Error Handling.

Handling Responses

StatusWhat it meansWhere to look
2xxSuccess. Body is { "data": ... }, list endpoints also include meta.
400Validation error. Body includes a details map of field errors.Error Handling
401Missing, invalid, expired, or revoked key.Authentication
403Key is valid but lacks the required scope.Authentication → Scopes
404Resource not found (or not yours).Error Handling
429Rate limit exceeded. Honor the Retry-After header.Rate Limiting
Every response carries X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset so you can pace yourself without waiting for a 429.

Next Steps

API Reference

Full endpoint listing with request and response schemas

Authentication

API keys, scopes, and security best practices