Making Requests

To start making requests, first check that you're using the correct API key as described in the Overview. Once you have the correct API key, simply send the API key in the headers through OAuth 2.0 Bearer Auth. An API key must accompany every request.

You'll find curl examples for each individual endpoint directly in the docs, but here are some examples using common languages. The example is for getting patients, but you can just switch out the URL, and it would be the same.

If you are currently using Basic Auth, we recommend a switch to Bearer Auth, you just need to send on your HTTP Headers a key, value pair with Authorization and Bearer {your api key}

require 'open-uri'
require 'json' 

my_api_key = "3ljlQa6VeG0iB9WgrgywbgC1GwPUfM3WMzw"
headers = {"Authorization" => "Bearer #{my_api_key}"}
JSON.parse(open("", headers).read)
# You must install requests
import requests
from requests.structures import CaseInsensitiveDict

api_key = "3ljlQa6VeG0iB9WgrgywbgC1GwPUfM3WMzw"

headers = CaseInsensitiveDict()
headers["Accept"] = "application/json"
headers["Authorization"] = "Bearer {token}"

resp = requests.get('', headers=headers)

patients = resp.json()
// You must npm install superagent.
var superagent = require('superagent')
var myApiKey =  "3ljlQa6VeG0iB9WgrgywbgC1GwPUfM3WMzw"
  .set('Authorization', 'Bearer ' + myApiKey);
  .end(function(err, res) {
    // patients!
curl -i '' \
     -H 'Authorization: Bearer 3ljlQa6VeG0iB9WgrgywbgC1GwPUfM3WMzw' -v
$api_key = '3ljlQa6VeG0iB9WgrgywbgC1GwPUfM3WMzw';
$url = ""
$context = stream_context_create(array(
    'http' => array(
        'header'  => "Authorization: Bearer " . $api_key)
$data = file_get_contents($url, false, $context);


PUT and PATCH are treated the same.

Anywhere you see a "PATCH" method in these docs, our API will also support "PUT". From an HTTP semantics standpoint, since we do not expect (nor want) you to send us the entire new version of the object you wish to change, it is preferred to use PATCH. However, if for technical reasons this is not possible, then a PUT is also acceptable, and it will be treated the same as a PATCH request.


Use The Correct Endpoint in Production!

The examples listed above use api.staging.hint. This is by design so that you can easily copy/paste and test endpoints with a functioning (staging) API key. However, our production api is just api.hint. We show this URL in the actual endpoint documentation, but just make sure you're using the right one for production!

What’s Next