Introduction
All API requests are performed over HTTPS and are protected by the OAuth 2.0 standard.
Available API functionality:
- Patient summary search
- Patient encounter search
- Encounter CCDAs
Before you can start using our APIs, you must go through our registration process. If you'e interested in API access for your practice, please contact us here. Otherwise, if you've been provided with credentials to authenticate, then continue to the Getting Started section for more information.
Getting Started
All API requests are performed over HTTPS. Although the FHIR® standard supports both JSON and XML, this API currently only supports JSON. Therefore any type explicitly defined in the request's Accept header will be ignored.
Before you can access the Nextech API you must have the proper credentials to authenticate. These credentials will be provided to you by your Nextech representative.
API Endpoint
https://saas.nextech-api.com/ehr/api
The following values are required in the Header for every request...
| Name | Description | Required? |
|---|---|---|
| Authorization | Every request requires a Bearer token Bearer {access_token} |
Yes |
| x-nextech-practice-id | The unique identifier for a practice | Yes |
Authentication
Nextech's EHR API is protected by the OAuth 2.0 standard for authenticating requests. All API requests are authenticated by passing a Bearer token in the Authorization Header.
Authorization: Bearer {access_token}
Request Authorization Code
The SAAS API authenticates requests through a user credentials grant. You must request an authorization code through an interactive login page, then use that code to request an access token.
GET https://login.microsoftonline.com/nextechapibeta.onmicrosoft.com/oauth2/authorize
| Parameter | Description |
| --------- | ----------- |
| client_id | Application ID |
| response_type | code |
| redirect_url | URL that will be called with the authorization code |
| resource | The app to consume the token |
Request Access Token
Access tokens are used to make API requests on behalf of a user. These tokens are short-lived (1 hour by default) but should be kept confidential in transit and in storage. A access_token and refresh_token pair is issued when requesting an access token.
HTTP Request
POST https://login.microsoftonline.com/nextechapibeta.onmicrosoft.com/oauth2/token
https://login.microsoftonline.com/mdidev.onmicrosoft.com/oauth2/token
Form (x-www-form-urlencoded):
grant_type: authorization_code
client_id: c6eef4c1-62a2-4f3f-88a6-8679639da10a
redirect_uri: http://localhost:8000/callback/
code:
| Parameter | Description |
|---|---|
| grant_type | authorization_code |
| client_id | Application ID |
| redirect_uri | URL that will be called with the access token |
| code | Authorization code |
| resource | The app to consume the token |
Response Parameters
| Parameter | Description |
|---|---|
| code | Access token |
Response Codes
The Nextech SAAS APIs use the standard HTTP response codes to indicate success or failure of an API request.
| Code | Description |
|---|---|
| 200 | OK - Successful request |
| 400 | Bad Request - The request is missing information or is malformed |
| 403 | Forbidden - The request is valid, but the server is refusing action |
| 404 | Not Found - The requested resource cannot be found |
| 500 | Internal Server Error - We had a problem with our server |
Patient
Patient
Overview
Basic information about a patient.
Fields
| Name | Description | Type | Initial Version |
|---|---|---|---|
| patientId | Unique identifier for a patient. | integer | 1.0 |
| chartNumber | Unique identifier for a patient's chart. | string | 1.0 |
| firstName | Patient's first (given) name. | string | 1.0 |
| lastName | Patient's last (family) name. | string | 1.0 |
| middleName | Patient's middle name. | string | 1.0 |
| dob | Patient's date of birth | date | 1.0 |
| ssn | Patient's social security number | string | 1.0 |
| homePhone | Patient's home phone number | string | 1.0 |
Sample
{
"patientId": 0,
"chartNumber": "string",
"firstName": "string",
"lastName": "string",
"middleName": "string",
"dob": "2017-12-14T15:08:59.934Z",
"ssn": "string",
"homePhone": "string"
}
Search
Searches for all appointments matching the given search criteria. See https://www.hl7.org/fhir/search.html for instructions on formatting search criteria.
HTTP Request
GET /search?{parameters}
Parameters
| Name | Located in | Description | Required | Initial Version |
|---|---|---|---|---|
| term | string | String to search patients for. Will attempt to match the patient's name or chart number. | yes | 1.0 |
Example: Get a patient with a specific chart number
GET https://saas.nextech-api.com/ehr/api/search?term=ABC12345
Example: Get all patients with a specific name
GET https://saas.nextech-api.com/ehr/api/search?term=william
Encounter
Encounter CCD
Overview
Encounter data includes a summary of the encounters basic properties and the CCD in HTML format.
Fields
| Name | Description | Type | Initial Version |
|---|---|---|---|
| summary.encounterId | Unique for the encounter | integer | 1.0 |
| summary.doctorId | Unique identifier for the doctor associated with this encounter | integer | 1.0 |
| summary.doctorFirstName | Doctor's first name. | string | 1.0 |
| summary.doctorLastName | Doctor's last name. | string | 1.0 |
| summary.doctorProfessionalDesignation | Doctor's professional designation suffix. (e.g. MD) | string | 1.0 |
| summary.department | Practice department associated with this encounter. | string | 1.0 |
| summary.location | Location of the practice this encounter is associated with. | string | 1.0 |
| summary.encounterDate | Date when this encounter occurred. | UTC date / time | 1.0 |
| summary.type | Description of what type of encounter this was. | string | 1.0 |
| summary.encounterLocked | Whether this encounter's data has been locked. | string | 1.0 |
| ccd | CCD in HTML format | string | 1.0 |
Example
[
{
"summary": {
"encounterId": 0,
"doctorId": 0,
"doctorFirstName": "string",
"doctorLastName": "string",
"doctorProfessionalDesignation": "string",
"department": "string",
"location": "string",
"encounterDate": "2017-12-14T15:08:59.924Z",
"type": "string",
"encounterLocked": true
},
"ccd": "string"
}
]
Search
Searches for all of a one patient's encounters within a date range.
HTTP Request
GET /{patientId]/encounters/search
Parameters
| Name | Located in | Description | Required | Type | Initial Version |
|---|---|---|---|---|---|
| patientId | path | Unique identifier for the patient. | Yes | integer | 1.0 |
| start | query | Earliest date included in the search. If omitted, search begins with the patient's earliest encounter. | No | date-time | 1.0 |
| end | query | Latest date included in the search. If omitted, search ends with the current date. | No | date-time | 1.0 |
| section | query | Section of data to include in the CCD property. If omitted, all sections are returned. (Get list of valid sections via /encounters/categories) | No | string | 1.0 |
Example: Get the CCDs for all of a patient's encounters
GET https://saas.nextech-api.com/ehr/api/1000/encounters/search
Example: Get the CCDs for a patient's encounters within a date range
GET https://saas.nextech-api.com/ehr/api/1000/encounters?start=2-2-2000&end=5-5-2010
Example: Get one section of the CCDs for a patient's encounters with a date range
GET https://saas.nextech-api.com/ehr/api/1000/encounter?start=2-2-2000&end=5-5-2010§ion=history
CCD Sections
List all of the valid section names for encounter CCDs.
HTTP Request
GET /encounters/categories