The Account Object represents a user account within an Organization.
The current caller's context access level.
activationRequired
Boolean
True if the account must be activated before use. Dependant on Org settings.
The age of the account holder (based on the dob property).
Connections associated with the Account.
The date the context was created.
Account holder date of birth.
The email address for the account and must be unique within the Org.
Tags the context as a favorite, which can then be filtered using the API.
Account holder gender. Available values are:
f - Female
m - Male
n - Neither
o - Other
t - Trans
u - Unspecified
The account profile image.
inherited_roles
ObjectId[]
Any roles that are inherited from my current role. If my current role has no sub-roles then this is an empty array.
A fingerprint and secret, re-generated on password change. Useful for client-side PHI encryption/caching scenarios, it is available to the account holder for the life of an authenticated session.
The mobile number of the account holder. This number should be capable of receiving SMS messages and must be in E.164 format.
Name of the account holder (split into first and last names as well as optional prefix, middle, suffix and additional[]).
The context’s object name.
Account roles (e.g. Provider, Administrator, Developer). Accounts can have more than one role.
True if there are any active or pending connections for this context.
Current state for the account. (e.g. unverified, verified)
The date the latest update was made to a context’s properties
The account id of the context updater
Example Account Object
Copy {
"_id": "54c66edac364f2201b78c34e",
"access": 6,
"dob": "1975-01-26",
"email": "john.smith@example.com",
"favorite": false,
"gender": "m",
"key": {
"fingerprint": "094be6f0-a57b-11e4-9323-d35446f5af36",
"secret": "P07uqKLlXDWjj3s85TGJt4BXSuSCFlpx"
},
"locale": "en_US",
"locked": false,
"mobile": "15551234567",
"name": {
"first": "John",
"last": "Smith"
},
"object": "account",
"preferences": {
"notifications": [
{
"label": "Custom Notifier",
"name": "c_notifier",
"_id": "56cbfddcba9ef5257bf48513",
"endpoints": [
{
"_id": "456e64706f696e7420536d73",
"enabled": false,
"label": "SMS",
"name": "sms"
},
{
"_id": "456e64706f696e7420456d6c",
"enabled": true,
"label": "Email",
"name": "email"
}
]
}
]
},
"profile": {
"provider": {
"affiliation": "None",
"license": {
"number": "777",
"state": "Alabama"
},
"npi": "798798798",
"specialty": "Allergy and Immunology",
"state": "processing",
"visibility": {
"provider": false,
"public": false
}
}
},
"roles": [
"000000000000000000000005"
],
"shared": false,
"state": "verified",
"updated": "2015-03-12T18:47:34.010Z"
} List
GET https://api.dev.medable.com/your_org_name/v2/accounts
Retrieve all accounts
Path Parameters
200 400
Copy {
"data": [
{
"_id": "5525fc2db7995d2c2807632a",
"object": "account",
"name": {
"first": "Charles",
"last": "Best"
}
},
{
"_id": "552352a4ea05b030066583fc",
"object": "account",
"name": {
"first": "Charles",
"last": "Best"
}
}
],
"hasMore": false,
"object": "list"
}
Copy $.ajax({
url: "https://api.dev.medable.com/example/v2/accounts?paths[]=name",
method: "GET",
dataType : "json",
xhrFields: {
withCredentials: true
},
headers: {
"Medable-Client-Key": "GsAqlhnIMzrDeD8V2MBQWq"
}
}).done(function(data) {
// ...
}); Read
GET https://api.dev.medable.com/your_org_name/v2/accounts/account_id
Retrieve an account
Path Parameters
200 400
Copy {
"_id": "5525fc2db7995d2c2807632a",
"access": 2,
"favorite": false,
"image": {
"ETag": "594b69d035ac27c2e69ef053082eb6a3",
"creator": "5525fc2db7995d2c2807632a",
"facets": [
{
"ETag": "047fb43a1389f6a00d06fdbbe8780a0c",
"creator": "5525fc2db7995d2c2807632a",
"height": 160,
"location": 4,
"mime": "image/jpeg",
"name": "thumbnail",
"path": "/accounts/5525fc2db7995d2c2807632a/image/thumbnail",
"size": 7823,
"state": 2,
"width": 160
}
],
"height": 500,
"location": 4,
"mime": "image/jpeg",
"name": "content",
"path": "/accounts/5525fc2db7995d2c2807632a/image/content",
"size": 52586,
"state": 2,
"width": 622
},
"name": {
"first": "Charles",
"last": "Best"
},
"object": "account",
"shared": true,
"updated": "2015-04-15T16:56:32.052Z",
"updater": {
"_id": "000000000000000000000002",
"object": "account",
"path": "/accounts/000000000000000000000002"
}
}
Copy $.ajax({
url: "https://api.dev.medable.com/example/v2/accounts/5525fc2db7995d2c2807632a",
method: "GET",
dataType : "json",
xhrFields: {
withCredentials: true
},
headers: {
"Medable-Client-Key": "GsAqlhnIMzrDeD8V2MBQWq"
}
}).done(function(data) {
// ...
}); Current User
GET https://api.dev.medable.com/your_org_name/v2/accounts/me
Path Parameters
200 400
Copy {
"_id": "552352a4ea05b030066583fc",
"access": 6,
"dob": "1899-02-27",
"email": "charles.best@example.org",
"favorite": false,
"gender": "m",
"key": {
"fingerprint": "69521070-dcd8-11e4-98e9-c5a28d7729c2",
"secret": "cUdg8LCspNtSVDPCdr281oD6c2PO0EVW"
},
"locale": "en_US",
"locked": false,
"mobile": "16505555555",
"name": {
"first": "Charles",
"last": "Best"
},
"object": "account",
"roles": [],
"shared": false,
"state": "unverified"
}
Copy $.ajax({
url: "https://api.dev.medable.com/example/v2/accounts/me",
method: "GET",
dataType : "json",
xhrFields: {
withCredentials: true
},
headers: {
"Medable-Client-Key": "GsAqlhnIMzrDeD8V2MBQWq"
}
}).done(function(data) {
// ...
}); Register
POST https://api.dev.medable.com/your_org_name/v2/accounts/register
Account Registration
Path Parameters
Request Body
This is attached to the name object.
This is attached to the name object.
This is later used with the password to log in
Must meet org password strength requirements
The timezone for the user
Invite/connection token (if applicable)
200 400
Copy {
"_id": "552352a4ea05b030066583fc",
"access": 6,
"dob": "1899-02-27",
"email": "charles.best@example.org",
"favorite": false,
"gender": "m",
"key": {
"fingerprint": "69521070-dcd8-11e4-98e9-c5a28d7729c2",
"secret": "cUdg8LCspNtSVDPCdr281oD6c2PO0EVW"
},
"locale": "en_US",
"locked": false,
"mobile": "16505555555",
"name": {
"first": "Charles",
"last": "Best"
},
"object": "account",
"roles": [],
"shared": false,
"state": "unverified"
}
Copy $.ajax({
url: "https://api.dev.medable.com/example/v2/accounts/register",
method: "POST",
dataType : "json",
xhrFields: {
withCredentials: true
},
headers: {
"Medable-Client-Key": "GsAqlhnIMzrDeD8V2MBQWq"
},
data: {
"name": {
"first": "Charles",
"last": "Best"
},
"email": "charles.best@example.org",
"gender": "m",
"dob": "1899-02-27",
"mobile": "1-650-555-5555",
"password": "Thanks for the break, Banting!"
}
}).done(function(data) {
// ...
}); Login
POST https://api.dev.medable.com/your_org_name/v2/accounts/login
Path Parameters
Request Body
6 digit verification token sent to user's mobile device for 2FA. Attached to location object.
if you want to associate a string with a given authorized access point. Attached to location object.
The equivalent of "Remember Me" checkbox common in login options. Attached to location object.
The iOS notification token received from APN for push notifications (if applicable). Attached to location object.
The Android FCM/GCM push registration id (if applicable). Attached to location object.
Copy $.ajax({
url: "https://api.dev.medable.com/example/v2/accounts/login",
method: "POST",
dataType : "json",
xhrFields: {
withCredentials: true
},
headers: {
"Medable-Client-Key": "GsAqlhnIMzrDeD8V2MBQWq"
},
data: {
"email": "james@example.com",
"password": "this is not my passphrase",
"location": {
"verificationToken": "123456",
"locationName": "New Orleans",
"singleUse": true
}
}
}).done(function(data) {
// ...
}); Logout
POST https://api.dev.medable.com/your_org_name/v2/accounts/me/logout
Invalidate the currently authenticated session
Path Parameters
200 400
Copy {
"object": "result",
"data": true
}
Copy $.ajax({
url: "https://api.dev.medable.com/example/v2/accounts/me/logout",
method: "POST",
dataType : "json",
xhrFields: {
withCredentials: true
},
headers: {
"Medable-Client-Key": "GsAqlhnIMzrDeD8V2MBQWq"
}
}).done(function(data) {
// ...
}); Request Password Reset
POST https://api.dev.medable.com/your_org_name/v2/accounts/request-password-reset
Request a password reset via email
This endpoint would typically be used when a user is trying to login but cannot remember his/her password. They can simply enter their email address associated with the account (which gets passed into this endpoint) and an email will be automatically generated by Medable with the proper link to set a new password.
Path Parameters
Request Body
200 400
Copy {
"object":"result",
"data":true
}
Copy $.ajax({
url: "https://api.dev.medable.com/example/v2/accounts/request-password-reset",
method: "POST",
dataType : "json",
xhrFields: {
withCredentials: true
},
headers: {
"Medable-Client-Key": "GsAqlhnIMzrDeD8V2MBQWq"
},
data: {
"email": "charles.best@medable.com"
}
}).done(function(data) {
// ...
}); Example:
Request Password Reset gets called
Medable sends the email with a one-time secure reset password token (string)
The user opens that email and clicks a link which has this token as a url parameter
User gets navigated to a Medable web GUI for setting the new password
Update My Password
POST https://api.dev.medable.com/your_org_name/accounts/me/update-password
Update the currently logged in user's password directly through the API
This endpoint would typically be used for a currently logged in user who wants to change his/her password directly from your app without having to go through the email password reset flow.
Path Parameters
Request Body
this is the old (current) password
200 400
Copy {
"object": "result",
"data": {
"fingerprint": "b8342060-e409-11e4-bcc2-c71dd7c9f996",
"secret": "CO6PrBDwrNnXdIizD2LasmNHnpJIw8Xd"
}
}
Copy $.ajax({
url: "https://api.dev.medable.com/example/v2/accounts/me/update-password",
method: "POST",
dataType : "json",
xhrFields: {
withCredentials: true
},
headers: {
"Medable-Client-Key": "GsAqlhnIMzrDeD8V2MBQWq"
},
data: {
"current": "this is not my passphrase",
"password": "correct horse battery staple"
}
}).done(function(data) {
// ...
}); Update Password (Token)
POST https://api.dev.medable.com/your_org_name/accounts/reset-password
This endpoint would typically be used if you wanted to build a custom page that is linked in the email reset.
Path Parameters
Request Body
200 400
Copy {
"object":"result",
"data":true
}
Copy $.ajax({
url: "https://api.dev.medable.com/example/v2/accounts/reset-password",
method: "POST",
dataType : "json",
xhrFields: {
withCredentials: true
},
headers: {
"Medable-Client-Key": "GsAqlhnIMzrDeD8V2MBQWq"
},
data: {
"token": "kPBg3AACpwTzhiOpUTz2i2koJqqot70M",
"password": "here's a new passphrase!"
}
}).done(function(data) {
// ...
}); Verify Email From Token
POST https://api.dev.medable.com/your_org_name/v2/token
Path Parameters
The email verification process generates a token that can be passed in to mark an email as verified.
Copy $.ajax({
url: "https://api.dev.medable.com/example/v2/accounts/lBMSJWtqKVdx8Z888syX6axpCk2j7eYm",
method: "POST",
dataType : "json",
xhrFields: {
withCredentials: true
},
headers: {
"Medable-Client-Key": "GsAqlhnIMzrDeD8V2MBQWq"
}
}).done(function(data) {
// ...
}); Resend Email Verification
POST https://api.dev.medable.com/your_org_name/v2/accounts/me/resend-verification
Path Parameters
200 409
Copy {
"object": "result",
"data": true
}
Copy {
"object":"result",
"data": {
"object": "fault",
"name": "error",
"code": "kExists",
"status": 409,
"reason": "Account already verified"
}
}
Copy $.ajax({
url: "https://api.dev.medable.com/example/v2/accounts/me/resend-verification",
method: "POST",
dataType : "json",
xhrFields: {
withCredentials: true
},
headers: {
"Medable-Client-Key": "GsAqlhnIMzrDeD8V2MBQWq"
}
}).done(function(data) {
// ...
}); Update
PUT https://api.dev.medable.com/your_org_name/v2/accounts/me/resend-verification
To modify a property on an Account object
Path Parameters
Request Body
Copy $.ajax({
url: "https://api.dev.medable.com/example/v2/accounts/586eb9ef64129a5f3631a0ca",
method: "PUT",
dataType : "json",
xhrFields: {
withCredentials: true
},
headers: {
"Medable-Client-Key": "GsAqlhnIMzrDeD8V2MBQWq"
},
data: {
"name": {
"first":"Bob",
"last":"Dole"
}
}
}).done(function(data) {
// ...
});
Due to security reasons, we do not allow modifying of the email address of a given account.
Update
PATCH https://api.dev.medable.com/your_org_name/v2/accounts/account_id
To modify a property on an Account object via PATCH
Path Parameters
Request Body
200 400
Copy {
"_id": "586eb9ef64129a5f3631a0ca",
"access": 6,
"created": "2016-01-05T21:26:07.292Z",
"email": "john@medable.com",
"favorite": false,
"gender": "m",
"inherited_roles": [
"000000000000000000000007",
"000000000000000000000006"
],
"key": {
"fingerprint": "a15aecd0-d394-11e6-9754-5f93dce3d489",
"secret": "fDQEdMnfqxmFvCBtHpl7FWPnxcUTaBOl"
},
"locale": "en_US",
"locked": false,
"mobile": "+12223334444",
"name": {
"first": "John",
"last": "Smith"
},
"object": "account",
"roles": [
"000000000000000000000004",
"587012227d67efea0843fa80"
],
"shared": false,
"state": "verified",
"updated": "2016-06-06T14:01:08.699Z",
"updater": {
"_id": "586eb9ef64129a5f3631a0ca",
"object": "account",
"path": "/accounts/586eb9ef64129a5f3631a0ca"
}
}
Copy $.ajax({
url: "https://api.dev.medable.com/example/v2/accounts/586eb9ef64129a5f3631a0ca",
method: "PATCH",
dataType : "json",
xhrFields: {
withCredentials: true
},
headers: {
"Medable-Client-Key": "GsAqlhnIMzrDeD8V2MBQWq"
},
data: {
"op": "push",
"path": "/roles",
"value": "587012227d67efea0843fa80"
}
}).done(function(data) {
// ...
}); 