# Make your first API request ## Medable API requests To make your first Medable API request, you need to know four things: 1. **The API endpoint:** for example, `api..medable.com/` 2. **The API key:** for example, `mwidxhb8ShcqmV1B9iOYJh` 3. **Authentication credentials:** an email and password 4. **The API client:** a terminal, web, iOS, or Android ## The API endpoint The endpoint for your API requests will look like the following: {% tabs %} {% tab title="HTTP" %} ```bash https://api.dev.medable.com/{{your_org_code}}/v2/{{api_resource}} ``` {% endtab %} {% endtabs %} Where `your_org_code` is the org code you specified when signing up and `api_resource` is the resource you are trying to access, such as an account. And remember, since we're making this request to the development org, we use the api.**dev**.medable.com URL. In our case, we'll use the example org code we used when we made the new app: `newhealthco`. {% hint style="info" %} **Note:** When making requests, use the plural name for `api_resource`. For example, if the resource is `account`, use `accounts` in your endpoint: `https://api.dev.medable.com/newhealthco/v2/accounts` {% endhint %} ## The API key Copy the API key that you generated in the previous step (see [Generate an API key](/getting-started/cortex-user-guide/gen-api-key.md)). In our example, the API key is `mwidxhb8ShcqmV1B9iOYJh`. ## Authentication credentials Because we specified that our app uses sessions, a username and password is needed to authenticate and initiate a user session. For the username, use your email address. In our case, it's `john@newhealthco.com`. For the password, use the password you set when signing up. If you're interested in signature-based authentication, see [Authentication](/getting-started/cortex-user-guide/authentication.md#signature-based-authentication). ## The API client There are a number of tools out there that make it easy to make API requests. One option is Postman and another option is the live API explorer in the API Reference page. In this guide, we'll keep it simple and make our requests from the command line using [curl](https://curl.se/). ### Make a request {% hint style="warning" %} **Note:** This section is written assuming the request is being made through an OSX terminal. {% endhint %} Now that you're ready to make a request, you simply have to issue the command in the form of `curl \[options...\] URL`. Let's give it a shot using the API endpoint: {% tabs %} {% tab title="Request" %} ```bash $ curl https://api.dev.medable.com/newhealthco/v2/accounts ``` {% endtab %} {% tab title="Response" %} ```javascript { "object":"fault", "name":"error", "code":"kNotFound", "status":404, "reason":"Invalid application client api key.", "message":"Resource not found" } ``` {% endtab %} {% endtabs %} {% hint style="info" %} **Tip:** Add `| python -m json.tool`to the end of the curl request to pretty-print the JSON response. {% endhint %} We got a result back! Unfortunately, the result is a fault. This is because we need to pass in a few more options to get the request to work. First, we need to add the API key header. We can do this using the following option: `-H "medable-client-key: mwidxhb8ShcqmV1B9iOYJh"` So let's give that a try: {% tabs %} {% tab title="Request" %} ```bash $ curl -H "medable-client-key: mwidxhb8ShcqmV1B9iOYJh" https://api.dev.medable.com/newhealthco/v2/accounts ``` {% endtab %} {% tab title="Response" %} ```javascript { "object":"list", "data":[ ], "hasMore":false } ``` {% endtab %} {% endtabs %} The fault is gone, but now we get back an unexpected result. Rather than a list of accounts, which should at least have our own account in it, we get an empty result. This is because the Account resource requires authentication to access. If we had tried to access a specific account using an account ID (`575f58281d0c03a53ccc3ac6` in this case), we would receive a `403` error like so: {% tabs %} {% tab title="Request" %} ```bash $ curl -H "medable-client-key: mwidxhb8ShcqmV1B9iOYJh" https://api.dev.medable.com/newhealthco/v2/accounts/575f58281d0c03a53ccc3ac6 ``` {% endtab %} {% tab title="Response" %} ```javascript { "object":"fault", "name":"error", "code":"kAccessDenied", "status":403, "reason":"Read access denied.", "message":"Access to this resource is denied" } ``` {% endtab %} {% endtabs %} So let's authenticate. To log in, we need to `POST` to the login route with our username and password. For more information on the Account resource and the available routes, see the [API documentation on Accounts](https://medable.gitbook.io/cortex/-LlEM5zIUXLGk89rMHaQ/v/master/cortex-api/objects/account). One more thing before we log in. For session-based apps, Medable uses cookies to track the session ID. So we need to enable cookie support in curl. To do this, we pass in the additional options:`-b cookies.txt -c cookies.txt` The first option `-b` reads any existing cookies from cookies.txt and sends with the request. The second option `-c` writes any cookies coming from Medable to cookies.txt. {% tabs %} {% tab title="Request" %} ```bash $ curl -b cookies.txt -c cookies.txt -H "medable-client-key: mwidxhb8ShcqmV1B9iOYJh" -d "email=john@newhealthco.com&password=This is not the password\!" https://api.dev.medable.com/newhealthco/v2/accounts/login ``` {% endtab %} {% tab title="Response" %} ```javascript { "_id":"575f58281d0c03a53ccc3ac6", "object":"account", "created":"2016-06-14T01:04:40.888Z", "updated":"2016-06-14T01:08:06.647Z", "updater":{ "_id":"575f58281d0c03a53ccc3ac6", "object":"account", "path":"/accounts/575f58281d0c03a53ccc3ac6" }, "access":6, "favorite":false, "email":"john@newhealthco.com", "name":{ "first":"John", "last":"Smith" }, "mobile":"+15555555555", "locale":"en_US", "state":"verified", "locked":false, "key":{ "fingerprint":"73ad85a0-31cc-11e6-ba07-3f24c7443557", "secret":"PXXvBvG86sJC2RVk4X6K4FV0OUH7ojzp" }, "roles":[ "000000000000000000000004", "000000000000000000000007", "000000000000000000000006" ], "shared":false } ``` {% endtab %} {% endtabs %} And we've successfully logged in! We know this because after a successful login, we receive our account object in the response. If, instead of a response similar to the above, you receive a fault response that resembles this: ```javascript { "object": "fault", "name": "location", "code": "kNewLocation", "status": 403, "message": "A new location has been added to the account." } ``` This means that two-factor authentication (2FA) has been initiated. Note that the fault could be `kNewLocation`, `kUnverifiedLocation`, or `kLocationClientMismatch`. When this happens, you will receive a verification token via SMS to your mobile number. Once you receive that token, you'll need to authenticate again as well as send along `verificationToken` like so: ```bash curl -b cookies.txt -c cookies.txt -H "medable-client-key: mwidxhb8ShcqmV1B9iOYJh" -d 'email=john@newhealthco.com&password=NotYourPassword&location[verificationToken]=123456' https://api.medable.com/newhealthco/v2/accounts/login ``` For more information on 2FA, see [Two-factor authentication](/getting-started/cortex-user-guide/two-factor-auth.md). Now that we've logged in and have an active session, let's try that account request again. {% tabs %} {% tab title="Request" %} ```bash $ curl -b cookies.txt -c cookies.txt -H "medable-client-key: mwidxhb8ShcqmV1B9iOYJh" -d "email=john@newhealthco.com&password=This is not the password\!" https://api.dev.medable.com/newhealthco/v2/accounts/login ``` {% endtab %} {% tab title="Response" %} ```javascript { "_id":"575f58281d0c03a53ccc3ac6", "object":"account", "created":"2016-06-14T01:04:40.888Z", "updated":"2016-06-14T01:08:06.647Z", "updater":{ "_id":"575f58281d0c03a53ccc3ac6", "object":"account", "path":"/accounts/575f58281d0c03a53ccc3ac6" }, "access":6, "favorite":false, "email":"john@newhealthco.com", "name":{ "first":"John", "last":"Smith" }, "mobile":"+15555555555", "locale":"en_US", "state":"verified", "locked":false, "key":{ "fingerprint":"73ad85a0-31cc-11e6-ba07-3f24c7443557", "secret":"PXXvBvG86sJC2RVk4X6K4FV0OUH7ojzp" }, "roles":[ "000000000000000000000004", "000000000000000000000007", "000000000000000000000006" ], "shared":false } ``` {% endtab %} {% endtabs %} Success! You've made your first API request! --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.medable.com/getting-started/cortex-user-guide/first-api-request.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.