Make your first API request

Medable API requests

To make your first Medable API request, you need to know four things:

  1. The API endpoint: for example, api.<env><org_code>

  2. The API key: for example, mwidxhb8ShcqmV1B9iOYJh

  3. Authentication credentials: an email and password

  4. The API client: a terminal, web, iOS, or Android

The API endpoint

The endpoint for your API requests will look like the following:{{your_org_code}}/v2/{{api_resource}}

Where your_org_code is the org code you specified when signing up and api_resource is the resource you are trying to access, such as an account. And remember, since we're making this request to the development org, we use the URL.

In our case, we'll use the example org code we used when we made the new app: newhealthco.

Note: When making requests, use the plural name for api_resource. For example, if the resource is account, use accounts in your endpoint:

The API key

Copy the API key that you generated in the previous step (see Generate an API key). In our example, the API key is mwidxhb8ShcqmV1B9iOYJh.

Authentication credentials

Because we specified that our app uses sessions, a username and password is needed to authenticate and initiate a user session.

For the username, use your email address. In our case, it's For the password, use the password you set when signing up.

If you're interested in signature-based authentication, see Authentication.

The API client

There are a number of tools out there that make it easy to make API requests. One option is Postman and another option is the live API explorer in the API Reference page. In this guide, we'll keep it simple and make our requests from the command line using curl.

Make a request

Note: This section is written assuming the request is being made through an OSX terminal.

Now that you're ready to make a request, you simply have to issue the command in the form of curl \[options...\] URL. Let's give it a shot using the API endpoint:

$ curl

Tip: Add | python -m json.toolto the end of the curl request to pretty-print the JSON response.

We got a result back! Unfortunately, the result is a fault.

This is because we need to pass in a few more options to get the request to work. First, we need to add the API key header. We can do this using the following option:

-H "medable-client-key: mwidxhb8ShcqmV1B9iOYJh"

So let's give that a try:

$ curl -H "medable-client-key: mwidxhb8ShcqmV1B9iOYJh"

The fault is gone, but now we get back an unexpected result. Rather than a list of accounts, which should at least have our own account in it, we get an empty result.

This is because the Account resource requires authentication to access. If we had tried to access a specific account using an account ID (575f58281d0c03a53ccc3ac6 in this case), we would receive a 403 error like so:

$ curl -H "medable-client-key: mwidxhb8ShcqmV1B9iOYJh"

So let's authenticate. To log in, we need to POST to the login route with our username and password. For more information on the Account resource and the available routes, see the API documentation on Accounts.

One more thing before we log in. For session-based apps, Medable uses cookies to track the session ID. So we need to enable cookie support in curl. To do this, we pass in the additional options:-b cookies.txt -c cookies.txt

The first option -b reads any existing cookies from cookies.txt and sends with the request. The second option -c writes any cookies coming from Medable to cookies.txt.

$ curl -b cookies.txt -c cookies.txt -H "medable-client-key: mwidxhb8ShcqmV1B9iOYJh" -d " is not the password\!"

And we've successfully logged in! We know this because after a successful login, we receive our account object in the response.

If, instead of a response similar to the above, you receive a fault response that resembles this:

   "object": "fault",
   "name": "location",
   "code": "kNewLocation",
   "status": 403,
   "message": "A new location has been added to the account."

This means that two-factor authentication (2FA) has been initiated. Note that the fault could be kNewLocation, kUnverifiedLocation, or kLocationClientMismatch.

When this happens, you will receive a verification token via SMS to your mobile number. Once you receive that token, you'll need to authenticate again as well as send along verificationToken like so:

curl -b cookies.txt -c cookies.txt -H "medable-client-key: mwidxhb8ShcqmV1B9iOYJh" -d '[verificationToken]=123456'

For more information on 2FA, see Two-factor authentication.

Now that we've logged in and have an active session, let's try that account request again.

$ curl -b cookies.txt -c cookies.txt -H
"medable-client-key: mwidxhb8ShcqmV1B9iOYJh"
-d " is not the password\!"

Success! You've made your first API request!

Last updated