Skip to main content

Introduction

The OdontologyApp API is a RESTful API built with SvelteKit that provides programmatic access to dental clinic management features. The API enables you to manage patients, appointments, treatments, inventory, and administrative functions.

Base URL

All API requests are made to endpoints under the /api path: 
http://your-server-ip:port/api
For example, in local development: 
http://localhost:5173/api

Request Format

All API requests must:
  • Use the appropriate HTTP method (GET, POST, PUT, PATCH, DELETE)
  • Send JSON payloads for POST, PUT, and PATCH requests
  • Include the Content-Type: application/json header for requests with a body
  • Include authentication cookies (session-based authentication)

Example Request

curl -X POST http://localhost:5173/api/patients \
  -H "Content-Type: application/json" \
  -H "Cookie: session=your-session-cookie" \
  -d '{
    "first_name": "Juan",
    "last_name": "Pérez",
    "cedula": "1234567890"
  }'

Response Format

All API responses are returned in JSON format with the following structure:

Successful Response

{
  "success": true,
  "data": {
    // Response data here
  }
}

Error Response

{
  "message": "Error description",
  "code": "ERROR_CODE"
}
See Error Handling for detailed information about error responses.

Available Endpoints

The API is organized into the following resource groups:

Authentication

  • POST /api/auth/login - User login
  • DELETE /api/auth/login - User logout

Patients

  • GET /api/patients - List patients
  • POST /api/patients - Create patient
  • GET /api/patients/[id] - Get patient details
  • PUT /api/patients/[id] - Update patient
  • DELETE /api/patients - Delete patient

Appointments

  • GET /api/appointments - List appointments
  • POST /api/appointments - Create appointment
  • GET /api/appointments/[id] - Get appointment details
  • PUT /api/appointments/[id] - Update appointment
  • DELETE /api/appointments/[id] - Delete appointment
  • GET /api/appointments/reminders - Get appointment reminders

Treatments

  • GET /api/treatments - List available treatments/services
  • POST /api/treatments - Create treatment (admin only)
  • PUT /api/treatments - Update treatment (admin only)
  • DELETE /api/treatments - Delete treatment (admin only)

Inventory

  • GET /api/inventory - List inventory items
  • POST /api/inventory - Create inventory item
  • PATCH /api/inventory - Update stock levels

Dashboard

  • GET /api/dashboard/stats - Get dashboard statistics
  • GET /api/dashboard/alerts - Get system alerts

Administrative

  • GET /api/users - List users (admin only)
  • GET /api/branches - List clinic branches
  • GET /api/doctors - List doctors
  • GET /api/logs - Get system logs (admin only)
  • GET /api/reports/debts - Get debt reports

Security

  • GET /api/admin/security/my-permissions - Get current user permissions
  • GET /api/admin/security/permissions - List all permissions (admin only)

AI & Analytics

  • POST /api/ai/suggest - Get AI treatment suggestions
  • GET /api/analytics - Get analytics data

Rate Limiting

Currently, there is no rate limiting implemented on the API. However, it is recommended to implement reasonable request rates to avoid overwhelming the server.

Pagination

Most list endpoints do not implement pagination by default. All results are returned in a single response. For endpoints that support filtering, use query parameters: 
GET /api/patients?query=search-term

Filtering and Query Parameters

Many endpoints accept query parameters for filtering:
query
string
Search term for filtering results (used in patients, etc.)
date
string
Date filter in ISO format (YYYY-MM-DD) for appointments
doctor_id
string
Filter by doctor ID (use “all” for all doctors)
branch_id
string
Filter by branch ID (use “all” for all branches)
status
string
Filter by status (e.g., “pending”, “completed”, “all”)

Permissions System

The API implements a role-based permission system:
  • Admin: Full access to all endpoints
  • Doctor: Access to patient and clinical data
  • Receptionist: Access to appointments and basic patient info
  • User: Limited access based on assigned permissions
Each endpoint checks for specific permissions (e.g., VIEW_PATIENTS, CREATE_PATIENTS, MANAGE_INVENTORY). See Authentication for more details.

Data Types

Common data types used throughout the API:
  • Dates: ISO 8601 format (YYYY-MM-DD or YYYY-MM-DDTHH:mm:ss.sssZ)
  • IDs: Integer primary keys
  • UUIDs: String format for patient unique identifiers
  • Prices: Decimal numbers (e.g., 150.00)
  • Booleans: Standard JSON boolean (true/false)

Next Steps

Authentication

Learn how to authenticate API requests

Error Handling

Understand error responses and status codes

Build docs developers (and LLMs) love

Get started for freeTalk to us