Skip to main content
API access uses two credentials together:
  • API Key Identifies the integrating system. Provided by the medWrite team during onboarding and sent as a request header.
  • Bearer Token Identifies the authenticated user. Obtained by calling the login endpoint with valid user credentials and the API key. The token is then sent in the Authorization header on all subsequent requests.
The login endpoint returns a bearer token and an expiration timestamp. The integrating system should track expiry and re-authenticate before the token expires to avoid interruption. A validation endpoint is available to check whether a token is still valid without making a data request.
For the login endpoint, credentials, and API key, contact the medWrite team.

Best practices

  • Store tokens securely; never expose them in client-side code or logs.
  • Do not share tokens across user sessions.
  • Re-authenticate proactively when the token is close to expiry.

Next steps

Embedded Authentication

Embed MedWrite in your EHR.

Get Approved Outputs

Retrieve approved letters (FHIR Bundle).