CuraeAI Developers
API referencePlatform Patients

Retrieve a Platform patient profile

Retrieves the patient profile resource visible to the API key. The route enforces, in order: API-key scope (`patient:read`), Platform authorization (SpiceDB tuple-constraint resolution), tenant membership, and an RLS-backed Prisma read. Authorization-layer denials — including cross-tenant access attempts — surface as `403 PLATFORM_ACCESS_DENIED` with a uniform message that does not reveal whether the patient exists in another tenant. Resources that pass authorization but are absent from the caller's tenant via the RLS-backed read resolve as `404 NOT_FOUND`. See `Docs/architecture/PLATFORM_API_ARCHITECTURE.md` §7.4 for the tenant-leak-safe error contract.

GET/api/platform/v1/patients/{id}

Retrieves the patient profile resource visible to the API key. The route enforces, in order: API-key scope (patient:read), Platform authorization (SpiceDB tuple-constraint resolution), tenant membership, and an RLS-backed Prisma read. Authorization-layer denials — including cross-tenant access attempts — surface as 403 PLATFORM_ACCESS_DENIED with a uniform message that does not reveal whether the patient exists in another tenant. Resources that pass authorization but are absent from the caller's tenant via the RLS-backed read resolve as 404 NOT_FOUND. See Docs/architecture/PLATFORM_API_ARCHITECTURE.md §7.4 for the tenant-leak-safe error contract.

Authorization

platformApiKey
AuthorizationBearer <token>

CuraeAI Platform API key using the format Bearer . Keys are opaque credentials such as cae_live_..., not JWTs.

In: header

Path Parameters

id*string

Patient identifier.

Header Parameters

If-None-Match?string

Optional weak or strong entity tag. Matching validators return 304 Not Modified.

Response Body

application/json

application/problem+json

curl -X GET "https://example.com/api/platform/v1/patients/497f6eca-6276-4993-bfeb-53cbbbba6f08"
{  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",  "resourceType": "Patient",  "givenName": "string",  "familyName": "string",  "birthDate": "2019-08-24",  "sex": "string",  "email": "user@example.com",  "phoneNumber": "string",  "preferredLanguage": "string",  "createdAt": "2019-08-24T14:15:22Z",  "updatedAt": "2019-08-24T14:15:22Z",  "_version": "string",  "_links": {    "self": {      "href": "string"    }  }}
Empty
{  "type": "string",  "title": "string",  "status": 0,  "detail": "string",  "instance": "string",  "code": "string",  "details": {},  "retryable": true}

API reference

The complete, authoritative Platform API reference — generated from the OpenAPI specification.

List Platform webhook endpoints GET

Lists non-deleted webhook endpoints owned by the API key's customer account, sorted by `createdAt DESC, id DESC` (newest first), with forward-only cursor pagination as specified in `PLATFORM_API_ARCHITECTURE.md §10`.