Search connection-scoped immunizations through the SDK gateway
Returns a FHIR Bundle containing Immunization resources authorized by the presented APP tenant API key with immunization:read scope and the request body's `connectionId`. The gateway enforces APP tenant residency, SpiceDB app-install projection, subject lifecycle capability, resource-type scope, and service-level CVX, sensitivity, and time-window scope before any PHI read is returned. When `statuses` is omitted the platform defaults to `['COMPLETED']`; consumers needing the refusal signal can opt in with `statuses: ['COMPLETED', 'NOT_DONE']`.
/api/sdk/v1/immunizations:searchReturns a FHIR Bundle containing Immunization resources authorized by the presented APP tenant API key with immunization:read scope and the request body's connectionId. The gateway enforces APP tenant residency, SpiceDB app-install projection, subject lifecycle capability, resource-type scope, and service-level CVX, sensitivity, and time-window scope before any PHI read is returned. When statuses is omitted the platform defaults to ['COMPLETED']; consumers needing the refusal signal can opt in with statuses: ['COMPLETED', 'NOT_DONE'].
Authorization
platformApiKey CuraeAI Platform API key using the format Bearer . Keys are opaque credentials such as cae_live_..., not JWTs.
In: header
Request Body
application/json
TypeScript Definitions
Use the request body type in TypeScript.
Response Body
application/problem+json
curl -X POST "https://example.com/api/sdk/v1/immunizations:search" \ -H "Content-Type: application/json" \ -d '{ "connectionId": "84b500d7-71c8-4b1f-adf4-f1eb0000973d" }'{ "resourceType": "Bundle", "type": "searchset", "total": 0, "entry": [ { "fullUrl": "string", "resource": { "resourceType": "Immunization", "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08", "meta": { "source": "string", "tag": [ { "system": "string", "code": "string", "display": "string" } ] }, "status": "completed", "vaccineCode": { "coding": [ { "system": "string", "code": "string", "display": "string" } ], "text": "string" }, "patient": { "reference": "string" }, "occurrenceDateTime": "2019-08-24T14:15:22Z", "manufacturer": { "display": "string" }, "lotNumber": "string" }, "search": { "mode": "match" } } ]}{ "type": "string", "title": "string", "status": 0, "detail": "string", "instance": "string", "code": "string", "details": {}, "retryable": true}Search connection-scoped conditions through the SDK gateway POST
Returns a FHIR Bundle containing Condition resources authorized by the presented APP tenant API key with condition:read scope and the request body's `connectionId`. The gateway enforces APP tenant residency, SpiceDB app-install projection, subject lifecycle capability, resource-type scope, and service-level ICD-10/SNOMED, sensitivity, and time-window scope before any PHI read is returned. When `verificationStatuses` is omitted the platform defaults to `['confirmed']` so the bundle does not surface `entered-in-error` / `refuted` rows by accident.
Ingest a connection-scoped SDK-derived signal POST
Persists an SDK-derived signal under the APP tenant when the presented API key has signal:write scope and the SDK connection allows the requested signal type. Signal payloads are limited to JSON objects no larger than 64 KiB and are validated against the namespace's payload schema (shallow event shape — scalars, shallow arrays/objects of scalars; SDK_SIGNAL_PAYLOAD_SCHEMA_MISMATCH on violation). Payloads MUST NOT contain PHI: no identifiers (names, emails, phone numbers, MRNs, external patient ids), free-text clinical notes, diagnoses, or document content — the subject is identified by the connection, and clinical facts belong on the FHIR surfaces. Requests must include Idempotency-Key for safe retries.