Getting Started
API overview
How Affinity API access is organized across partners, clinics, sourcing, and eRx.
The Affinity API exposes partner, clinic, sourcing, and eRx workflows through typed HTTP endpoints. Use these docs to understand authentication, tenant boundaries, and the generated endpoint reference.
Authentication
Affinity supports bearer-token authentication for API clients. Partner and clinic surfaces should send the token in the Authorization header as `Bearer <token>`.
- Use partner-scoped credentials for partner order and catalog workflows.
- Use clinic or user-scoped access for clinic-owned patient, prescription, and sourcing workflows.
- Do not expose secret tokens in browser code, public repositories, logs, or support screenshots.
Access boundaries
Every endpoint is scoped by the authenticated organization, partner account, clinic, or user. If a token cannot access a clinic, partner account, or prescription, the API should return a typed authorization error instead of leaking resource details.
Rate limits
Treat API traffic as operational clinical traffic. Batch synchronization, catalog indexing, and webhook retries should use bounded concurrency and backoff. Higher-volume partner limits should be agreed during onboarding.