Getting Started
Access Control
How API access is scoped across clinics, partners, and admins.
Access control is tenant-first. API requests are evaluated against organization, clinic, partner-account, role, and resource ownership boundaries before returning data.
- Partner endpoints operate inside a partner account boundary.
- Clinic endpoints operate inside a selected clinic or organization boundary.
- Admin endpoints are internal and should not be exposed to external partners.