Authentication
The Jump EHR API uses API keys to authenticate requests. You can create and manage your API keys in the Jump EHR dashboard.
API Keys
All API requests require a valid API key passed in the Authorization header:
Authorization: Bearer pk_live_your_api_keyKey Types
Jump EHR provides two types of API keys:
| Type | Prefix | Purpose |
|---|---|---|
| Test | pk_test_ | Development and testing. Uses sandbox data. |
| Live | pk_live_ | Production use. Accesses real patient data. |
⚠️
Live API keys provide access to real patient data. Only use them in secure server-side environments.
Creating API Keys
- Log in to your Jump EHR dashboard
- Navigate to Settings > API Keys
- Click Create API Key
- Enter a descriptive name (e.g., "Production Backend", "Development")
- Select the mode (Test or Live)
- Choose the required scopes
- Click Create
Your API key will only be displayed once. Copy it immediately and store it securely.
Revoking Keys
You can revoke an API key at any time from the dashboard. Revoked keys will immediately stop working for all API requests.
Authentication Example
curl -X GET "https://app.usejump.co.uk/functions/v1/api-v1/patients" \
-H "Authorization: Bearer pk_live_your_api_key" \
-H "Content-Type: application/json"JavaScript
const response = await fetch(
'https://app.usejump.co.uk/functions/v1/api-v1/patients',
{
headers: {
'Authorization': 'Bearer pk_live_your_api_key',
'Content-Type': 'application/json'
}
}
);Python
import requests
response = requests.get(
'https://app.usejump.co.uk/functions/v1/api-v1/patients',
headers={
'Authorization': 'Bearer pk_live_your_api_key',
'Content-Type': 'application/json'
}
)Scopes
API keys are assigned scopes that control which resources they can access. Request only the scopes your application needs.
Clinical Data Scopes
| Scope | Description |
|---|---|
read_patients | View patient records and demographics |
write_patients | Create and update patient records |
read_consultations | View consultation records |
write_consultations | Create and update consultations |
read_problems | View patient problems and diagnoses |
write_problems | Create and update problems |
read_appointments | View appointment records |
write_appointments | Create and update appointments |
read_documents | View patient documents |
write_documents | Upload and update documents |
read_prescriptions | View prescription records |
write_prescriptions | Create and update prescriptions |
Marketplace Scopes
| Scope | Description |
|---|---|
read_appointment_types | View available appointment types |
read_clinicians | View clinician profiles |
read_locations | View practice locations |
read_availability | Query scheduling availability |
write_holds | Create and manage appointment holds |
Authentication Errors
| Status Code | Error | Description |
|---|---|---|
401 | Unauthorized | Missing or invalid API key |
403 | Forbidden | Valid key but insufficient scopes |
Error Response
{
"error": "Unauthorized",
"details": "Invalid or missing API key",
"request_id": "req_abc123"
}Security Best Practices
Following these practices helps protect your API keys and patient data.
- Never expose keys in client-side code - API keys should only be used in server-side applications
- Use environment variables - Store keys in environment variables, not in source code
- Rotate keys regularly - Create new keys periodically and revoke old ones
- Use minimal scopes - Only request the scopes your application actually needs
- Monitor usage - Review API logs for unexpected activity
- Use test keys for development - Only use live keys in production environments
Next Steps
- Learn about Rate Limits and usage quotas
- Explore the API Reference for endpoint details
- Set up Webhooks for real-time notifications