DermaConsent Docs

Appearance

API Endpoints

All backend endpoints are prefixed with /api. Protected endpoints require a JWT Authorization: Bearer <token> header.

Authentication

MethodPathAuthDescription
POST/api/auth/registerNoRegister with email + password
POST/api/auth/loginNoLogin with credentials
POST/api/auth/syncSpecialOAuth user sync (requires x-auth-secret header)

Auth endpoints are rate-limited to 5 requests per 60 seconds.

MethodPathRolesDescription
POST/api/consentADMIN, ARZTCreate a consent form
GET/api/consent/practiceADMIN, ARZTList practice consent forms
PATCH/api/consent/:token/revokeADMIN, ARZTRevoke a consent form
GET/api/consent/:tokenPublicGet consent form by token
POST/api/consent/:token/submitPublicSubmit consent (encrypted)

Patients

MethodPathRolesDescription
GET/api/patientsADMIN, ARZTList all patients
GET/api/patients/:idADMIN, ARZTGet patient by ID
POST/api/patientsADMIN, ARZTCreate a patient
GET/api/patients/lookup/:hashADMIN, ARZTFind patient by lookup hash
DELETE/api/patients/:idADMINDelete a patient

Practice

MethodPathRolesDescription
POST/api/practiceAuthenticatedCreate a practice
GET/api/practiceAuthenticatedGet practice details

Team

MethodPathRolesDescription
GET/api/team/membersADMINList team members
POST/api/team/inviteADMINSend team invite
DELETE/api/team/members/:userIdADMINRemove team member
PATCH/api/team/members/:userId/roleADMINChange member role
GET/api/team/invite/:tokenPublicGet invite details
POST/api/team/invite/:token/acceptPublicAccept team invite

Billing

MethodPathRolesDescription
GET/api/billing/subscriptionADMINGet subscription details
POST/api/billing/checkoutADMINCreate Stripe checkout session
POST/api/billing/portalADMINCreate Stripe portal session
POST/api/billing/webhookPublicStripe webhook handler

Audit

MethodPathRolesDescription
GET/api/auditADMINList audit logs (filterable by action, date range)
GET/api/audit/exportADMINExport audit logs as CSV
POST/api/audit/vault-eventAuthenticatedLog vault lock/unlock event

Analytics

MethodPathRolesDescription
GET/api/analytics/overviewADMIN, ARZTDashboard overview
GET/api/analytics/by-typeADMIN, ARZTAnalytics by consent type
GET/api/analytics/by-periodADMIN, ARZTAnalytics by time period
GET/api/analytics/conversionADMIN, ARZTConversion metrics
GET/api/analytics/revenueADMINRevenue metrics

Settings

MethodPathRolesDescription
GET/api/settingsADMINGet practice settings
PATCH/api/settingsADMINUpdate practice settings
POST/api/settings/logoADMINUpload practice logo
DELETE/api/settings/logoADMINDelete practice logo

Photos

MethodPathRolesDescription
POST/api/photosADMIN, ARZTUpload photo (encrypted)
GET/api/photos/patient/:patientIdADMIN, ARZTList photos by patient
GET/api/photos/:idADMIN, ARZTGet photo details
GET/api/photos/:id/downloadADMIN, ARZTDownload encrypted photo
DELETE/api/photos/:idADMIN, ARZTDelete photo
PATCH/api/photos/:id/consentADMIN, ARZTUpdate photo consent status

Treatment Plans

MethodPathRolesDescription
POST/api/treatment-plansADMIN, ARZTCreate treatment plan
GET/api/treatment-plans/patient/:patientIdADMIN, ARZTList plans by patient
GET/api/treatment-plans/:idADMIN, ARZTGet treatment plan
PATCH/api/treatment-plans/:idADMIN, ARZTUpdate treatment plan
DELETE/api/treatment-plans/:idADMIN, ARZTDelete treatment plan

Treatment Templates

MethodPathRolesDescription
GET/api/treatment-templatesADMIN, ARZTList templates
POST/api/treatment-templatesADMIN, ARZTCreate template
PATCH/api/treatment-templates/:idADMIN, ARZTUpdate template
DELETE/api/treatment-templates/:idADMIN, ARZTDelete template

GDT Export

MethodPathRolesDescription
POST/api/gdt/generateAuthenticatedGenerate GDT consent record file

DSGVO-konforme digitale Einwilligungen

Copyright 2025-present DermaConsent