Docs / Get Started / Quickstart

Quickstart

Get from credentials to a live response in under five minutes using only cURL.

1. Get your credentials

API credentials are generated by the clinic's Arzamed administrator from the Equipe Settings → API Keys section of the Arzamed client app. They will share with you:

  • client_id — the public identifier for your integration
  • client_secret — the secret used to obtain access tokens
  • token_url — the OAuth2 token endpoint specific to that clinic's account
⚠ī¸

Treat your client_secret like a password. Never include it in client-side code, mobile apps, or public repositories. Store it in an environment variable or secrets manager.

2. Get an access token

Exchange your credentials for a short-lived bearer token using the OAuth2 client credentials grant. The token URL was provided with your credentials.

cURL
curl -X POST "YOUR_TOKEN_URL" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -u "YOUR_CLIENT_ID:YOUR_CLIENT_SECRET" \
  -d "grant_type=client_credentials&scope=https://api.nextgen.arzamed.com/read"

A successful response returns the bearer token and its expiry:

JSON ¡ 200 OK
{
  "access_token": "eyJraWQiOiJrZXktaWQiLCJhbGciOiJSUzI1NiJ9...",
  "token_type": "Bearer",
  "expires_in": 3600
}

The token is valid for one hour. Cache it and re-request when it expires. See Authentication for details.

3. Make your first API call

List the active practitioners (doctors) for the clinic. Pass the token in the Authorization header:

cURL
curl https://api.nextgen.arzamed.com/api/v1/equipe/doctors \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN"
JSON ¡ 200 OK
[
  {
    "name": "Dr. Marco Bianchi",
    "profileImage": "https://assets.arzamed.com/photos/a1b2c3.jpg"
  },
  {
    "name": "Dr. Sofia Ricci",
    "profileImage": "https://assets.arzamed.com/photos/d4e5f6.jpg"
  }
]
ℹī¸

You do not pass an equipe ID in the URL. The API resolves which clinic your token belongs to automatically. Your credentials can only access the clinic that issued them.

4. Try it in code

The same flow in two common backend languages.

Node.js

JavaScript
const params = new URLSearchParams({
  grant_type: "client_credentials",
  scope: "https://api.nextgen.arzamed.com/read",
});

const tokenRes = await fetch(process.env.ARZAMED_TOKEN_URL, {
  method: "POST",
  headers: {
    "Content-Type": "application/x-www-form-urlencoded",
    Authorization: "Basic " + btoa(
      process.env.ARZAMED_CLIENT_ID + ":" + process.env.ARZAMED_CLIENT_SECRET
    ),
  },
  body: params,
});
const { access_token } = await tokenRes.json();

const res = await fetch("https://api.nextgen.arzamed.com/api/v1/equipe/doctors", {
  headers: { Authorization: `Bearer ${access_token}` },
});
const doctors = await res.json();
console.log(doctors);

Python

Python
import os, requests

token_res = requests.post(
    os.environ["ARZAMED_TOKEN_URL"],
    data={
        "grant_type": "client_credentials",
        "scope": "https://api.nextgen.arzamed.com/read",
    },
    auth=(os.environ["ARZAMED_CLIENT_ID"], os.environ["ARZAMED_CLIENT_SECRET"]),
)
access_token = token_res.json()["access_token"]

doctors = requests.get(
    "https://api.nextgen.arzamed.com/api/v1/equipe/doctors",
    headers={"Authorization": f"Bearer {access_token}"},
).json()
print(doctors)
✅

You're authenticated and reading live data. Next, read the full Authentication page to understand token caching and error handling, or go straight to the Doctors endpoint reference.