API Reference
The Vantrexia REST API provides programmatic access to every aspect of the Remote Patient Monitoring platform — patient management, vital sign ingestion, billing automation, clinical triage, and FHIR interoperability. All endpoints are secured with JWT authentication, enforce role-based access control, and generate immutable HIPAA audit logs.
Base URL & Versioning
All API requests are made to the following base URL. The API version is embedded in the URL path to ensure backward compatibility as the platform evolves.
https://app.vantrexia.com/api/v1/| Property | Value |
|---|---|
| Base URL | https://app.vantrexia.com/api/v1/ |
| Current Version | v1 |
| Content-Type | application/json |
| Character Encoding | UTF-8 |
| TLS | TLS 1.3 required for all connections |
When running locally with Docker, the base URL is http://localhost:8000/api/v1/. See the Installation Guide for setup instructions.
Authentication
All API endpoints (except login and password reset) require a valid JWT Bearer token in the Authorization header. Tokens are obtained via the Authentication API.
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...| Token Type | Lifetime | Purpose |
|---|---|---|
| Access Token | 15 minutes | Authenticates API requests |
| Refresh Token | 1 day | Obtains new access tokens (rotation + blacklisting) |
Each time you use a refresh token, you receive a new refresh token and the old one is blacklisted. Store the new refresh token immediately — the old one cannot be reused.
Rate Limiting
API requests are rate-limited to protect the platform and ensure fair usage across all clients. Rate limit headers are included in every response.
| Scope | Limit | Window |
|---|---|---|
| Authenticated users | 1,000 requests | Per hour |
| Anonymous | 100 requests | Per hour |
| Auth endpoints | 20 requests | Per minute |
| Webhook endpoints | 500 requests | Per hour |
When the rate limit is exceeded, the API returns a 429 Too Many Requests response with a Retry-After header indicating when you can retry.
HTTP/1.1 429 Too Many Requests
Retry-After: 58
Content-Type: application/json
{
"detail": "Request was throttled. Expected available in 58 seconds.",
"code": "throttled"
}Error Response Format
All error responses follow a consistent JSON structure. The detail field contains a human-readable error message. The optional code field provides a machine-readable error identifier, and field_errors maps field names to their specific validation errors.
{
"detail": "Unable to log in with provided credentials.",
"code": "authentication_failed",
"field_errors": {
"email": ["This field is required."],
"password": ["This field may not be blank."]
}
}| Field | Type | Description |
|---|---|---|
detail |
string |
Human-readable error description |
code |
string |
Machine-readable error code (e.g., authentication_failed, not_found, validation_error) |
field_errors |
object |
Map of field names to arrays of validation error messages (present on 400 responses) |
HTTP Status Codes
| Code | Status | Description |
|---|---|---|
200 |
OK | Request succeeded. Response body contains the requested data. |
201 |
Created | Resource created successfully. Response body contains the new resource. |
204 |
No Content | Request succeeded with no response body (e.g., DELETE operations). |
400 |
Bad Request | Validation error. Check field_errors for details. |
401 |
Unauthorized | Missing, expired, or invalid authentication token. |
403 |
Forbidden | Authenticated but insufficient permissions for this action. |
404 |
Not Found | The requested resource does not exist. |
429 |
Too Many Requests | Rate limit exceeded. See Retry-After header. |
500 |
Internal Server Error | Unexpected server error. Contact support if persistent. |
Pagination
All list endpoints return paginated results using the following envelope format. The default page size is 20 items, configurable via the page_size query parameter (max 100).
{
"count": 142,
"next": "https://app.vantrexia.com/api/v1/patients/?page=2",
"previous": null,
"results": [
{ "id": "d290f1ee-6c54-4b01-90e6-d701748f0851", "first_name": "Jane", "last_name": "Doe", "active": true },
{ "id": "e4b8c7a6-3f52-4d91-b8e5-a1c2d3e4f5a6", "first_name": "John", "last_name": "Smith", "active": true }
]
}| Field | Type | Description |
|---|---|---|
count |
integer |
Total number of items across all pages |
next |
string | null |
URL for the next page of results, or null if on the last page |
previous |
string | null |
URL for the previous page, or null if on the first page |
results |
array |
Array of resource objects for the current page |
Use ?page=2 to navigate pages and ?page_size=50 to control results per page. Maximum page size is 100.
Endpoint Groups
The API is organized into six endpoint groups. Click any card below to view the complete endpoint documentation with request/response examples.
Login, token refresh, registration, password management, two-factor authentication, and role management. JWT-based with 15-minute access tokens and 1-day rotating refresh tokens.
Full CRUD for patient records with AES-256 field-level encryption, FHIR R4 compliance, archive/unarchive workflows, and eClinicalWorks import capabilities.
Vital sign ingestion for blood pressure, weight, and other device readings. Automatic validation, FHIR transformation, and processing pipeline to eClinicalWorks.
Billing entry management, CPT code based claims, revenue reports, payer management, claims exports, and ICD-10 code lookups for automated RPM billing.
Risk-scored triage dashboard, escalation management, vital sign alerts, patient threshold configuration, and clinical audit trail for exception-based monitoring.
FHIR R4 Observation resources, transformation endpoints, eClinicalWorks transmission, transmission logs, and service health for healthcare interoperability.
Quick Example
Here is a complete example showing the typical API workflow — authenticate, then fetch a paginated patient list:
1. Obtain an access token
/api/v1/auth/login/
curl -X POST https://app.vantrexia.com/api/v1/auth/login/ \
-H "Content-Type: application/json" \
-d '{
"email": "clinician@practice.com",
"password": "SecureP@ss123"
}'// Response 200 OK
{
"access": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"refresh": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"user": {
"id": 1,
"email": "clinician@practice.com",
"first_name": "Sarah",
"last_name": "Johnson",
"role": "provider"
}
}2. Fetch patients
/api/v1/patients/?page=1&page_size=10
curl https://app.vantrexia.com/api/v1/patients/?page=1&page_size=10 \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..."// Response 200 OK
{
"count": 87,
"next": "https://app.vantrexia.com/api/v1/patients/?page=2&page_size=10",
"previous": null,
"results": [
{
"id": "d290f1ee-6c54-4b01-90e6-d701748f0851",
"first_name": "Jane",
"last_name": "Doe",
"mrn": "MRN-00001",
"active": true,
"date_of_birth": "1958-03-15",
"created_at": "2026-01-10T14:30:00Z"
}
]
}