Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/bentlyy/Clinica/llms.txt

Use this file to discover all available pages before exploring further.

Patients are the primary users of Clinica. They register themselves, browse available doctors, book appointments in open time slots, and can cancel bookings they no longer need. The patient role is stored as user in the database and is assigned automatically to every self-registered account — no admin action is required to get started.

Full patient workflow

The steps below walk through the complete patient journey using curl examples.

Step 1: Register an account

POST /api/auth/register
Content-Type: application/json

curl -X POST http://localhost:3000/api/auth/register \
  -H "Content-Type: application/json" \
  -d '{
    "email": "lucia.perez@example.com",
    "password": "securepassword"
  }'
The new account receives role: user automatically. No extra configuration needed.

Step 2: Log in

POST /api/auth/login
Content-Type: application/json

curl -X POST http://localhost:3000/api/auth/login \
  -H "Content-Type: application/json" \
  -d '{
    "email": "lucia.perez@example.com",
    "password": "securepassword"
  }'
The response includes a token. Use it as Authorization: Bearer <token> in all subsequent requests.

Step 3: Browse doctors (no auth required)

GET /api/doctors/public
This endpoint is public — no token needed. Patients can browse the doctor roster before logging in. 
curl http://localhost:3000/api/doctors/public

Step 4: Check available slots

GET /api/bookings/available-slots
Authorization: Bearer <token>
Returns open appointment slots. Use query parameters to filter by doctor or date (see the API reference for supported parameters). 
curl "http://localhost:3000/api/bookings/available-slots?doctor_id=3" \
  -H "Authorization: Bearer <patient_token>"

Step 5: Book an appointment

POST /api/bookings
Authorization: Bearer <token>
Content-Type: application/json

curl -X POST http://localhost:3000/api/bookings \
  -H "Authorization: Bearer <patient_token>" \
  -H "Content-Type: application/json" \
  -d '{
    "doctor_id": 3,
    "date": "2026-05-10",
    "time": "09:00",
    "duration": 30
  }'

Step 6: View your bookings

GET /api/bookings/me
Authorization: Bearer <token>
Returns all bookings for the authenticated patient. 
curl http://localhost:3000/api/bookings/me \
  -H "Authorization: Bearer <patient_token>"

Step 7: Cancel a booking

DELETE /api/bookings/:id
Authorization: Bearer <token>
Cancels a specific booking by its ID. 
curl -X DELETE http://localhost:3000/api/bookings/17 \
  -H "Authorization: Bearer <patient_token>"

Access control

Most patient endpoints require a valid JWT but do not check for a specific role — any authenticated user can call POST /api/bookings, GET /api/bookings/me, and DELETE /api/bookings/:id. The exception is GET /api/doctors/public, which requires no authentication at all.
Patients cannot access doctor-only endpoints such as GET /api/bookings/doctor or POST /api/availability. Those routes are restricted to accounts with the doctor role and will return 403 Forbidden for patient tokens.

Build docs developers (and LLMs) love

Get started for freeTalk to us