MENU navbar-image

Introduction

This documentation aims to provide all the information you need to work with our API.

Authenticating requests

To authenticate requests, include an Authorization header with the value "Bearer {ACCESS_TOKEN}".

All authenticated endpoints are marked with a requires authentication badge in the documentation below.

Token based authentication

You can retrieve your access token by calling api/login endpoint.

Access tokens are valid 7 days, then expire. You can obtain new access token with expiring access token by calling /api/token/refresh. You can only refresh still valid tokens, otherwise new request to api/login will be required.

Cookie based authentication

You can also authenticate using cookie-based sessions. Before calling any other endpoints you have to obtain XSRF cookie by hitting /sanctum/csrf-cookie endpoint. In return you receive XSRF-TOKEN cookie, which content you have to attach to each request as X-XSRF-TOKEN header.

Then call /login endpoint. When your authenticated session is created, call any endpoint using X-XSRF-TOKEN header.

Multi-Factor Authorization (MFA)

User can protect its account setting up the MFA as email or one-time passwords (OTP). If mfa_enabled is set to 1 and mfa_method is set to any of email or otp values, user will have to use preferred method as second factor on login.

If mfa_method is email, API will automatically send MFA code to user's email inbox.

Most of API endpoints are secured with additional layer and cannot be properly called without this second-factor authorization done. Instead of endpoint response API will reply with message "MFA is required for this request." and HTTP code 401 Unauthorized. That means user did not successfully authorized itself with second-factor.

Multi-Factor Authorization (MFA) - Remember Session

The user has the option to remember their device, which means they won't have to enter the MFA code for 30 days. If using a Token based authentication, you need to add a header named X-MFA-Session-Token with the value {mfa_token} obtained from the /verify endpoint.

Appendix A. Laravel validation rules

List of validation codes returned for Laravel's built-in validation rules:

Code
Description
MUST_BE_ACCEPTED
The field must be accepted. Value must be one of: 1, true, "yes" or "on".
MUST_BE_ACCEPTED_IF:other:value
The field must be accepted if other field equals to value. Accepted values are the same as in MUST_BE_ACCEPTED.
MUST_BE_ACTIVE_URL
The field must be an active URL address with a valid A or AAAA record according to the dns_get_record PHP function.
MUST_BE_AFTER:date
The field must be a date that is after a specified date.
MUST_BE_AFTER_OR_EQUAL:date
The field must be a date that is after or equal to a specified date.
MUST_CONTAIN_ONLY_LETTERS
The field must contain only letters.
MUST_CONTAIN_ONLY_LETTERS_NUMBERS_DASHES_UNDERSCORES
The field must contain only letters, numbers, dashes and underscores.
MUST_CONTAIN_ONLY_LETTERS_NUMBERS
The field must contain only letters and numbers.
MUST_BE_ARRAY
The field must be an array.
MUST_BE_BEFORE:date
The field must be a date that is before a specified date.
MUST_BE_BEFORE_OR_EQUAL:date
The field must be a date that is before or equal to a specified date.
BETWEEN:NUMBERS:min:max
The field must be a number between min and max.
BETWEEN:FILE_KB:min:max
The field must be a file with a size between min and max KB.
BETWEEN:STRING_LENGTH:min:max
The field must be a string with a length between min and max.
BETWEEN:ARRAY_COUNT:min:max
The field must be an array with between min and max elements.
MUST_BE_BOOLEAN
The field must be a boolean. Accepted values include: true, false, 1, 0, "1" and "0".
MUST_BE_CONFIRMED
The field must have a matching confirmation field named {field}_confirmation.
MUST_BE_CURRENT_PASSWORD
The field must match the authenticated user's current password.
MUST_BE_DATE
The field must be a valid date according to the strtotime PHP function.
MUST_EQUAL_DATE:date
The field must be a date equal to the specified date.
MUST_BE_DATE_FORMAT:format
The field must match the given date format.
MUST_BE_DIFFERENT:other
The field must have a different value than the field named other.
MUST_HAVE_DIGITS:digits
The field must be numeric and contain exactly digits digits.
MUST_HAVE_DIGITS_BETWEEN:min:max
The field must be numeric and contain between min and max digits.
INVALID_IMAGE_DIMENSIONS
The uploaded image has invalid dimensions.
MUST_BE_DISTINCT
The field's values must not contain any duplicates.
MUST_BE_EMAIL
The field must be a valid email address.
MUST_END_WITH:value
The field must end with value.
MUST_EXIST:table.column
The field's value must already exist in the specified database table and column.
MUST_BE_FILE
The field must be a file.
MUST_HAVE_A_VALUE
The field must have a non-empty value.
GREATER_THAN:NUMBER:value
The field must be numeric and greater than value.
GREATER_THAN:FILE_KB:value
The field must be a file with a size greater than value KB.
GREATER_THAN:STRING_LENGTH:value
The field must be a string with a length greater than value.
GREATER_THAN:ARRAY_COUNT:value
The field must be an array with have more than value elements.
GREATER_THAN_OR_EQUALS:NUMBER:value
The field must be numeric and greater than or equal to value.
GREATER_THAN_OR_EQUALS:FILE_KB:value
The field must be a file with a size greater than or equal to value KB.
GREATER_THAN_OR_EQUALS:STRING_LENGTH:value
The field must be a string with a length greater than or equal to value.
GREATER_THAN_OR_EQUALS:ARRAY_COUNT:value
The field must be an array with at least value elements.
MUST_BE_IMAGE
The field must be an image.
MUST_BE_IN:values
The field value must be on of the values list.
MUST_BE_IN_ARRAY:other
The field's value must exist in the other field values.
MUST_BE_INTEGER
The field must be an integer.
MUST_BE_IP_ADDRESS
The field must be a valid IP address.
MUST_BE_IPV4_ADDRESS
The field must be a valid IPv4 address.
MUST_BE_IPV6_ADDRESS
The field must be a valid IPv6 address.
MUST_BE_JSON
The field must contain valid JSON.
LESS_THAN:NUMBER:value
The field must be numeric and less than value.
LESS_THAN:FILE_KB:value
The field must be a file with a size less than value KB.
LESS_THAN:STRING_LENGTH:value
The field must be a string with a length less than value.
LESS_THAN:ARRAY_COUNT:value
The field must be an array with fewer than value elements.
LESS_THAN_OR_EQUALS:NUMBER:value
The field must be numeric and less than or equal to value.
LESS_THAN_OR_EQUALS:FILE_KB:value
The field must be a file with a size less than or equal to value KB.
LESS_THAN_OR_EQUALS:STRING_LENGTH:value
The field must be a string with a length less than or equal to value.
LESS_THAN_OR_EQUALS:ARRAY_COUNT:value
The field must be an array with no more than value elements.
MAXIMUM:NUMBER:value
The field must be numeric and must not exceed the value.
MAXIMUM:FILE_KB:value
The field must be a file with a size no greater than value KB.
MAXIMUM:STRING_LENGTH:value
The field must be a string with a maximum length equal to value.
MAXIMUM:ARRAY_COUNT:value
The field must be an array with no more than value elements.
MUST_BE_MIME_OF:values
The field must be a file with one of the given file extensions, for example: pdf, png, mpeg.
Note that the rule uses file extensions, but Laravel internally verifies the actual MIME type using the file's contents.
MUST_BE_MIMETYPE_OF:values
The field must be a file matching one of the specified MIME types, such as: application/pdf, image/png, video/mpeg.
MINIMUM:NUMBER:min
The field must be numeric and at least value.
MINIMUM:FILE_KB:min
The field must be a file with a size of at least value KB.
MINIMUM:STRING_LENGTH:min
The field must be a string with a minimum length equal to value.
MINIMUM:ARRAY_COUNT:min
The field must be an array with at least value elements.
MUST_BE_MULTIPLE_OF:value
The field must be multiple of value.
MUST_NOT_BE_IN:values
The field's value must not be on of the values list. This is the opposite of MUST_BE_IN rule.
INVALID_FORMAT
The field does not match the given regular expression.
MUST_BE_NUMERIC
The field must be numeric.
MUST_BE_PRESENT
The field must be present, but can be empty.
REQUIRED
The field must be present and not empty.
Field is considered empty if its value is null, an empty string, an empty array or a file input with no file uploaded.
REQUIRED_IF:other:value
The field must be present and not empty if other field is equal to value.
REQUIRED_UNLESS:other:values
The field must be present and not empty unless other field is equal to value.
REQUIRED_WITH:values
The field must be present and not empty if any of the fields in values are present and not empty.
REQUIRED_WITH_ALL:values
The field must be present and not empty if all of the fields in values are present and not empty.
REQUIRED_WITHOUT:values
The field must be present and not empty if any of the fields in values are not present or empty.
REQUIRED_WITHOUT_ALL:values
The field must be present and not empty if all of the fields in values are not present or empty.
PROHIBITED
The field must be empty or not present in the request.
PROHIBITED_IF:other:value
The field must be empty or not present if other field is equal to value.
PROHIBITED_UNLESS:other:value
The field must be empty or not present unless other field is equal to value.
PROHIBITS:other
If the field is present, the other field can't be present at the same time.
MUST_BE_SAME:other
The field must have the same value as the other field.
SIZE:NUMBER:size
The field must be numeric and equal to size.
SIZE:FILE_KB:size
The field must be a file with a size of size KB.
SIZE:STRING_LENGTH:size
The field must be a string with a length equal to size.
SIZE:ARRAY_COUNT:size
The field must be an array with exactly size elements.
MUST_START_WITH:value
The field must start with value.
MUST_BE_STRING
The field must be a string.
MUST_BE_TIMEZONE
The field must be a valid timezone according to the timezone_identifiers_list PHP function.
MUST_BE_UNIQUE:table.column
The field's value must not already exist in the specified database table and column.
FAILED_TO_UPLOAD
File upload failed.
MUST_BE_URL
The field must be a valid URL address.
MUST_BE_UUID
The field must be a valid UUID.

More detailed information about validation rules can be found in Laravel documentation.

Appendix B. Custom validation rules

List of custom validation rules messages:

Code
Description
RULES:CONFIG_MODES_LIMIT_RULE:EXCEEDED:max
Checks whether the device's config modes limit has been reached. Fails when the number of config modes assigned to the device already equals to max.
RULES:FILE_UPLOADS_MAX_TOTAL_SIZE_RULE:EXCEEDED:max_size
Checks whether the total size of all uploaded files in the request exceeds the specified limit. Fails if the total size is greater than max_size KB.
RULES:IS_TIMESTAMP_RULE:INVALID_VALUE
Checks whether the value is a valid timestamp. Fails if it's not.
RULES:IS_TIMEZONE_RULE:INVALID_VALUE
Checks whether the value is a valid timezone. Fails if it's not. List of valid timezones is available at the /api/timezones endpoint.
RULES:NOT_EXIST_IN_OTHER_REGIONS_RULE:DEVICE_IDENTIFIER_IN_USE
Checks whether the device identifier (serial or Bluetooth ID) is already in use in another region. Fails if it is.
RULES:NOT_EXIST_IN_OTHER_REGIONS_RULE:USER_EMAIL_IN_USE
Checks whether the user's email is already in use in another region. Fails if it is.
RULES:NOT_INFECTED_RULE:FILE_INFECTED_OR_UPLOAD_ISSUE
Checks whether the uploaded file is infected. Fails if the upload fails or AV software reports an issue.
RULES:PATIENT_DEVICE_RULE:NOT_ASSIGNED
Checks the patient-device assignment. Fails if the device is not assigned to the user.
RULES:P2P_SESSION_MEMBER_RULE:NOT_A_MEMBER
Checks whether the current user is the member of the P2P session they are trying to access. Fails if the user is not a session's patient or clinician.
RULES:URL_EXISTS_RULE:EXPECTED_CONTENT_TYPE:content_type
RULES:URL_EXISTS_RULE:NOT_FOUND
Checks whether the specified URL exists and returns an HTTP 200 response.
If content_type was specified, the rule also verifies the returned Content-Type header. If it doesn't match, the error code will include EXPECTED_CONTENT_TYPE:content_type.
Otherwise, it only checks the status code and returns NOT_FOUND if it's not 200.
Fails if HTTP code is not 200 or the Content-Type doesn't match the expected value (if specified).
PASSWORD:MUST_CONTAIN_AT_LEAST_ONE_LOWERCASE
Checks whether the password contains at least one lowercase letter.
PASSWORD:MUST_CONTAIN_AT_LEAST_ONE_UPPERCASE
Checks whether the password contains at least one uppercase letter.
PASSWORD:MUST_CONTAIN_AT_LEAST_ONE_NUMBER
Checks whether the password contains at least one number.
PASSWORD:MUST_CONTAIN_AT_LEAST_ONE_SYMBOL
Checks whether the password contains at least one symbol.

Acadle

Endpoints related to Acadle integration

Acadle SSO

requires authentication

Creates the SSO authorization link. The link expires after 60 seconds, but can be re-generated without any limits.

Example request:
curl --request POST \
    "http://localhost:8000/api/acadle/sso" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/acadle/sso"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "POST",
    headers,
}).then(response => response.json());

Example response (200, OK):


{
    "sso_url": "https://adp.acadle.com/sso/authenticate/callback?ssoToken=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE3MzczNzU3OTksImV4cCI6MTczNzM3NTg1OSwiZmlyc3RuYW1lIjoiVG9tIiwibGFzdG5hbWUiOiJTbWl0aCIsImVtYWlsIjoidGVzdEBleGFtcGxlLmNvbSIsInVzZXJuYW1lIjpudWxsLCJ0aW1lem9uZSI6IlVUQyJ9.VzE2q6V53bdYJM7aB6CWWxDqcxF4gpdiEF80dD9j-5k",
    "sso_expires": 1737375859
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to use Acadle",
    "code": "ACADLE:SSO:INSUFFICIENT_PERMISSION"
}
 

Example response (403, Survey required):


{
    "message": "Completing the survey is required to proceed to Acadle",
    "code": "ACADLE:SSO:SURVEY_REQUIRED"
}
 

Request   

POST api/acadle/sso

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Check Acadle survey status

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/acadle/survey/status" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/acadle/survey/status"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200, OK):


{
    "survey_sent": false,
    "survey_id": null
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to use Acadle",
    "code": "ACADLE:SURVEY_STATUS:INSUFFICIENT_PERMISSION"
}
 

Request   

GET api/acadle/survey/status

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Get Acadle survey data

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/acadle/survey" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/acadle/survey"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (201):


{
    "id": 1,
    "user_id": 300,
    "cpo_number": "820009695",
    "country": "Gabon",
    "medical_training": "physiotherapist",
    "myo_exp_zeus": "1",
    "has_demo_hand_access": 1,
    "wants_demo_hand": 0,
    "myo_exp_covvi": 1,
    "myo_exp_fillauer": 1,
    "myo_exp_ossur": 0,
    "myo_exp_ottobock": 0,
    "myo_exp_steeper": 1,
    "myo_exp_taska": 1,
    "myo_exp_vincent": 0,
    "myo_exp_pattern_recognition": 0,
    "myo_exp_other": "Et non nam quo omnis dignissimos dolor aut architecto.",
    "partial_hand_protheses": "5",
    "below_elbow_protheses_single_action": "4",
    "below_elbow_protheses_multi_action": "0",
    "above_elbow_protheses": "1",
    "shoulder_protheses": "4",
    "zeus_components_description": "Ab ullam id totam non magnam fugiat illo.",
    "contact_name": "Paxton",
    "contact_surname": "Treutel",
    "company_name": "Kuhlman-Connelly",
    "street": "743 Grant View Suite 743",
    "city": "New Chaz",
    "postal_code": "80271-1898",
    "email": "mkuvalis@aufderhar.com",
    "phone": "(623) 969-4801",
    "phone_country": "hn",
    "device_side": "R",
    "created_at": "2026-06-29T13:09:42.000000Z",
    "updated_at": "2026-06-29T13:09:42.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to use Acadle",
    "code": "ACADLE:SURVEY_RESULTS:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Survey not found):


{
    "message": "Survey not found",
    "code": "ACADLE:SURVEY_RESULTS:SURVEY_NOT_FOUND"
}
 

Request   

GET api/acadle/survey

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Response

Response Fields

id   integer   

Survey ID.

user_id   integer   

Associated user ID.

cpo_number   string   

CPO number.

country   string   

Country code.

medical_training   string   

Medical training level.

myo_exp_zeus   string   

Zeus myo experience.

myo_exp_covvi   string   

Covvi myo experience.

myo_exp_fillauer   string   

Fillauer myo experience.

myo_exp_ossur   string   

Ossur myo experience.

myo_exp_ottobock   string   

Ottobock myo experience.

myo_exp_steeper   string   

Steeper myo experience.

myo_exp_taska   string   

Taska myo experience.

myo_exp_vincent   string   

Vincent myo experience.

myo_exp_pattern_recognition   string   

Pattern recognition myo experience.

myo_exp_other   string   

Other myo experience.

has_demo_hand_access   boolean   

Whether the user has demo hand access.

wants_demo_hand   boolean   

Whether the user wants a demo hand.

partial_hand_protheses   string   

Partial hand prostheses experience.

below_elbow_protheses_single_action   string   

Below elbow single action prostheses experience.

below_elbow_protheses_multi_action   string   

Below elbow multi-action prostheses experience.

above_elbow_protheses   string   

Above elbow prostheses experience.

shoulder_protheses   string   

Shoulder prostheses experience.

zeus_components_description   string   

Zeus components description.

contact_name   string   

Contact first name.

contact_surname   string   

Contact last name.

company_name   string   

Company name.

street   string   

Street address.

city   string   

City.

postal_code   string   

Postal code.

email   string   

Contact email.

phone   string   

Contact phone.

phone_country   string   

Phone country code.

device_side   string   

Device side.

Must be one of:
  • L
  • R
created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

Get Acadle survey data (SuperAdmin)

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/acadle/survey/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/acadle/survey/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (201):


{
    "id": 2,
    "user_id": 301,
    "cpo_number": "4720307",
    "country": "Wallis and Futuna",
    "medical_training": "biomedical_engineer",
    "myo_exp_zeus": "1",
    "has_demo_hand_access": 0,
    "wants_demo_hand": 0,
    "myo_exp_covvi": 1,
    "myo_exp_fillauer": 0,
    "myo_exp_ossur": 1,
    "myo_exp_ottobock": 0,
    "myo_exp_steeper": 1,
    "myo_exp_taska": 0,
    "myo_exp_vincent": 0,
    "myo_exp_pattern_recognition": 0,
    "myo_exp_other": "Reprehenderit ex sequi ut eum et ducimus.",
    "partial_hand_protheses": "4",
    "below_elbow_protheses_single_action": "4",
    "below_elbow_protheses_multi_action": "2",
    "above_elbow_protheses": "0",
    "shoulder_protheses": "4",
    "zeus_components_description": "Quaerat voluptatem voluptas nemo voluptatem sunt.",
    "contact_name": "Stanford",
    "contact_surname": "Hermiston",
    "company_name": "Thompson, Shanahan and Adams",
    "street": "7766 Jeffry Lights Apt. 826",
    "city": "Robertaport",
    "postal_code": "35805",
    "email": "annabel.walker@runolfsdottir.org",
    "phone": "315-580-4975",
    "phone_country": "mk",
    "device_side": "R",
    "created_at": "2026-06-29T13:09:43.000000Z",
    "updated_at": "2026-06-29T13:09:43.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to use Acadle",
    "code": "ACADLE:SURVEY_RESULTS_ADMIN:INSUFFICIENT_PERMISSION"
}
 

Example response (404, User not found):


{
    "message": "User not found",
    "code": "ACADLE:SURVEY_RESULTS_ADMIN:USER_NOT_FOUND"
}
 

Example response (404, Survey not found):


{
    "message": "Survey not found",
    "code": "ACADLE:SURVEY_RESULTS_ADMIN:SURVEY_NOT_FOUND"
}
 

Request   

GET api/acadle/survey/{id}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   integer   

User ID. Example: 1

Response

Response Fields

id   integer   

Survey ID.

user_id   integer   

Associated user ID.

cpo_number   string   

CPO number.

country   string   

Country code.

medical_training   string   

Medical training level.

myo_exp_zeus   string   

Zeus myo experience.

myo_exp_covvi   string   

Covvi myo experience.

myo_exp_fillauer   string   

Fillauer myo experience.

myo_exp_ossur   string   

Ossur myo experience.

myo_exp_ottobock   string   

Ottobock myo experience.

myo_exp_steeper   string   

Steeper myo experience.

myo_exp_taska   string   

Taska myo experience.

myo_exp_vincent   string   

Vincent myo experience.

myo_exp_pattern_recognition   string   

Pattern recognition myo experience.

myo_exp_other   string   

Other myo experience.

has_demo_hand_access   boolean   

Whether the user has demo hand access.

wants_demo_hand   boolean   

Whether the user wants a demo hand.

partial_hand_protheses   string   

Partial hand prostheses experience.

below_elbow_protheses_single_action   string   

Below elbow single action prostheses experience.

below_elbow_protheses_multi_action   string   

Below elbow multi-action prostheses experience.

above_elbow_protheses   string   

Above elbow prostheses experience.

shoulder_protheses   string   

Shoulder prostheses experience.

zeus_components_description   string   

Zeus components description.

contact_name   string   

Contact first name.

contact_surname   string   

Contact last name.

company_name   string   

Company name.

street   string   

Street address.

city   string   

City.

postal_code   string   

Postal code.

email   string   

Contact email.

phone   string   

Contact phone.

phone_country   string   

Phone country code.

device_side   string   

Device side.

Must be one of:
  • L
  • R
created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

List all Acadle surveys (SuperAdmin)

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/acadle/surveys?search=john" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/acadle/surveys"
);

const params = {
    "search": "john",
};
Object.keys(params)
    .forEach(key => url.searchParams.append(key, params[key]));

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


{
    "paginator": {
        "total": 2,
        "count": 2,
        "perpage": 20,
        "current_page": 1,
        "last_page": 1
    },
    "items": [
        {
            "id": 3,
            "user_id": 302,
            "cpo_number": "5",
            "country": "Dominica",
            "medical_training": "physician",
            "myo_exp_zeus": "1",
            "has_demo_hand_access": 0,
            "wants_demo_hand": 1,
            "myo_exp_covvi": 1,
            "myo_exp_fillauer": 1,
            "myo_exp_ossur": 1,
            "myo_exp_ottobock": 1,
            "myo_exp_steeper": 1,
            "myo_exp_taska": 1,
            "myo_exp_vincent": 1,
            "myo_exp_pattern_recognition": 1,
            "myo_exp_other": "Sed ab praesentium libero hic omnis possimus magni.",
            "partial_hand_protheses": "3",
            "below_elbow_protheses_single_action": "1",
            "below_elbow_protheses_multi_action": "1",
            "above_elbow_protheses": "2",
            "shoulder_protheses": "1",
            "zeus_components_description": "Id fuga harum quisquam vitae vitae officia.",
            "contact_name": "Cecil",
            "contact_surname": "Ratke",
            "company_name": "Fritsch, Kertzmann and Anderson",
            "street": "731 Terence Islands Suite 510",
            "city": "Fadelland",
            "postal_code": "89799-8603",
            "email": "plubowitz@dickens.com",
            "phone": "+14077200171",
            "phone_country": "mc",
            "device_side": "L",
            "created_at": "2026-06-29T13:09:44.000000Z",
            "updated_at": "2026-06-29T13:09:44.000000Z"
        },
        {
            "id": 4,
            "user_id": 303,
            "cpo_number": "290060",
            "country": "Christmas Island",
            "medical_training": "physician",
            "myo_exp_zeus": "0",
            "has_demo_hand_access": 1,
            "wants_demo_hand": 0,
            "myo_exp_covvi": 1,
            "myo_exp_fillauer": 0,
            "myo_exp_ossur": 0,
            "myo_exp_ottobock": 0,
            "myo_exp_steeper": 1,
            "myo_exp_taska": 1,
            "myo_exp_vincent": 1,
            "myo_exp_pattern_recognition": 0,
            "myo_exp_other": "Cum soluta quo sit error tempora aperiam accusantium.",
            "partial_hand_protheses": "3",
            "below_elbow_protheses_single_action": "1",
            "below_elbow_protheses_multi_action": "1",
            "above_elbow_protheses": "5",
            "shoulder_protheses": "2",
            "zeus_components_description": "Doloremque consectetur aut qui harum cumque pariatur.",
            "contact_name": "Serena",
            "contact_surname": "Haley",
            "company_name": "Kilback-Osinski",
            "street": "1970 Soledad Mountains Apt. 929",
            "city": "Langtown",
            "postal_code": "34976",
            "email": "windler.quinten@bradtke.com",
            "phone": "620.641.3943",
            "phone_country": "fm",
            "device_side": "L",
            "created_at": "2026-06-29T13:09:45.000000Z",
            "updated_at": "2026-06-29T13:09:45.000000Z"
        }
    ]
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to use Acadle",
    "code": "ACADLE:SURVEYS:INSUFFICIENT_PERMISSION"
}
 

Request   

GET api/acadle/surveys

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Query Parameters

search   string  optional  

Filter surveys by searching in: user name, user email, contact name, contact surname, contact email, CPO number. Example: john

perpage   integer  optional  

Elements per page (Default: 20).

page   integer  optional  

Page number (Default: 1).

extend   string  optional  

Comma-separated list of relation extensions (available: user).

sortby   string  optional  

Sort by field (available: date, user_name, user_email, contact_name, contact_surname, country, medical_training, cpo_number). Default: date, desc.

sortdir   string  optional  

Sort direction (available: asc, desc).

Response

Response Fields

items   object   
id   integer   

Survey ID.

user_id   integer   

Associated user ID.

cpo_number   string   

CPO number.

country   string   

Country code.

medical_training   string   

Medical training level.

myo_exp_zeus   string   

Zeus myo experience.

myo_exp_covvi   string   

Covvi myo experience.

myo_exp_fillauer   string   

Fillauer myo experience.

myo_exp_ossur   string   

Ossur myo experience.

myo_exp_ottobock   string   

Ottobock myo experience.

myo_exp_steeper   string   

Steeper myo experience.

myo_exp_taska   string   

Taska myo experience.

myo_exp_vincent   string   

Vincent myo experience.

myo_exp_pattern_recognition   string   

Pattern recognition myo experience.

myo_exp_other   string   

Other myo experience.

has_demo_hand_access   boolean   

Whether the user has demo hand access.

wants_demo_hand   boolean   

Whether the user wants a demo hand.

partial_hand_protheses   string   

Partial hand prostheses experience.

below_elbow_protheses_single_action   string   

Below elbow single action prostheses experience.

below_elbow_protheses_multi_action   string   

Below elbow multi-action prostheses experience.

above_elbow_protheses   string   

Above elbow prostheses experience.

shoulder_protheses   string   

Shoulder prostheses experience.

zeus_components_description   string   

Zeus components description.

contact_name   string   

Contact first name.

contact_surname   string   

Contact last name.

company_name   string   

Company name.

street   string   

Street address.

city   string   

City.

postal_code   string   

Postal code.

email   string   

Contact email.

phone   string   

Contact phone.

phone_country   string   

Phone country code.

device_side   string   

Device side.

Must be one of:
  • L
  • R
created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

paginator   object   
total   integer   

Total number of items.

count   integer   

Number of items on current page.

perpage   integer   

Items per page.

current_page   integer   

Current page number.

last_page   integer   

Last page number.

Send Acadle survey

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/acadle/survey" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"cpo_number\": 427653,
    \"country\": \"Kenya\",
    \"medical_training\": \"physician\",
    \"myo_exp_zeus\": false,
    \"myo_exp_covvi\": false,
    \"myo_exp_fillauer\": false,
    \"myo_exp_ossur\": false,
    \"myo_exp_ottobock\": false,
    \"myo_exp_steeper\": false,
    \"myo_exp_taska\": false,
    \"myo_exp_vincent\": false,
    \"myo_exp_pattern_recognition\": false,
    \"myo_exp_other\": \"Ducimus consequatur fugiat eligendi veritatis maiores sint et.\",
    \"has_demo_hand_access\": false,
    \"wants_demo_hand\": false,
    \"partial_hand_protheses\": \"1-5\",
    \"below_elbow_protheses_single_action\": \"1-5\",
    \"below_elbow_protheses_multi_action\": \"5-10\",
    \"above_elbow_protheses\": \"50+\",
    \"shoulder_protheses\": \"1-5\",
    \"zeus_components_description\": \"Officiis voluptatem omnis sit itaque.\",
    \"contact_name\": \"Aurore\",
    \"company_name\": \"Stracke-Dooley\",
    \"street\": \"1759 Rolfson Estates\",
    \"city\": \"East Janetmouth\",
    \"postal_code\": \"49254-6702\",
    \"email\": \"tromp.jody@dubuque.com\",
    \"phone\": \"1-567-388-6514\",
    \"phone_country\": \"CL\",
    \"device_side\": \"L\"
}"
const url = new URL(
    "http://localhost:8000/api/acadle/survey"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "cpo_number": 427653,
    "country": "Kenya",
    "medical_training": "physician",
    "myo_exp_zeus": false,
    "myo_exp_covvi": false,
    "myo_exp_fillauer": false,
    "myo_exp_ossur": false,
    "myo_exp_ottobock": false,
    "myo_exp_steeper": false,
    "myo_exp_taska": false,
    "myo_exp_vincent": false,
    "myo_exp_pattern_recognition": false,
    "myo_exp_other": "Ducimus consequatur fugiat eligendi veritatis maiores sint et.",
    "has_demo_hand_access": false,
    "wants_demo_hand": false,
    "partial_hand_protheses": "1-5",
    "below_elbow_protheses_single_action": "1-5",
    "below_elbow_protheses_multi_action": "5-10",
    "above_elbow_protheses": "50+",
    "shoulder_protheses": "1-5",
    "zeus_components_description": "Officiis voluptatem omnis sit itaque.",
    "contact_name": "Aurore",
    "company_name": "Stracke-Dooley",
    "street": "1759 Rolfson Estates",
    "city": "East Janetmouth",
    "postal_code": "49254-6702",
    "email": "tromp.jody@dubuque.com",
    "phone": "1-567-388-6514",
    "phone_country": "CL",
    "device_side": "L"
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (201):


{
    "id": 5,
    "user_id": 304,
    "cpo_number": "79",
    "country": "Norway",
    "medical_training": "physiotherapist",
    "myo_exp_zeus": "0",
    "has_demo_hand_access": 0,
    "wants_demo_hand": 1,
    "myo_exp_covvi": 0,
    "myo_exp_fillauer": 0,
    "myo_exp_ossur": 1,
    "myo_exp_ottobock": 1,
    "myo_exp_steeper": 1,
    "myo_exp_taska": 0,
    "myo_exp_vincent": 0,
    "myo_exp_pattern_recognition": 1,
    "myo_exp_other": "Tempora facere ratione quaerat necessitatibus laboriosam nihil ullam.",
    "partial_hand_protheses": "0",
    "below_elbow_protheses_single_action": "1",
    "below_elbow_protheses_multi_action": "1",
    "above_elbow_protheses": "0",
    "shoulder_protheses": "4",
    "zeus_components_description": "Molestias qui voluptas explicabo deleniti molestiae.",
    "contact_name": "Abigale",
    "contact_surname": "Heathcote",
    "company_name": "Macejkovic PLC",
    "street": "912 Luettgen Summit Suite 227",
    "city": "East Marco",
    "postal_code": "59852",
    "email": "clara40@goldner.com",
    "phone": "+16602524007",
    "phone_country": "sd",
    "device_side": "R",
    "created_at": "2026-06-29T13:09:46.000000Z",
    "updated_at": "2026-06-29T13:09:46.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to use Acadle",
    "code": "ACADLE:SURVEY_SEND:INSUFFICIENT_PERMISSION"
}
 

Example response (403, Survey already sent):


{
    "message": "Survey already sent",
    "code": "ACADLE:SURVEY_SEND:SURVEY_ALREADY_SENT"
}
 

Request   

POST api/acadle/survey

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Body Parameters

cpo_number   string  optional  

CPO Number. Example: 427653

country   string   

Country name. Example: Kenya

medical_training   string   

Clinician's medical/clinical training. Example: physician

Must be one of:
  • clinician
  • physiotherapist
  • physician
  • biomedical_engineer
  • other
  • prosthetist
myo_exp_zeus   boolean   

Does clinician have an experience working with Zeus hands. Example: false

myo_exp_covvi   boolean   

Does clinician have an experience working with Covvi hands. Example: false

myo_exp_fillauer   boolean   

Does clinician have an experience working with Fillauer hands. Example: false

myo_exp_ossur   boolean   

Does clinician have an experience working with Ossur hands. Example: false

myo_exp_ottobock   boolean   

Does clinician have an experience working with Ottobock hands. Example: false

myo_exp_steeper   boolean   

Does clinician have an experience working with Steeper hands. Example: false

myo_exp_taska   boolean   

Does clinician have an experience working with Taska hands. Example: false

myo_exp_vincent   boolean   

Does clinician have an experience working with Vincent hands. Example: false

myo_exp_pattern_recognition   boolean   

Does clinician have an experience working with Pattern Recognition. Example: false

myo_exp_other   string  optional  

Does clinician have an experience working with any other hands. MINIMUM:STRING_LENGTH:3. Example: Ducimus consequatur fugiat eligendi veritatis maiores sint et.

has_demo_hand_access   boolean   

Does clinician have access to a demo hand. Example: false

wants_demo_hand   boolean   

Does clinician want a demo hand. Example: false

partial_hand_protheses   string  optional  

How many prostheses of type partial hand does clinician make per year. Example: 1-5

below_elbow_protheses_single_action   string  optional  

How many prostheses of type below elbow (single-action) does clinician make per year. Example: 1-5

below_elbow_protheses_multi_action   string  optional  

How many prostheses of type below elbow (multi-action) does clinician make per year. Example: 5-10

above_elbow_protheses   string  optional  

How many prostheses of type above elbow does clinician make per year. Example: 50+

shoulder_protheses   string  optional  

How many prostheses of type shoulder does clinician make per year. Example: 1-5

zeus_components_description   string  optional  

Description which components would clinician like to use with a Zeus hand. MINIMUM:STRING_LENGTH:10. Example: Officiis voluptatem omnis sit itaque.

contact_name   string  optional  

Contact information: full name. This field is required when wants_demo_hand is true. Example: Aurore

company_name   string  optional  

Contact information: company name. This field is required when wants_demo_hand is true. Example: Stracke-Dooley

street   string  optional  

Contact information: street. This field is required when wants_demo_hand is true. Example: 1759 Rolfson Estates

city   string  optional  

Contact information: city/state. This field is required when wants_demo_hand is true. Example: East Janetmouth

postal_code   string  optional  

Contact information: postal code. This field is required when wants_demo_hand is true. Example: 49254-6702

email   string  optional  

Contact information: email. This field is required when wants_demo_hand is true. MUST_BE_EMAIL. Example: tromp.jody@dubuque.com

phone   string  optional  

Contact information: phone. This field is required when wants_demo_hand is true. Example: 1-567-388-6514

phone_country   string  optional  

Contact information: phone country. This field is required when wants_demo_hand is true. SIZE:STRING_LENGTH:2. Example: CL

device_side   string  optional  

The side of the hand. This field is required when wants_demo_hand is true. Example: L

Must be one of:
  • L
  • R

Response

Response Fields

id   integer   

Survey ID.

user_id   integer   

Associated user ID.

cpo_number   string   

CPO number.

country   string   

Country code.

medical_training   string   

Medical training level.

myo_exp_zeus   string   

Zeus myo experience.

myo_exp_covvi   string   

Covvi myo experience.

myo_exp_fillauer   string   

Fillauer myo experience.

myo_exp_ossur   string   

Ossur myo experience.

myo_exp_ottobock   string   

Ottobock myo experience.

myo_exp_steeper   string   

Steeper myo experience.

myo_exp_taska   string   

Taska myo experience.

myo_exp_vincent   string   

Vincent myo experience.

myo_exp_pattern_recognition   string   

Pattern recognition myo experience.

myo_exp_other   string   

Other myo experience.

has_demo_hand_access   boolean   

Whether the user has demo hand access.

wants_demo_hand   boolean   

Whether the user wants a demo hand.

partial_hand_protheses   string   

Partial hand prostheses experience.

below_elbow_protheses_single_action   string   

Below elbow single action prostheses experience.

below_elbow_protheses_multi_action   string   

Below elbow multi-action prostheses experience.

above_elbow_protheses   string   

Above elbow prostheses experience.

shoulder_protheses   string   

Shoulder prostheses experience.

zeus_components_description   string   

Zeus components description.

contact_name   string   

Contact first name.

contact_surname   string   

Contact last name.

company_name   string   

Company name.

street   string   

Street address.

city   string   

City.

postal_code   string   

Postal code.

email   string   

Contact email.

phone   string   

Contact phone.

phone_country   string   

Phone country code.

device_side   string   

Device side.

Must be one of:
  • L
  • R
created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

Activation codes

API endpoints for activation codes

Get activation codes

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/activation-codes" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/activation-codes"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


{
    "paginator": {
        "total": 2,
        "count": 2,
        "perpage": 20,
        "current_page": 1,
        "last_page": 1
    },
    "items": [
        {
            "id": 1,
            "code": "R7EZLZ",
            "created_by": 41,
            "used_by": 42,
            "used_at": null,
            "active": 0,
            "created_at": "2026-06-29T13:07:42.000000Z",
            "updated_at": "2026-06-29T13:07:42.000000Z"
        },
        {
            "id": 2,
            "code": "WKV5Q9",
            "created_by": 43,
            "used_by": 44,
            "used_at": null,
            "active": 0,
            "created_at": "2026-06-29T13:07:42.000000Z",
            "updated_at": "2026-06-29T13:07:42.000000Z"
        }
    ]
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to manage activation codes",
    "code": "ACTIVATION_CODE:LIST:INSUFFICIENT_PERMISSION"
}
 

Request   

GET api/activation-codes

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Query Parameters

perpage   integer  optional  

Elements per page (Default: 20).

page   integer  optional  

Page number (Default: 1).

sortby   string  optional  

Sort by field (available: date). Default: date, desc.

sortdir   string  optional  

Sort direction (available: asc, desc).

Response

Response Fields

items   object   
id   integer   

Activation code ID.

code   string   

Activation code value.

created_by   integer   

ID of the user who created this code.

used_by   integer   

ID of the user who used this code.

used_at   string   

Timestamp when the code was used.

active   boolean   

Whether the code is active.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

creator   object   

User who created this code.

user   object   

User who used this code.

paginator   object   
total   integer   

Total number of items.

count   integer   

Number of items on current page.

perpage   integer   

Items per page.

current_page   integer   

Current page number.

last_page   integer   

Last page number.

Get active activation codes

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/activation-codes/active" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/activation-codes/active"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


{
    "paginator": {
        "total": 2,
        "count": 2,
        "perpage": 20,
        "current_page": 1,
        "last_page": 1
    },
    "items": [
        {
            "id": 3,
            "code": "93AEFB",
            "created_by": 45,
            "used_by": 46,
            "used_at": null,
            "active": 0,
            "created_at": "2026-06-29T13:07:43.000000Z",
            "updated_at": "2026-06-29T13:07:43.000000Z"
        },
        {
            "id": 4,
            "code": "6JW98K",
            "created_by": 47,
            "used_by": 48,
            "used_at": null,
            "active": 1,
            "created_at": "2026-06-29T13:07:44.000000Z",
            "updated_at": "2026-06-29T13:07:44.000000Z"
        }
    ]
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to manage activation codes",
    "code": "ACTIVATION_CODE:ACTIVE:INSUFFICIENT_PERMISSION"
}
 

Request   

GET api/activation-codes/active

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Response

Response Fields

items   object   
id   integer   

Activation code ID.

code   string   

Activation code value.

created_by   integer   

ID of the user who created this code.

used_by   integer   

ID of the user who used this code.

used_at   string   

Timestamp when the code was used.

active   boolean   

Whether the code is active.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

creator   object   

User who created this code.

user   object   

User who used this code.

paginator   object   
total   integer   

Total number of items.

count   integer   

Number of items on current page.

perpage   integer   

Items per page.

current_page   integer   

Current page number.

last_page   integer   

Last page number.

Find activation code

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/activation-codes/find/beatae" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/activation-codes/find/beatae"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


{
    "id": 5,
    "code": "MYN6F8",
    "created_by": null,
    "used_by": null,
    "used_at": null,
    "active": 1,
    "created_at": "2026-06-29T13:07:44.000000Z",
    "updated_at": "2026-06-29T13:07:44.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to manage activation codes",
    "code": "ACTIVATION_CODE:FIND:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Activation code not found):


{
    "message": "Activation code not found",
    "code": "ACTIVATION_CODE:FIND:CODE_NOT_FOUND"
}
 

Request   

GET api/activation-codes/find/{code}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

code   string   

Activation code (not ID). Example: beatae

Response

Response Fields

id   integer   

Activation code ID.

code   string   

Activation code value.

created_by   integer   

ID of the user who created this code.

used_by   integer   

ID of the user who used this code.

used_at   string   

Timestamp when the code was used.

active   boolean   

Whether the code is active.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

creator   object   

User who created this code.

user   object   

User who used this code.

Create activation code

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/activation-codes" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/activation-codes"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "POST",
    headers,
}).then(response => response.json());

Example response (201):


{
    "id": 6,
    "code": "AVHVQJ",
    "created_by": null,
    "used_by": null,
    "used_at": null,
    "active": 1,
    "created_at": "2026-06-29T13:07:44.000000Z",
    "updated_at": "2026-06-29T13:07:44.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to manage activation codes",
    "code": "ACTIVATION_CODE:CREATE:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Server error):


{
    "message": "Server error: activation code not created",
    "code": "ACTIVATION_CODE:CREATE:SERVER_ERROR"
}
 

Request   

POST api/activation-codes

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Response

Response Fields

id   integer   

Activation code ID.

code   string   

Activation code value.

created_by   integer   

ID of the user who created this code.

used_by   integer   

ID of the user who used this code.

used_at   string   

Timestamp when the code was used.

active   boolean   

Whether the code is active.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

creator   object   

User who created this code.

user   object   

User who used this code.

Create activation code (multi-region)

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/activation-codes/5" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/activation-codes/5"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "POST",
    headers,
}).then(response => response.json());

Example response (201):


{
    "id": 7,
    "code": "FGYQ78",
    "created_by": null,
    "used_by": null,
    "used_at": null,
    "active": 0,
    "created_at": "2026-06-29T13:07:44.000000Z",
    "updated_at": "2026-06-29T13:07:44.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to manage activation codes",
    "code": "ACTIVATION_CODE:CREATE:INSUFFICIENT_PERMISSION"
}
 

Request   

POST api/activation-codes/{code}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

code   integer   

Example: 5

Response

Response Fields

id   integer   

Activation code ID.

code   string   

Activation code value.

created_by   integer   

ID of the user who created this code.

used_by   integer   

ID of the user who used this code.

used_at   string   

Timestamp when the code was used.

active   boolean   

Whether the code is active.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

creator   object   

User who created this code.

user   object   

User who used this code.

Deactivate activation code

requires authentication

Example request:
curl --request DELETE \
    "http://localhost:8000/api/activation-codes/10" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/activation-codes/10"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "DELETE",
    headers,
}).then(response => response.json());

Example response (202):


{
    "id": 8,
    "code": "THHB5R",
    "created_by": null,
    "used_by": null,
    "used_at": null,
    "active": 1,
    "created_at": "2026-06-29T13:07:44.000000Z",
    "updated_at": "2026-06-29T13:07:44.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to manage activation codes",
    "code": "ACTIVATION_CODE:DEACTIVATE:INSUFFICIENT_PERMISSION"
}
 

Example response (403, Activation code is not active):


{
    "message": "Cannot deactivate: code is not active",
    "code": "ACTIVATION_CODE:DEACTIVATE:CODE_NOT_ACTIVE"
}
 

Example response (404, Activation code not found):


{
    "message": "Activation code not found",
    "code": "ACTIVATION_CODE:DEACTIVATE:CODE_NOT_FOUND"
}
 

Example response (500, Server error):


{
    "message": "Server error: activation code not deactivated",
    "code": "ACTIVATION_CODE:DEACTIVATE:SERVER_ERROR"
}
 

Request   

DELETE api/activation-codes/{codeId}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

codeId   integer   

Activation code ID. Example: 10

Response

Response Fields

id   integer   

Activation code ID.

code   string   

Activation code value.

created_by   integer   

ID of the user who created this code.

used_by   integer   

ID of the user who used this code.

used_at   string   

Timestamp when the code was used.

active   boolean   

Whether the code is active.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

creator   object   

User who created this code.

user   object   

User who used this code.

Authentication

API endpoints for managing authentication

Login user

Example request:
curl --request POST \
    "http://localhost:8000/api/login" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"email\": \"test@example.com\",
    \"password\": \"secretpassword\"
}"
const url = new URL(
    "http://localhost:8000/api/login"
);

const headers = {
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "email": "test@example.com",
    "password": "secretpassword"
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (200, OK):


{
    "access_token": "7|x7de9EgE0xiBNLgHU91DHvhj85HVgTG1bekCssIA",
    "expires": "2021-10-25 17:05:25"
}
 

Example response (403, Too many attempts):


{
    "message": "Login: too many attempts",
    "code": "GENERAL:TOO_MANY_ATTEMPTS"
}
 

Example response (422, Invalid credentials):


{
    "message": "The given data was invalid.",
    "errors": {
        "email": [
            "Given credentials not found"
        ]
    },
    "code": "AUTH:LOGIN:INVALID_CREDENTIALS"
}
 

Request   

POST api/login

Headers

Content-Type      

Example: application/json

Accept      

Example: application/json

Body Parameters

email   string   

User email. MUST_BE_EMAIL. Example: test@example.com

password   string   

User password. Example: secretpassword

Register user

Example request:
curl --request POST \
    "http://localhost:8000/api/register" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"region\": \"us\",
    \"name\": \"Tom Smith\",
    \"email\": \"name@domain.com\",
    \"password\": \"Test123!\",
    \"phone\": \"442.389.8140\",
    \"phone_country\": \"US\",
    \"language\": \"en\",
    \"clinic_name\": \"Mills, Fadel and Kassulke\",
    \"clinic_location\": \"Ebonyland\",
    \"address1\": \"1624 Maci Grove Suite 620\",
    \"address2\": \"North Anastaciohaven, PA 77409\",
    \"mfa_enabled\": true,
    \"mfa_method\": \"email\",
    \"activation_code\": \"1A2B3C\"
}"
const url = new URL(
    "http://localhost:8000/api/register"
);

const headers = {
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "region": "us",
    "name": "Tom Smith",
    "email": "name@domain.com",
    "password": "Test123!",
    "phone": "442.389.8140",
    "phone_country": "US",
    "language": "en",
    "clinic_name": "Mills, Fadel and Kassulke",
    "clinic_location": "Ebonyland",
    "address1": "1624 Maci Grove Suite 620",
    "address2": "North Anastaciohaven, PA 77409",
    "mfa_enabled": true,
    "mfa_method": "email",
    "activation_code": "1A2B3C"
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (201):


{
    "id": 2,
    "mrn": "FBPVARFV1782738441",
    "name": "Justine Kris",
    "email": "1782738441bborer@example.com",
    "language": "en",
    "phone": "440.719.9651",
    "phone_country": "HN",
    "phone_verified_at": null,
    "address1": "4576 Purdy Villages Suite 073",
    "address2": "Ornchester, LA 30754-2014",
    "postal_code": "79441",
    "city": "Bogisich, Luettgen and Collins",
    "country": "DE",
    "clinic_name": "Lake Jana",
    "clinic_location": "19184 Crona Glen Suite 759\nPort Larry, GA 11657-8862",
    "image": null,
    "mfa_enabled": 0,
    "mfa_method": null,
    "mfa_verified_to": null,
    "location_id": null,
    "created_by": null,
    "active": 1,
    "is_internal": 0,
    "notifications_timezone": null,
    "notifications_at": null,
    "created_at": "2026-06-29T13:07:21.000000Z",
    "updated_at": "2026-06-29T13:07:21.000000Z",
    "invitation_status": "accepted",
    "acadle_invitation_status": null,
    "roles": [
        {
            "id": 3,
            "name": "ClinicAdmin"
        }
    ]
}
 

Example response (403, Too many attempts):


{
    "message": "Register: too many attempts",
    "code": "GENERAL:TOO_MANY_ATTEMPTS"
}
 

Example response (403, E-mail in use (in another region)):


{
    "message": "E-mail address already in use (in another region)",
    "code": "AUTH:REGISTER:EMAIL_IN_USE"
}
 

Example response (403, Activation code is incorrect):


{
    "message": "Activation code is incorrect",
    "code": "AUTH:REGISTER:INCORRECT_CODE"
}
 

Example response (500, Server error):


{
    "message": "Server error: user not created",
    "code": "AUTH:REGISTER:SERVER_ERROR"
}
 

Request   

POST api/register

Headers

Content-Type      

Example: application/json

Accept      

Example: application/json

Body Parameters

region   string   

User region. Example: us

name   string   

User name. Example: Tom Smith

email   string   

User e-mail address. MUST_BE_EMAIL. Example: name@domain.com

password   string   

User password. Example: Test123!

phone   string   

User phone number. Example: 442.389.8140

phone_country   string   

Phone number's country (2 characters). SIZE:STRING_LENGTH:2. Example: US

language   string   

User language. Example: en

clinic_name   string  optional  

Clinic name. Example: Mills, Fadel and Kassulke

clinic_location   string  optional  

Clinic location. Example: Ebonyland

address1   string  optional  

Address line 1. Example: 1624 Maci Grove Suite 620

address2   string  optional  

Address line 2. Example: North Anastaciohaven, PA 77409

mfa_enabled   boolean  optional  

MFA enabled. Example: true

mfa_method   string  optional  

MFA method. Example: email

Must be one of:
  • email
  • sms
activation_code   string   

Activation code. SIZE:STRING_LENGTH:6. Example: 1A2B3C

Response

Response Fields

id   integer   

User ID.

mrn   string   

Medical Record Number.

name   string   

User full name.

email   string   

User email address.

language   string   

User preferred language.

phone   string   

User phone number.

phone_country   string   

Phone country code.

phone_verified_at   string   

Phone verification date.

address1   string   

Address line 1.

address2   string   

Address line 2.

postal_code   string   

Postal code.

city   string   

City.

country   string   

Country code (ISO 3166 Alpha-2).

clinic_name   string   

Clinic name.

clinic_location   string   

Clinic location.

image   string   

User profile image URL.

mfa_enabled   boolean   

Whether MFA is enabled.

mfa_method   string   

Preferred MFA method.

mfa_verified_to   string   

MFA session verified until.

location_id   integer   

Location ID.

created_by   integer   

ID of the user who created this account.

active   boolean   

Whether the user account is active.

is_internal   boolean   

Whether the user is an internal user.

notifications_timezone   string   

Timezone for notifications.

notifications_at   string   

Preferred notification time.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

invitation_status   string   

User invitation status.

acadle_invitation_status   string   

Acadle invitation status.

roles   object[]   

User roles.

id   integer   

Role ID.

name   string   

Role name.

permissions   object[]   

User permissions.

clinicians   object[]   

Assigned clinicians.

devices   object[]   

Assigned devices.

patients   object[]   

Assigned patients.

invitations   object[]   

User invitations.

Register mobile user

Example request:
curl --request POST \
    "http://localhost:8000/api/mobile/register" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"region\": \"us\",
    \"name\": \"Tom Smith\",
    \"email\": \"name@domain.com\",
    \"password\": \"Test123!\",
    \"language\": \"en\",
    \"terms_accepted\": true
}"
const url = new URL(
    "http://localhost:8000/api/mobile/register"
);

const headers = {
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "region": "us",
    "name": "Tom Smith",
    "email": "name@domain.com",
    "password": "Test123!",
    "language": "en",
    "terms_accepted": true
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (201):


{
    "id": 3,
    "mrn": "ZUYLLFM31782738441",
    "name": "Victoria Zboncak",
    "email": "1782738441pablo73@example.net",
    "language": "en",
    "phone": "870.513.7542",
    "phone_country": "KN",
    "phone_verified_at": null,
    "address1": "532 Alanna Circles Apt. 494",
    "address2": "Evertfort, AL 64075",
    "postal_code": "24268",
    "city": "Ledner-Erdman",
    "country": "UA",
    "clinic_name": "West Madietown",
    "clinic_location": "269 Langworth Points Suite 991\nAlessandramouth, NY 72606",
    "image": null,
    "mfa_enabled": 0,
    "mfa_method": null,
    "mfa_verified_to": null,
    "location_id": null,
    "created_by": null,
    "active": 1,
    "is_internal": 0,
    "notifications_timezone": null,
    "notifications_at": null,
    "created_at": "2026-06-29T13:07:21.000000Z",
    "updated_at": "2026-06-29T13:07:21.000000Z",
    "invitation_status": "accepted",
    "acadle_invitation_status": null,
    "roles": [
        {
            "id": 3,
            "name": "ClinicAdmin"
        }
    ]
}
 

Example response (403, Too many attempts):


{
    "message": "Register: too many attempts",
    "code": "GENERAL:TOO_MANY_ATTEMPTS"
}
 

Example response (403, E-mail in use (in another region)):


{
    "message": "E-mail address already in use (in another region)",
    "code": "AUTH:MOBILE_REGISTER:EMAIL_IN_USE"
}
 

Example response (500, Server error):


{
    "message": "Server error: user not created",
    "code": "AUTH:MOBILE_REGISTER:SERVER_ERROR"
}
 

Request   

POST api/mobile/register

Headers

Content-Type      

Example: application/json

Accept      

Example: application/json

Body Parameters

region   string   

User region. Example: us

name   string   

User name. Example: Tom Smith

email   string   

User e-mail address. MUST_BE_EMAIL. Example: name@domain.com

password   string   

User password. Example: Test123!

language   string  optional  

User language. Example: en

terms_accepted   boolean   

User accepted terms. Must be accepted. Example: true

Response

Response Fields

id   integer   

User ID.

mrn   string   

Medical Record Number.

name   string   

User full name.

email   string   

User email address.

language   string   

User preferred language.

phone   string   

User phone number.

phone_country   string   

Phone country code.

phone_verified_at   string   

Phone verification date.

address1   string   

Address line 1.

address2   string   

Address line 2.

postal_code   string   

Postal code.

city   string   

City.

country   string   

Country code (ISO 3166 Alpha-2).

clinic_name   string   

Clinic name.

clinic_location   string   

Clinic location.

image   string   

User profile image URL.

mfa_enabled   boolean   

Whether MFA is enabled.

mfa_method   string   

Preferred MFA method.

mfa_verified_to   string   

MFA session verified until.

location_id   integer   

Location ID.

created_by   integer   

ID of the user who created this account.

active   boolean   

Whether the user account is active.

is_internal   boolean   

Whether the user is an internal user.

notifications_timezone   string   

Timezone for notifications.

notifications_at   string   

Preferred notification time.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

invitation_status   string   

User invitation status.

acadle_invitation_status   string   

Acadle invitation status.

roles   object[]   

User roles.

id   integer   

Role ID.

name   string   

Role name.

permissions   object[]   

User permissions.

clinicians   object[]   

Assigned clinicians.

devices   object[]   

Assigned devices.

patients   object[]   

Assigned patients.

invitations   object[]   

User invitations.

Request password reset

Request sending password reset email message with token that allows to change the password

Example request:
curl --request POST \
    "http://localhost:8000/api/password/reset" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"email\": \"test@example.com\"
}"
const url = new URL(
    "http://localhost:8000/api/password/reset"
);

const headers = {
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "email": "test@example.com"
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (200, OK):


{
    "code": "passwords.sent",
    "message": "Reset password link successfully sent"
}
 

Example response (400, Throttled request):


{
    "code": "passwords.throttled",
    "message": "You have requested password reset recently"
}
 

Request   

POST api/password/reset

Headers

Content-Type      

Example: application/json

Accept      

Example: application/json

Body Parameters

email   string   

User email. MUST_BE_EMAIL. Example: test@example.com

Verify password reset token

Check if token is valid before using it to reset password

Example request:
curl --request POST \
    "http://localhost:8000/api/password/reset/verify" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"token\": \"158bed12188492617e43ecfcca43f5990b3f5f0383b5083247389482b70af019\",
    \"email\": \"test@example.com\"
}"
const url = new URL(
    "http://localhost:8000/api/password/reset/verify"
);

const headers = {
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "token": "158bed12188492617e43ecfcca43f5990b3f5f0383b5083247389482b70af019",
    "email": "test@example.com"
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (200, OK):


{
    "message": "Valid token",
    "code": "AUTH:PASSWORD_RESET_VERIFY:VALID_TOKEN"
}
 

Example response (400, Invalid token):


{
    "message": "Invalid token",
    "code": "AUTH:PASSWORD_RESET_VERIFY:INVALID_TOKEN"
}
 

Request   

POST api/password/reset/verify

Headers

Content-Type      

Example: application/json

Accept      

Example: application/json

Body Parameters

token   string   

Password reset token. Example: 158bed12188492617e43ecfcca43f5990b3f5f0383b5083247389482b70af019

email   string   

User email. MUST_BE_EMAIL. Example: test@example.com

Change password with token

Change user password using password reset token sent to email address

Example request:
curl --request POST \
    "http://localhost:8000/api/password/reset/change" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"token\": \"158bed12188492617e43ecfcca43f5990b3f5f0383b5083247389482b70af019\",
    \"email\": \"test@example.com\",
    \"password\": \"secretpassword\"
}"
const url = new URL(
    "http://localhost:8000/api/password/reset/change"
);

const headers = {
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "token": "158bed12188492617e43ecfcca43f5990b3f5f0383b5083247389482b70af019",
    "email": "test@example.com",
    "password": "secretpassword"
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (200, OK):


{
    "code": "passwords.reset",
    "message": "Password changed successfully"
}
 

Example response (400, Invalid token):


{
    "code": "passwords.token",
    "message": "Invalid token"
}
 

Example response (404, User not found):


{
    "code": "passwords.user",
    "message": "User not found"
}
 

Request   

POST api/password/reset/change

Headers

Content-Type      

Example: application/json

Accept      

Example: application/json

Body Parameters

token   string   

Password reset token. Example: 158bed12188492617e43ecfcca43f5990b3f5f0383b5083247389482b70af019

email   string   

User email. MUST_BE_EMAIL. Example: test@example.com

password   string   

User new password. Example: secretpassword

Logout current device

requires authentication

Logout and delete current access token

Example request:
curl --request POST \
    "http://localhost:8000/api/logout" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/logout"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "POST",
    headers,
}).then(response => response.json());

Example response (202):


[]
 

Request   

POST api/logout

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Logout everywhere

requires authentication

Logout and delete all access tokens owned by account

Example request:
curl --request POST \
    "http://localhost:8000/api/logout/everywhere" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/logout/everywhere"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "POST",
    headers,
}).then(response => response.json());

Example response (202):


[]
 

Request   

POST api/logout/everywhere

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Refresh access token

requires authentication

Refresh the new access token from the expiring token

Example request:
curl --request POST \
    "http://localhost:8000/api/token/refresh" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/token/refresh"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "POST",
    headers,
}).then(response => response.json());

Example response (200, OK):


{
    "access_token": "7|x7de9EgE0xiBNLgHU91DHvhj85HVgTG1bekCssIA",
    "expires": "2021-10-25 17:05:25"
}
 

Request   

POST api/token/refresh

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Check MFA status

requires authentication

Check any of available MFA methods. Supported methods: email, sms, otp.

Example request:
curl --request GET \
    --get "http://localhost:8000/api/mfa/status" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/mfa/status"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200, OK):


{
    "enabled": 1,
    "method": "email",
    "phone": 1,
    "otp": 1
}
 

Request   

GET api/mfa/status

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Response

Response Fields

enabled   string   

Determines if user enabled MFA

method   string   

Preferred MFA method

phone   string   

Determines if user has verified phone number and sms channel could be used

otp   string   

Determines if user has setup OTP with authenticator application

Use recovery code

requires authentication

Use generated recovery code in order to access account in case when other MFA methods couldn't be used. This method only checks if code is valid, implement account access scenario on your own. Sent code is removed and couldn't be used anymore. If remaining_codes counter equals zero, generate a new set.

Example request:
curl --request POST \
    "http://localhost:8000/api/mfa/recovery-code" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"code\": \"ZZASRM6S\"
}"
const url = new URL(
    "http://localhost:8000/api/mfa/recovery-code"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "code": "ZZASRM6S"
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (200, OK):


{
    "access_token": "7|x7de9EgE0xiBNLgHU91DHvhj85HVgTG1bekCssIA",
    "expires": "2021-10-25 17:05:25",
    "remaining_codes": 9
}
 

Example response (401, Invalid code):


{
    "message": "Invalid code",
    "code": "AUTH:USE_RECOVERY_CODE:INVALID_CODE"
}
 

Request   

POST api/mfa/recovery-code

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Body Parameters

code   string   

Recovery code. Example: ZZASRM6S

Send MFA code

requires authentication

Send multi-factor authentication code via selected channel. Code is valid for 15 minutes.

Example request:
curl --request POST \
    "http://localhost:8000/api/mfa/send" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"channel\": \"email\"
}"
const url = new URL(
    "http://localhost:8000/api/mfa/send"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "channel": "email"
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (200, OK):


{
    "message": "Code sent",
    "code": "AUTH:SEND_MFA:SENT"
}
 

Example response (400, Channel SMS, phone number not verified):


{
    "message": "Phone number is not verified",
    "code": "AUTH:SEND_MFA:PHONE_NUMBER_NOT_VERIFIED"
}
 

Example response (500, Channel SMS, provider problem):


{
    "message": "Code sending failed",
    "code": "AUTH:SEND_MFA:SERVER_ERROR"
}
 

Request   

POST api/mfa/send

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Body Parameters

channel   string   

Authentication channel. Example: email

Must be one of:
  • email
  • sms

Verify MFA code

requires authentication

Verify multi-factor code obtained from selected channel.

Example request:
curl --request POST \
    "http://localhost:8000/api/mfa/verify" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"channel\": \"email\",
    \"remember_mfa_session\": true,
    \"code\": \"445566\",
    \"machine_key\": \"35282880-244a-4328-9435-2aaf432f3619\"
}"
const url = new URL(
    "http://localhost:8000/api/mfa/verify"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "channel": "email",
    "remember_mfa_session": true,
    "code": "445566",
    "machine_key": "35282880-244a-4328-9435-2aaf432f3619"
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (200, OK, token auth):


{
    "access_token": "7|x7de9EgE0xiBNLgHU91DHvhj85HVgTG1bekCssIA",
    "expires": "2021-10-25 17:05:25",
    "mfa_token": "fd63e55c-2a67-44b2-95b9-a771778e9971",
    "mfa_expires": "2023-04-25 21:00:00"
}
 

Example response (200, OK, cookie auth):


{
    "message": "OK",
    "mfa_token": "fd63e55c-2a67-44b2-95b9-a771778e9971",
    "mfa_expires": "2023-04-25 21:00:00"
}
 

Example response (401, Invalid code):


{
    "message": "Invalid code",
    "code": "AUTH:VERIFY_MFA:INVALID_CODE"
}
 

Request   

POST api/mfa/verify

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Body Parameters

channel   string   

Authentication channel. Example: email

Must be one of:
  • email
  • sms
remember_mfa_session   boolean  optional  

Do not require MFA code. By default, for 30 days. Example: true

code   string   

Authentication code. Example: 445566

machine_key   string  optional  

Unique machine identifier. Example: 35282880-244a-4328-9435-2aaf432f3619

Verify phone number

requires authentication

Verify phone number with text message

Example request:
curl --request POST \
    "http://localhost:8000/api/mfa/phone/verify" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"code\": \"445566\"
}"
const url = new URL(
    "http://localhost:8000/api/mfa/phone/verify"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "code": "445566"
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (200, OK):


{
    "message": "Phone number verified",
    "code": "AUTH:VERIFY_PHONE:VERIFIED"
}
 

Example response (401, Invalid code):


{
    "message": "Invalid code",
    "code": "AUTH:VERIFY_PHONE:INVALID_CODE"
}
 

Request   

POST api/mfa/phone/verify

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Body Parameters

code   string   

Verification code. Example: 445566

Verify MFA OTP

requires authentication

Verify one-time password (OTP). If verification is successful, new access token with additional permissions will be generated.

Example request:
curl --request POST \
    "http://localhost:8000/api/mfa/otp/verify" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"code\": \"445566\"
}"
const url = new URL(
    "http://localhost:8000/api/mfa/otp/verify"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "code": "445566"
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (200, OK, token auth):


{
    "access_token": "7|x7de9EgE0xiBNLgHU91DHvhj85HVgTG1bekCssIA",
    "expires": "2021-10-25 17:05:25"
}
 

Example response (200, OK, cookie auth):


{
    "message": "OK"
}
 

Example response (401, Invalid code):


{
    "message": "Invalid code",
    "code": "AUTH:VERIFY_MFA_OTP:INVALID_CODE"
}
 

Request   

POST api/mfa/otp/verify

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Body Parameters

code   string   

One-time password from app. Example: 445566

Change password

requires authentication

Change authenticated user password

Example request:
curl --request POST \
    "http://localhost:8000/api/password/change" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"old_password\": \"oldpassword\",
    \"new_password\": \"newpassword\"
}"
const url = new URL(
    "http://localhost:8000/api/password/change"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "old_password": "oldpassword",
    "new_password": "newpassword"
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (200, OK):


{
    "message": "Password changed successfully",
    "code": "AUTH:PASSWORD_CHANGE:CHANGED"
}
 

Example response (422, Invalid old password):


{
    "message": "The given data was invalid.",
    "errors": {
        "old_password": [
            "Old password is incorrect"
        ]
    },
    "code": "AUTH:PASSWORD_CHANGE:INVALID_OLD_PASSWORD"
}
 

Request   

POST api/password/change

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Body Parameters

old_password   string   

User old password. Example: oldpassword

new_password   string   

User new password. Example: newpassword

Set MFA status

requires authentication

Set MFA status and preferred method. Supported methods: email, sms, otp.

Example request:
curl --request POST \
    "http://localhost:8000/api/mfa/status" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"enabled\": true,
    \"method\": \"email\"
}"
const url = new URL(
    "http://localhost:8000/api/mfa/status"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "enabled": true,
    "method": "email"
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (200, OK):


{
    "enabled": 1,
    "method": "email",
    "phone": 1,
    "otp": 1
}
 

Request   

POST api/mfa/status

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Body Parameters

enabled   boolean  optional  

Use MFA after login. Example: true

method   string  optional  

Preferred MFA method. Example: email

Must be one of:
  • email
  • sms
  • otp

Generate recovery codes

requires authentication

Generate recovery codes for authenticated user and revoke old ones. User could use these codes in case when couldn't use any of MFA methods (e.g. lost device with OTP app or device is not accessible right now).

Example request:
curl --request GET \
    --get "http://localhost:8000/api/mfa/recovery-codes" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/mfa/recovery-codes"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200, OK):


{
    "recovery_codes": [
        "A3H8PF8P",
        "IZ8CGK2H",
        "DTYENLLT",
        "0RKEZFST",
        "9MPW91BS",
        "S38Z6HS6",
        "UF5ATOKP",
        "HSZXP8EL",
        "ZZASRM6S",
        "07GR4CD1"
    ]
}
 

Request   

GET api/mfa/recovery-codes

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Setup MFA OTP

requires authentication

Setup multi-factor authentication with one-time passwords (OTP). Use secret on your own or generate QR code with given url. Then user could scan QR code with authentication app (e.g. Microsoft Authenticator, Authy). If secret has been already generated, new secret will override existing one and revoke previous setup.

Example request:
curl --request POST \
    "http://localhost:8000/api/mfa/otp/setup" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/mfa/otp/setup"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "POST",
    headers,
}).then(response => response.json());

Example response (200, OK):


{
    "secret": "VXGJ6JMIAWWDFXYDLKO3VG3RSGTS34BGMVTGQIEHMVVMJ2JBGCSNPQZDV4B6OMDIGI4UKCVCVKVMA7EASLHZEJWW4ZNKLAUTSZYN7EA",
    "url": "otpauth://totp/AetherDigitalTherapy?issuer=AetherDigitalTherapy&secret=VXGJ6JMIAWWDFXYDLKO3VG3RSGTS34BGMVTGQIEHMVVMJ2JBGCSNPQZDV4B6OMDIGI4UKCVCVKVMA7EASLHZEJWW4ZNKLAUTSZYN7EA",
    "recovery_codes": [
        "A3H8PF8P",
        "IZ8CGK2H",
        "DTYENLLT",
        "0RKEZFST",
        "9MPW91BS",
        "S38Z6HS6",
        "UF5ATOKP",
        "HSZXP8EL",
        "ZZASRM6S",
        "07GR4CD1"
    ]
}
 

Request   

POST api/mfa/otp/setup

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Login user (SPA)

Authorize user and create cookie-based session. Hit GET /sanctum/csrf-cookie endpoint to retrieve XSRF-TOKEN cookie. Then attach X-XSRF-TOKEN HTTP header to any request to authorize. See more: Laravel Sanctum documentation

Example request:
curl --request POST \
    "http://localhost:8000/login" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"email\": \"test@example.com\",
    \"password\": \"secretpassword\"
}"
const url = new URL(
    "http://localhost:8000/login"
);

const headers = {
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "email": "test@example.com",
    "password": "secretpassword"
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (200):


{
    "id": 333,
    "mrn": "3SAXA5JG1782738600",
    "name": "Alba Schaefer",
    "email": "1782738600agnes.huels@example.com",
    "language": "en",
    "phone": "865-918-7229",
    "phone_country": "WS",
    "phone_verified_at": null,
    "address1": "2595 Barton Centers",
    "address2": "New Ariannastad, DC 06966",
    "postal_code": "35041-2902",
    "city": "Kerluke, Harvey and Willms",
    "country": "LV",
    "clinic_name": "Pollichfurt",
    "clinic_location": "892 Robert Branch\nDarianachester, NV 62073-8592",
    "image": null,
    "mfa_enabled": 0,
    "mfa_method": null,
    "mfa_verified_to": null,
    "location_id": null,
    "created_by": null,
    "active": 1,
    "is_internal": 0,
    "notifications_timezone": null,
    "notifications_at": null,
    "created_at": "2026-06-29T13:10:00.000000Z",
    "updated_at": "2026-06-29T13:10:00.000000Z",
    "invitation_status": null,
    "acadle_invitation_status": null,
    "roles": []
}
 

Example response (403, Too many attempts):


{
    "message": "Login: too many attempts",
    "code": "GENERAL:TOO_MANY_ATTEMPTS"
}
 

Example response (422, Invalid credentials):


{
    "message": "The given data was invalid.",
    "errors": {
        "email": [
            "Given credentials not found"
        ]
    },
    "code": "AUTH:LOGIN_COOKIE:INVALID_CREDENTIALS"
}
 

Request   

POST login

Headers

Content-Type      

Example: application/json

Accept      

Example: application/json

Body Parameters

email   string   

User email. MUST_BE_EMAIL. Example: test@example.com

password   string   

User password. Example: secretpassword

Response

Response Fields

id   integer   

User ID.

mrn   string   

Medical Record Number.

name   string   

User full name.

email   string   

User email address.

language   string   

User preferred language.

phone   string   

User phone number.

phone_country   string   

Phone country code.

phone_verified_at   string   

Phone verification date.

address1   string   

Address line 1.

address2   string   

Address line 2.

postal_code   string   

Postal code.

city   string   

City.

country   string   

Country code (ISO 3166 Alpha-2).

clinic_name   string   

Clinic name.

clinic_location   string   

Clinic location.

image   string   

User profile image URL.

mfa_enabled   boolean   

Whether MFA is enabled.

mfa_method   string   

Preferred MFA method.

mfa_verified_to   string   

MFA session verified until.

location_id   integer   

Location ID.

created_by   integer   

ID of the user who created this account.

active   boolean   

Whether the user account is active.

is_internal   boolean   

Whether the user is an internal user.

notifications_timezone   string   

Timezone for notifications.

notifications_at   string   

Preferred notification time.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

invitation_status   string   

User invitation status.

acadle_invitation_status   string   

Acadle invitation status.

roles   object[]   

User roles.

id   integer   

Role ID.

name   string   

Role name.

permissions   object[]   

User permissions.

clinicians   object[]   

Assigned clinicians.

devices   object[]   

Assigned devices.

patients   object[]   

Assigned patients.

invitations   object[]   

User invitations.

Chat

API endpoints for chat management

Authorize a user

requires authentication

This method authorizes a user using Ably service. Endpoint used only by Ably SDK

Check more details on https://ably.com/docs/auth/token

Example request:
curl --request GET \
    --get "http://localhost:8000/api/chat/authorize-user" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/chat/authorize-user"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (401):

Show headers
cache-control: no-cache, private
content-type: application/json
vary: Origin
 

{
    "message": "api.responses.general.unauthenticated",
    "code": "GENERAL:UNAUTHENTICATED"
}
 

Request   

GET api/chat/authorize-user

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

List all chat rooms

requires authentication

This method retrieves all chat rooms. Possible extend options:

Example request:
curl --request GET \
    --get "http://localhost:8000/api/chat/rooms" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/chat/rooms"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


{
    "paginator": {
        "total": 2,
        "count": 2,
        "perpage": 20,
        "current_page": 1,
        "last_page": 1
    },
    "items": [
        {
            "id": 1,
            "owner": null,
            "patient_id": null,
            "encryption_key": "bzDTpRR8IJ0Yd2RQjp1JgLuIFZESjJ7YojwEMa8+RLQ=",
            "name": "iure",
            "friendly_name": "iure",
            "created_at": "2026-06-29T13:09:37.000000Z",
            "deleted_at": null,
            "updated_at": "2026-06-29T13:09:37.000000Z"
        },
        {
            "id": 2,
            "owner": null,
            "patient_id": null,
            "encryption_key": "3J7+TehpZTKKfxXW2c0mQylNgJD7QFTuvzz/E1fVGC8=",
            "name": "architecto",
            "friendly_name": "architecto",
            "created_at": "2026-06-29T13:09:37.000000Z",
            "deleted_at": null,
            "updated_at": "2026-06-29T13:09:37.000000Z"
        }
    ]
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to list chat room",
    "code": "CHAT:LIST_ROOMS:INSUFFICIENT_PERMISSION"
}
 

Request   

GET api/chat/rooms

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Query Parameters

perpage   integer  optional  

Elements per page (Default: 20).

page   integer  optional  

Page number (Default: 1).

Response

Response Fields

items   object   
id   integer   

Chat room ID.

name   string   

Chat room name (channel SID).

friendly_name   string   

Human-readable chat room name.

owner   integer   

User ID of the room owner.

patient_id   integer   

Associated patient user ID.

encryption_key   string   

Encryption key for the chat room.

deleted_at   string   

Soft delete timestamp.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

messages   object[]   

Chat room messages.

last_message   object   

Last message in the chat room.

paginator   object   
total   integer   

Total number of items.

count   integer   

Number of items on current page.

perpage   integer   

Items per page.

current_page   integer   

Current page number.

last_page   integer   

Last page number.

Retrieve a chat room

requires authentication

This method retrieves a single chat room identified by roomId. Possible extend options:

Example request:
curl --request GET \
    --get "http://localhost:8000/api/chat/room/harum" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/chat/room/harum"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


{
    "id": 3,
    "owner": null,
    "patient_id": null,
    "encryption_key": "s1JEn4o/diQdWiNd1vfa1jNywVMOtNgObl6kj4cr7JE=",
    "name": "id",
    "friendly_name": "id",
    "created_at": "2026-06-29T13:09:37.000000Z",
    "deleted_at": null,
    "updated_at": "2026-06-29T13:09:37.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to view chat room",
    "code": "CHAT:GET_ROOM:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Chat room not found):


{
    "message": "Chat room not found",
    "code": "CHAT:GET_ROOM:ROOM_NOT_FOUND"
}
 

Request   

GET api/chat/room/{roomName}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

roomName   string   

Example: harum

Response

Response Fields

id   integer   

Chat room ID.

name   string   

Chat room name (channel SID).

friendly_name   string   

Human-readable chat room name.

owner   integer   

User ID of the room owner.

patient_id   integer   

Associated patient user ID.

encryption_key   string   

Encryption key for the chat room.

deleted_at   string   

Soft delete timestamp.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

messages   object[]   

Chat room messages.

last_message   object   

Last message in the chat room.

Create a new chat room

requires authentication

This method creates a new chat room using the authenticated user's ID, a name for the room, and a list of participants.

    The list of participants should contain the IDs of the users who will be participants in the room.
Example request:
curl --request POST \
    "http://localhost:8000/api/chat/room" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"owner\": 1,
    \"name\": \"my-chat\",
    \"patient_id\": 1,
    \"participants\": [
        \"1\"
    ]
}"
const url = new URL(
    "http://localhost:8000/api/chat/room"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "owner": 1,
    "name": "my-chat",
    "patient_id": 1,
    "participants": [
        "1"
    ]
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (201):


{
    "id": 4,
    "owner": null,
    "patient_id": null,
    "encryption_key": "hd1D+7+ptxrOVz7/5goeWFYxgDeyHSL2b6ZeBmJUya8=",
    "name": "accusantium",
    "friendly_name": "accusantium",
    "created_at": "2026-06-29T13:09:37.000000Z",
    "deleted_at": null,
    "updated_at": "2026-06-29T13:09:37.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to view chat room",
    "code": "CHAT:CREATE:INSUFFICIENT_PERMISSION"
}
 

Request   

POST api/chat/room

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Body Parameters

owner   string   

The id of an existing record in the App\Models\User table. Example: 1

name   string   

Name of chat room. MAXIMUM:STRING_LENGTH:255. Example: my-chat

patient_id   string   

The id of an existing record in the App\Models\User table. Example: 1

participants   string[]  optional  

Chat room participant. The id of an existing record in the App\Models\User table.

Response

Response Fields

id   integer   

Chat room ID.

name   string   

Chat room name (channel SID).

friendly_name   string   

Human-readable chat room name.

owner   integer   

User ID of the room owner.

patient_id   integer   

Associated patient user ID.

encryption_key   string   

Encryption key for the chat room.

deleted_at   string   

Soft delete timestamp.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

messages   object[]   

Chat room messages.

last_message   object   

Last message in the chat room.

Update an existing chat room

requires authentication

This method updates an existing chat room using the authenticated user's ID, a new name for the room, and a list of participants.

    The list of participants should contain the IDs of the users who will be participants in the room.
Example request:
curl --request PUT \
    "http://localhost:8000/api/chat/room/sint" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"owner\": 1,
    \"name\": \"my-chat\",
    \"participants\": [
        \"1\"
    ],
    \"participants_del\": [
        \"1\"
    ]
}"
const url = new URL(
    "http://localhost:8000/api/chat/room/sint"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "owner": 1,
    "name": "my-chat",
    "participants": [
        "1"
    ],
    "participants_del": [
        "1"
    ]
};

fetch(url, {
    method: "PUT",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (202):


{
    "id": 5,
    "owner": null,
    "patient_id": null,
    "encryption_key": "g/fDo6Q3dWt3rqurVUc6xRnL9sOrwqJo3XvUGz6Qz40=",
    "name": "aut",
    "friendly_name": "aut",
    "created_at": "2026-06-29T13:09:37.000000Z",
    "deleted_at": null,
    "updated_at": "2026-06-29T13:09:37.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to update chat room",
    "code": "CHAT:UPDATE:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Chat room not found):


{
    "message": "Chat room not found",
    "code": "CHAT:UPDATE:ROOM_NOT_FOUND"
}
 

Request   

PUT api/chat/room/{id}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   string   

The ID of the room. Example: sint

Body Parameters

owner   string  optional  

The id of an existing record in the App\Models\User table. Example: 1

name   string  optional  

Name of chat room. MAXIMUM:STRING_LENGTH:255. Example: my-chat

participants   string[]  optional  

Chat room participant. The id of an existing record in the App\Models\User table.

participants_del   string[]  optional  

Chat room participant to be deleted. The id of an existing record in the App\Models\User table.

Response

Response Fields

id   integer   

Chat room ID.

name   string   

Chat room name (channel SID).

friendly_name   string   

Human-readable chat room name.

owner   integer   

User ID of the room owner.

patient_id   integer   

Associated patient user ID.

encryption_key   string   

Encryption key for the chat room.

deleted_at   string   

Soft delete timestamp.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

messages   object[]   

Chat room messages.

last_message   object   

Last message in the chat room.

Chat room archives

requires authentication

Get archived messages for room Possible extend options:

Example request:
curl --request GET \
    --get "http://localhost:8000/api/chat/room/aut/archive" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/chat/room/aut/archive"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200, OK):


{
    "paginator": {
        "total": 1,
        "count": 1,
        "perpage": 5,
        "current_page": 1,
        "last_page": 1
    },
    "items": [
        {
            "id": "651a8e4868d5dc27c0000cc2",
            "channel": "chat.messages.room.44.56bf7d37-4ed6-4db4-947b-d68a1066677c.communication-channel",
            "clientId": "95",
            "msgId": "b8673175-01e6-4b6d-9032-226d3df20637",
            "data": "{\"encryptedMessage\":{\"message\":\"z6z1zNihCjlEePltz+BG8g==\",\"initialVector\":\"7376fcbf0b32fbdcd5c5b62c087b7600\"},\"user\":{\"id\":95,\"name\":\"Bartosz Druga firmaa\",\"email\":\"bartosz+drugafirma@refericon.pl\",\"image\":\"https://aether-dev-bucket.s3.amazonaws.com/users/7T6im01PAj4cahksWHllrL7se2SQ9buquIjGGFtp.jpg\",\"permissions\":[],\"roles\":[{\"id\":2,\"name\":\"Clinician\"}]},\"msgId\":\"b8673175-01e6-4b6d-9032-226d3df20637\",\"recipients\":[{\"delivered\":true,\"msgId\":\"b8673175-01e6-4b6d-9032-226d3df20637\",\"seen\":false,\"clientId\":\"95\"},{\"delivered\":true,\"msgId\":\"b8673175-01e6-4b6d-9032-226d3df20637\",\"seen\":false,\"clientId\":\"44\"},{\"delivered\":true,\"msgId\":\"b8673175-01e6-4b6d-9032-226d3df20637\",\"seen\":false,\"clientId\":\"1250\"},{\"delivered\":true,\"msgId\":\"b8673175-01e6-4b6d-9032-226d3df20637\",\"seen\":false,\"clientId\":\"3067\"}]}",
            "name": "message",
            "recipients": [
                {
                    "delivered": true,
                    "msgId": "b8673175-01e6-4b6d-9032-226d3df20637",
                    "seen": true,
                    "clientId": "95"
                },
                {
                    "delivered": true,
                    "msgId": "b8673175-01e6-4b6d-9032-226d3df20637",
                    "seen": false,
                    "clientId": "44"
                },
                {
                    "delivered": true,
                    "msgId": "b8673175-01e6-4b6d-9032-226d3df20637",
                    "seen": false,
                    "clientId": "1250"
                },
                {
                    "delivered": true,
                    "msgId": "b8673175-01e6-4b6d-9032-226d3df20637",
                    "seen": false,
                    "clientId": "3067"
                }
            ],
            "timestamp": 1696239176715,
            "created_at": "2023-10-02 09:32:56"
        }
    ]
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to view archived messages",
    "code": "CHAT:GET_ARCHIVES:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Chat room not found):


{
    "message": "Chat room not found",
    "code": "CHAT:GET_ARCHIVES:ROOM_NOT_FOUND"
}
 

Request   

GET api/chat/room/{id}/archive

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   string   

The ID of the room. Example: aut

Query Parameters

perpage   integer  optional  

Elements per page (Default: 20).

page   integer  optional  

Page number (Default: 1).

extend   string  optional  

Comma-separated list of relation extensions (available: author).

sortby   string  optional  

Sort by field (available: timestamp). Default: timestamp, desc.

sortdir   string  optional  

Sort direction (available: asc, desc).

Unread messages

requires authentication

Get unread messaged for chat room. Possible extend options:

Example request:
curl --request GET \
    --get "http://localhost:8000/api/chat/messages/unread?room=8" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/chat/messages/unread"
);

const params = {
    "room": "8",
};
Object.keys(params)
    .forEach(key => url.searchParams.append(key, params[key]));

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200, OK):


{
    "paginator": {
        "total": 1,
        "count": 1,
        "perpage": 5,
        "current_page": 1,
        "last_page": 1
    },
    "items": [
        {
            "id": "651a8e4868d5dc27c0000cc2",
            "channel": "chat.messages.room.44.56bf7d37-4ed6-4db4-947b-d68a1066677c.communication-channel",
            "clientId": "95",
            "msgId": "b8673175-01e6-4b6d-9032-226d3df20637",
            "data": "{\"encryptedMessage\":{\"message\":\"z6z1zNihCjlEePltz+BG8g==\",\"initialVector\":\"7376fcbf0b32fbdcd5c5b62c087b7600\"},\"user\":{\"id\":95,\"name\":\"Bartosz Druga firmaa\",\"email\":\"bartosz+drugafirma@refericon.pl\",\"image\":\"https://aether-dev-bucket.s3.amazonaws.com/users/7T6im01PAj4cahksWHllrL7se2SQ9buquIjGGFtp.jpg\",\"permissions\":[],\"roles\":[{\"id\":2,\"name\":\"Clinician\"}]},\"msgId\":\"b8673175-01e6-4b6d-9032-226d3df20637\",\"recipients\":[{\"delivered\":true,\"msgId\":\"b8673175-01e6-4b6d-9032-226d3df20637\",\"seen\":false,\"clientId\":\"95\"},{\"delivered\":true,\"msgId\":\"b8673175-01e6-4b6d-9032-226d3df20637\",\"seen\":false,\"clientId\":\"44\"},{\"delivered\":true,\"msgId\":\"b8673175-01e6-4b6d-9032-226d3df20637\",\"seen\":false,\"clientId\":\"1250\"},{\"delivered\":true,\"msgId\":\"b8673175-01e6-4b6d-9032-226d3df20637\",\"seen\":false,\"clientId\":\"3067\"}]}",
            "name": "message",
            "recipients": [
                {
                    "delivered": true,
                    "msgId": "b8673175-01e6-4b6d-9032-226d3df20637",
                    "seen": true,
                    "clientId": "95"
                },
                {
                    "delivered": true,
                    "msgId": "b8673175-01e6-4b6d-9032-226d3df20637",
                    "seen": false,
                    "clientId": "44"
                },
                {
                    "delivered": true,
                    "msgId": "b8673175-01e6-4b6d-9032-226d3df20637",
                    "seen": false,
                    "clientId": "1250"
                },
                {
                    "delivered": true,
                    "msgId": "b8673175-01e6-4b6d-9032-226d3df20637",
                    "seen": false,
                    "clientId": "3067"
                }
            ],
            "timestamp": 1696239176715,
            "created_at": "2023-10-02 09:32:56"
        }
    ]
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to view unread messages list",
    "code": "CHAT:UNREAD_MESSAGES:INSUFFICIENT_PERMISSION"
}
 

Request   

GET api/chat/messages/unread

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Query Parameters

room   integer  optional  

Filter unread messages by room. Provide single ID (room=1), array of IDs (room[]=1&room[]=2) or comma-separated list of IDs (room=1,2). Example: 8

perpage   integer  optional  

Elements per page (Default: 20).

page   integer  optional  

Page number (Default: 1).

Delete chat message

requires authentication

Example request:
curl --request DELETE \
    "http://localhost:8000/api/chat/messages/19?msgId=repudiandae" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/chat/messages/19"
);

const params = {
    "msgId": "repudiandae",
};
Object.keys(params)
    .forEach(key => url.searchParams.append(key, params[key]));

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "DELETE",
    headers,
}).then(response => response.json());

Example response (202, OK):


{
    "paginator": {
        "total": 1,
        "count": 1,
        "perpage": 5,
        "current_page": 1,
        "last_page": 1
    },
    "items": [
        {
            "id": "651a8e4868d5dc27c0000cc2",
            "channel": "chat.messages.room.44.56bf7d37-4ed6-4db4-947b-d68a1066677c.communication-channel",
            "clientId": "95",
            "msgId": "b8673175-01e6-4b6d-9032-226d3df20637",
            "data": "{\"encryptedMessage\":{\"message\":\"z6z1zNihCjlEePltz+BG8g==\",\"initialVector\":\"7376fcbf0b32fbdcd5c5b62c087b7600\"},\"user\":{\"id\":95,\"name\":\"Bartosz Druga firmaa\",\"email\":\"bartosz+drugafirma@refericon.pl\",\"image\":\"https://aether-dev-bucket.s3.amazonaws.com/users/7T6im01PAj4cahksWHllrL7se2SQ9buquIjGGFtp.jpg\",\"permissions\":[],\"roles\":[{\"id\":2,\"name\":\"Clinician\"}]},\"msgId\":\"b8673175-01e6-4b6d-9032-226d3df20637\",\"recipients\":[{\"delivered\":true,\"msgId\":\"b8673175-01e6-4b6d-9032-226d3df20637\",\"seen\":false,\"clientId\":\"95\"},{\"delivered\":true,\"msgId\":\"b8673175-01e6-4b6d-9032-226d3df20637\",\"seen\":false,\"clientId\":\"44\"},{\"delivered\":true,\"msgId\":\"b8673175-01e6-4b6d-9032-226d3df20637\",\"seen\":false,\"clientId\":\"1250\"},{\"delivered\":true,\"msgId\":\"b8673175-01e6-4b6d-9032-226d3df20637\",\"seen\":false,\"clientId\":\"3067\"}]}",
            "name": "message",
            "recipients": [
                {
                    "delivered": true,
                    "msgId": "b8673175-01e6-4b6d-9032-226d3df20637",
                    "seen": true,
                    "clientId": "95"
                },
                {
                    "delivered": true,
                    "msgId": "b8673175-01e6-4b6d-9032-226d3df20637",
                    "seen": false,
                    "clientId": "44"
                },
                {
                    "delivered": true,
                    "msgId": "b8673175-01e6-4b6d-9032-226d3df20637",
                    "seen": false,
                    "clientId": "1250"
                },
                {
                    "delivered": true,
                    "msgId": "b8673175-01e6-4b6d-9032-226d3df20637",
                    "seen": false,
                    "clientId": "3067"
                }
            ],
            "timestamp": 1696239176715,
            "created_at": "2023-10-02 09:32:56"
        }
    ]
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to delete message",
    "code": "CHAT:DELETE_MESSAGE:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Message not found):


{
    "message": "Chat message not found",
    "code": "CHAT:DELETE_MESSAGE:MESSAGE_NOT_FOUND"
}
 

Request   

DELETE api/chat/messages/{msgId}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

msgId   integer   

Example: 19

Query Parameters

msgId   string   

Message ID. Example: repudiandae

Get tickets list for chat room

requires authentication

Possible extend options:

Example request:
curl --request GET \
    --get "http://localhost:8000/api/chat/tickets/fugiat?status=culpa&sender=4&recipient=14" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/chat/tickets/fugiat"
);

const params = {
    "status": "culpa",
    "sender": "4",
    "recipient": "14",
};
Object.keys(params)
    .forEach(key => url.searchParams.append(key, params[key]));

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


{
    "paginator": {
        "total": 2,
        "count": 2,
        "perpage": 20,
        "current_page": 1,
        "last_page": 1
    },
    "items": [
        {
            "id": 87,
            "sender_id": 292,
            "recipient_id": 293,
            "device_id": null,
            "meeting_date": "2026-06-29 13:09:38",
            "meeting_type": "online_meeting",
            "contact_email": "andreanne.herman@lesch.com",
            "status": "new",
            "created_at": "2026-06-29T13:09:38.000000Z",
            "updated_at": "2026-06-29T13:09:38.000000Z",
            "sender": {
                "id": 292,
                "mrn": "G7GMZ3KB1782738577",
                "name": "Miss Victoria Funk V",
                "email": "1782738577rsenger@example.net",
                "language": "en",
                "phone": "530-624-2711",
                "phone_country": "MK",
                "phone_verified_at": null,
                "address1": "659 Josh Lakes",
                "address2": "Giovannafurt, HI 69156",
                "postal_code": "70929",
                "city": "Lebsack-Eichmann",
                "country": "GB",
                "clinic_name": "Odaview",
                "clinic_location": "4905 Denesik Centers Apt. 056\nEast Justen, IA 35087",
                "image": null,
                "mfa_enabled": 0,
                "mfa_method": null,
                "mfa_verified_to": null,
                "location_id": null,
                "created_by": null,
                "active": 1,
                "is_internal": 0,
                "notifications_timezone": null,
                "notifications_at": null,
                "created_at": "2026-06-29T13:09:37.000000Z",
                "updated_at": "2026-06-29T13:09:37.000000Z",
                "invitation_status": null,
                "acadle_invitation_status": null,
                "roles": []
            },
            "recipient": {
                "id": 293,
                "mrn": "GHBTQX8R1782738578",
                "name": "Antonina Kub",
                "email": "1782738578cjenkins@example.com",
                "language": "en",
                "phone": "+17345659365",
                "phone_country": "MW",
                "phone_verified_at": null,
                "address1": "7209 Itzel Drives Suite 512",
                "address2": "Lake Theresefort, ND 46797",
                "postal_code": "42007-9346",
                "city": "Kiehn-Russel",
                "country": "NO",
                "clinic_name": "Mckennamouth",
                "clinic_location": "55205 Lenna Circles Apt. 094\nEast Magnus, NY 35554-4139",
                "image": null,
                "mfa_enabled": 0,
                "mfa_method": null,
                "mfa_verified_to": null,
                "location_id": null,
                "created_by": null,
                "active": 1,
                "is_internal": 0,
                "notifications_timezone": null,
                "notifications_at": null,
                "created_at": "2026-06-29T13:09:38.000000Z",
                "updated_at": "2026-06-29T13:09:38.000000Z",
                "invitation_status": null,
                "acadle_invitation_status": null,
                "roles": []
            },
            "device": null,
            "messages": []
        },
        {
            "id": 88,
            "sender_id": 294,
            "recipient_id": 295,
            "device_id": null,
            "meeting_date": "2026-06-29 13:09:39",
            "meeting_type": "online_meeting",
            "contact_email": "ruthie00@gutmann.biz",
            "status": "new",
            "created_at": "2026-06-29T13:09:39.000000Z",
            "updated_at": "2026-06-29T13:09:39.000000Z",
            "sender": {
                "id": 294,
                "mrn": "P8VPHUKG1782738578",
                "name": "Prof. Hardy Kautzer",
                "email": "1782738578olaf85@example.org",
                "language": "en",
                "phone": "754.986.3727",
                "phone_country": "WF",
                "phone_verified_at": null,
                "address1": "6998 Chase Fields",
                "address2": "Spinkafort, IL 61389",
                "postal_code": "34418",
                "city": "Hermiston, Harber and Rogahn",
                "country": "GB",
                "clinic_name": "D'Amoreshire",
                "clinic_location": "28231 Markus Cove\nWinfieldfort, VT 25305",
                "image": null,
                "mfa_enabled": 0,
                "mfa_method": null,
                "mfa_verified_to": null,
                "location_id": null,
                "created_by": null,
                "active": 1,
                "is_internal": 0,
                "notifications_timezone": null,
                "notifications_at": null,
                "created_at": "2026-06-29T13:09:38.000000Z",
                "updated_at": "2026-06-29T13:09:38.000000Z",
                "invitation_status": null,
                "acadle_invitation_status": null,
                "roles": []
            },
            "recipient": {
                "id": 295,
                "mrn": "22E6FSWH1782738579",
                "name": "Keara Klocko",
                "email": "1782738579katheryn.harris@example.org",
                "language": "en",
                "phone": "+14439703736",
                "phone_country": "LU",
                "phone_verified_at": null,
                "address1": "14452 Harvey Wall Apt. 473",
                "address2": "Welchside, NC 77422",
                "postal_code": "04136",
                "city": "Cormier, Rodriguez and Blanda",
                "country": "DE",
                "clinic_name": "West Houston",
                "clinic_location": "7806 Jacquelyn Green\nLake Flossiehaven, CA 32522-2349",
                "image": null,
                "mfa_enabled": 0,
                "mfa_method": null,
                "mfa_verified_to": null,
                "location_id": null,
                "created_by": null,
                "active": 1,
                "is_internal": 0,
                "notifications_timezone": null,
                "notifications_at": null,
                "created_at": "2026-06-29T13:09:39.000000Z",
                "updated_at": "2026-06-29T13:09:39.000000Z",
                "invitation_status": null,
                "acadle_invitation_status": null,
                "roles": []
            },
            "device": null,
            "messages": []
        }
    ]
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to view chat room tickets",
    "code": "CHAT:LIST_TICKETS:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Chat room not found):


{
    "message": "Chat room not found",
    "code": "CHAT:LIST_TICKETS:ROOM_NOT_FOUND"
}
 

Request   

GET api/chat/tickets/{roomId}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

roomId   string   

Example: fugiat

Query Parameters

status   string  optional  

Filter tickets by status (available: new,in_progress,closed,reopened. Example: culpa

sender   integer  optional  

Filter tickets by sender. Example: 4

recipient   integer  optional  

Filter tickets by recipient. Example: 14

perpage   integer  optional  

Elements per page (Default: 20).

page   integer  optional  

Page number (Default: 1).

extend   string  optional  

Comma-separated list of relation extensions (available: sender, recipient, messages, messages.attachments, messages.sender).

sortby   string  optional  

Sort by field (available: date). Default: date, desc.

sortdir   string  optional  

Sort direction (available: asc, desc).

Response

Response Fields

items   object   
id   integer   

Support ticket ID.

sender_id   integer   

ID of the user who created the ticket.

recipient_id   integer   

ID of the recipient user.

device_id   integer   

Associated device ID.

meeting_date   string   

Scheduled meeting date.

meeting_type   string   

Meeting type.

Must be one of:
  • online
  • in-person
contact_email   string   

Contact email address.

status   string   

Ticket status.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

sender   object   

User who created the ticket.

recipient   object   

Recipient user.

device   object   

Associated device.

messages   object[]   

Ticket messages.

paginator   object   
total   integer   

Total number of items.

count   integer   

Number of items on current page.

perpage   integer   

Items per page.

current_page   integer   

Current page number.

last_page   integer   

Last page number.

List of available patients for chat

requires authentication

Possible extend options:

Example request:
curl --request GET \
    --get "http://localhost:8000/api/chat/available-patients" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/chat/available-patients"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


{
    "paginator": {
        "total": 2,
        "count": 2,
        "perpage": 20,
        "current_page": 1,
        "last_page": 1
    },
    "items": [
        {
            "id": 296,
            "mrn": "LPJ7R6RM1782738579",
            "name": "Ms. Allison Brown",
            "email": "1782738579epowlowski@example.net",
            "language": "en",
            "phone": "+1 (470) 314-9842",
            "phone_country": "TC",
            "phone_verified_at": null,
            "address1": "266 Destin Causeway Apt. 882",
            "address2": "New Andreanne, CO 96318-2930",
            "postal_code": "10697",
            "city": "Wuckert-Sawayn",
            "country": "FR",
            "clinic_name": "North Juvenal",
            "clinic_location": "2084 Wuckert Pine\nNorth Carlos, ND 80957-7693",
            "image": null,
            "mfa_enabled": 0,
            "mfa_method": null,
            "mfa_verified_to": null,
            "location_id": null,
            "created_by": null,
            "active": 1,
            "is_internal": 0,
            "notifications_timezone": null,
            "notifications_at": null,
            "created_at": "2026-06-29T13:09:39.000000Z",
            "updated_at": "2026-06-29T13:09:39.000000Z",
            "invitation_status": null,
            "acadle_invitation_status": null,
            "devices": [
                {
                    "id": 146,
                    "serial": "4c5c90f6-ce06-3000-a4eb-e3e794c24eec",
                    "bluetooth_id": "f77441da-38ed-3f5e-94e4-f15ddcee0f3f",
                    "company_id": null,
                    "model_id": null,
                    "amputee_id": 296,
                    "clinician_id": null,
                    "firmware_version_id": null,
                    "pcb_version_id": null,
                    "reverse_magnets": 0,
                    "is_electrode": 0,
                    "active": 1,
                    "last_activity_at": "0000-00-00 00:00:00",
                    "created_at": "2026-06-29T13:09:40.000000Z",
                    "updated_at": "2026-06-29T13:09:40.000000Z"
                }
            ],
            "roles": [
                {
                    "id": 1,
                    "name": "SuperAdmin"
                }
            ]
        },
        {
            "id": 297,
            "mrn": "8EJEVVEC1782738580",
            "name": "Orlando Larson",
            "email": "1782738580savannah.crist@example.net",
            "language": "en",
            "phone": "1-830-205-8412",
            "phone_country": "HK",
            "phone_verified_at": null,
            "address1": "53689 Jamel Center",
            "address2": "Avaberg, ID 05627",
            "postal_code": "68458-1342",
            "city": "Brakus Ltd",
            "country": "IE",
            "clinic_name": "East Lou",
            "clinic_location": "5811 Gunnar Island Suite 113\nEldaport, NV 16660",
            "image": null,
            "mfa_enabled": 0,
            "mfa_method": null,
            "mfa_verified_to": null,
            "location_id": null,
            "created_by": null,
            "active": 1,
            "is_internal": 0,
            "notifications_timezone": null,
            "notifications_at": null,
            "created_at": "2026-06-29T13:09:40.000000Z",
            "updated_at": "2026-06-29T13:09:40.000000Z",
            "invitation_status": "accepted",
            "acadle_invitation_status": null,
            "devices": [
                {
                    "id": 147,
                    "serial": "6ad03d4c-39d1-30e5-b458-30dd7532016b",
                    "bluetooth_id": "91d67b8f-7dad-3d5a-99b7-97ae077666ac",
                    "company_id": null,
                    "model_id": null,
                    "amputee_id": 297,
                    "clinician_id": null,
                    "firmware_version_id": null,
                    "pcb_version_id": null,
                    "reverse_magnets": 0,
                    "is_electrode": 0,
                    "active": 1,
                    "last_activity_at": "0000-00-00 00:00:00",
                    "created_at": "2026-06-29T13:09:40.000000Z",
                    "updated_at": "2026-06-29T13:09:40.000000Z"
                }
            ],
            "roles": [
                {
                    "id": 5,
                    "name": "ClinicianSupport"
                }
            ]
        }
    ]
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to list available patients",
    "code": "CHAT:LIST_PATIENTS:INSUFFICIENT_PERMISSION"
}
 

Request   

GET api/chat/available-patients

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Query Parameters

perpage   integer  optional  

Elements per page (Default: 20).

page   integer  optional  

Page number (Default: 1).

Response

Response Fields

items   object   
id   integer   

User ID.

mrn   string   

Medical Record Number.

name   string   

User full name.

email   string   

User email address.

language   string   

User preferred language.

phone   string   

User phone number.

phone_country   string   

Phone country code.

phone_verified_at   string   

Phone verification date.

address1   string   

Address line 1.

address2   string   

Address line 2.

postal_code   string   

Postal code.

city   string   

City.

country   string   

Country code (ISO 3166 Alpha-2).

clinic_name   string   

Clinic name.

clinic_location   string   

Clinic location.

image   string   

User profile image URL.

mfa_enabled   boolean   

Whether MFA is enabled.

mfa_method   string   

Preferred MFA method.

mfa_verified_to   string   

MFA session verified until.

location_id   integer   

Location ID.

created_by   integer   

ID of the user who created this account.

active   boolean   

Whether the user account is active.

is_internal   boolean   

Whether the user is an internal user.

notifications_timezone   string   

Timezone for notifications.

notifications_at   string   

Preferred notification time.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

invitation_status   string   

User invitation status.

acadle_invitation_status   string   

Acadle invitation status.

roles   object[]   

User roles.

id   integer   

Role ID.

name   string   

Role name.

permissions   object[]   

User permissions.

clinicians   object[]   

Assigned clinicians.

devices   object[]   

Assigned devices.

patients   object[]   

Assigned patients.

invitations   object[]   

User invitations.

paginator   object   
total   integer   

Total number of items.

count   integer   

Number of items on current page.

perpage   integer   

Items per page.

current_page   integer   

Current page number.

last_page   integer   

Last page number.

List of available participants for chat

requires authentication

Possible extend options:

Example request:
curl --request GET \
    --get "http://localhost:8000/api/chat/room/1/available-participants" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/chat/room/1/available-participants"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


{
    "paginator": {
        "total": 2,
        "count": 2,
        "perpage": 20,
        "current_page": 1,
        "last_page": 1
    },
    "items": [
        {
            "id": 298,
            "mrn": "T26BGG541782738580",
            "name": "Maritza Williamson",
            "email": "1782738580hilda92@example.net",
            "language": "en",
            "phone": "1-458-808-0175",
            "phone_country": "FM",
            "phone_verified_at": null,
            "address1": "3480 Phoebe Oval Suite 957",
            "address2": "Port Karolann, IN 66288-7123",
            "postal_code": "85363-9127",
            "city": "Haag-Gleichner",
            "country": "LV",
            "clinic_name": "South Maude",
            "clinic_location": "472 Stefan Glens\nPort Alexandreafurt, AR 48422-5943",
            "image": null,
            "mfa_enabled": 0,
            "mfa_method": null,
            "mfa_verified_to": null,
            "location_id": null,
            "created_by": null,
            "active": 1,
            "is_internal": 0,
            "notifications_timezone": null,
            "notifications_at": null,
            "created_at": "2026-06-29T13:09:40.000000Z",
            "updated_at": "2026-06-29T13:09:40.000000Z",
            "invitation_status": "accepted",
            "acadle_invitation_status": null,
            "roles": [
                {
                    "id": 3,
                    "name": "ClinicAdmin"
                }
            ]
        },
        {
            "id": 299,
            "mrn": "TL83Q5851782738581",
            "name": "Prof. Myrna Lind MD",
            "email": "1782738581ansley.schultz@example.org",
            "language": "en",
            "phone": "678-894-3365",
            "phone_country": "NO",
            "phone_verified_at": null,
            "address1": "370 Olga Parks",
            "address2": "Labadietown, PA 14437-0481",
            "postal_code": "57685",
            "city": "White LLC",
            "country": "ES",
            "clinic_name": "Port Mathilde",
            "clinic_location": "78330 Susie Creek\nSipesbury, NC 38405",
            "image": null,
            "mfa_enabled": 0,
            "mfa_method": null,
            "mfa_verified_to": null,
            "location_id": null,
            "created_by": null,
            "active": 1,
            "is_internal": 0,
            "notifications_timezone": null,
            "notifications_at": null,
            "created_at": "2026-06-29T13:09:41.000000Z",
            "updated_at": "2026-06-29T13:09:41.000000Z",
            "invitation_status": null,
            "acadle_invitation_status": "accepted",
            "roles": [
                {
                    "id": 7,
                    "name": "AcadleUser"
                }
            ]
        }
    ]
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to list available participants",
    "code": "CHAT:LIST_PARTICIPANTS:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Chat room not found):


{
    "message": "Chat room not found",
    "code": "CHAT:LIST_PARTICIPANTS:ROOM_NOT_FOUND"
}
 

Request   

GET api/chat/room/{id}/available-participants

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   integer   

Chat room ID. Example: 1

Query Parameters

perpage   integer  optional  

Elements per page (Default: 20).

page   integer  optional  

Page number (Default: 1).

extend   string  optional  

Comma-separated list of relation extensions (available: roles, permissions).

Response

Response Fields

items   object   
id   integer   

User ID.

mrn   string   

Medical Record Number.

name   string   

User full name.

email   string   

User email address.

language   string   

User preferred language.

phone   string   

User phone number.

phone_country   string   

Phone country code.

phone_verified_at   string   

Phone verification date.

address1   string   

Address line 1.

address2   string   

Address line 2.

postal_code   string   

Postal code.

city   string   

City.

country   string   

Country code (ISO 3166 Alpha-2).

clinic_name   string   

Clinic name.

clinic_location   string   

Clinic location.

image   string   

User profile image URL.

mfa_enabled   boolean   

Whether MFA is enabled.

mfa_method   string   

Preferred MFA method.

mfa_verified_to   string   

MFA session verified until.

location_id   integer   

Location ID.

created_by   integer   

ID of the user who created this account.

active   boolean   

Whether the user account is active.

is_internal   boolean   

Whether the user is an internal user.

notifications_timezone   string   

Timezone for notifications.

notifications_at   string   

Preferred notification time.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

invitation_status   string   

User invitation status.

acadle_invitation_status   string   

Acadle invitation status.

roles   object[]   

User roles.

id   integer   

Role ID.

name   string   

Role name.

permissions   object[]   

User permissions.

clinicians   object[]   

Assigned clinicians.

devices   object[]   

Assigned devices.

patients   object[]   

Assigned patients.

invitations   object[]   

User invitations.

paginator   object   
total   integer   

Total number of items.

count   integer   

Number of items on current page.

perpage   integer   

Items per page.

current_page   integer   

Current page number.

last_page   integer   

Last page number.

Community

Endpoints related to community videos

List community videos

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/community/videos" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/community/videos"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


{
    "paginator": {
        "total": 2,
        "count": 2,
        "perpage": 20,
        "current_page": 1,
        "last_page": 1
    },
    "items": [
        {
            "id": 1,
            "user_id": 330,
            "vimeo_id": "620846976",
            "vimeo_url": "https://vimeo.com/620846976",
            "description": "vitae-eum-culpa-blanditiis-distinctio",
            "language": "en",
            "active": 0,
            "created_at": "2026-06-29T13:09:59.000000Z",
            "updated_at": "2026-06-29T13:09:59.000000Z"
        },
        {
            "id": 2,
            "user_id": 331,
            "vimeo_id": "196201640",
            "vimeo_url": "https://vimeo.com/196201640",
            "description": "ad-sint-suscipit-nostrum-ipsam-quisquam-unde-id",
            "language": "en",
            "active": 0,
            "created_at": "2026-06-29T13:10:00.000000Z",
            "updated_at": "2026-06-29T13:10:00.000000Z"
        }
    ]
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to view community videos",
    "code": "COMMUNITY_VIDEOS:LIST:INSUFFICIENT_PERMISSION"
}
 

Request   

GET api/community/videos

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Query Parameters

perpage   integer  optional  

Elements per page (Default: 20).

page   integer  optional  

Page number (Default: 1).

extend   string  optional  

Comma-separated list of relation extensions (available: user, categories, comments, reactions).

Get community video

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/community/videos/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/community/videos/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


{
    "id": 3,
    "user_id": 332,
    "vimeo_id": "048833388",
    "vimeo_url": "https://vimeo.com/048833388",
    "description": "ut-voluptatem-minima-minus-perferendis-quisquam-excepturi-consectetur",
    "language": "en",
    "active": 0,
    "created_at": "2026-06-29T13:10:00.000000Z",
    "updated_at": "2026-06-29T13:10:00.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to view community videos",
    "code": "COMMUNITY_VIDEOS:GET:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Video not found):


{
    "message": "Community video not found",
    "code": "COMMUNITY_VIDEOS:GET:VIDEO_NOT_FOUND"
}
 

Request   

GET api/community/videos/{id}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   integer   

Community video ID. Example: 1

Query Parameters

extend   string  optional  

Comma-separated list of relation extensions (available: user, categories, comments, reactions).

React to community video

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/community/videos/1/react" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/community/videos/1/react"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "POST",
    headers,
}).then(response => response.json());

Example response (200, Current reaction state):


{
    "status": true
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to react to community videos",
    "code": "COMMUNITY_VIDEOS:REACT:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Video not found):


{
    "message": "Community video not found",
    "code": "COMMUNITY_VIDEOS:REACT:VIDEO_NOT_FOUND"
}
 

Request   

POST api/community/videos/{id}/react

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   integer   

Community video ID. Example: 1

Config

API endpoints for device config management

Get device config

requires authentication

Definitions:

Example request:
curl --request GET \
    --get "http://localhost:8000/api/device/1/config?_format=minima" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/device/1/config"
);

const params = {
    "_format": "minima",
};
Object.keys(params)
    .forEach(key => url.searchParams.append(key, params[key]));

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200, Normal/compact response):


{
    "common": {
        "gripPairsConfig": [
            1,
            4,
            2,
            3,
            6,
            7,
            9,
            8
        ],
        "controlConfig": [
            0,
            1,
            0,
            0,
            0
        ],
        "emgThresholds": [
            0,
            0,
            0,
            0,
            0,
            0,
            0,
            0,
            0,
            0
        ],
        "interval": [
            100
        ],
        "gripSequentialConfig": [
            1,
            2,
            4,
            3,
            0,
            255,
            6,
            7,
            9,
            8,
            255,
            255
        ]
    },
    "modes": [
        {
            "id": 100,
            "name": "Mode 1",
            "slot": 0,
            "config": {
                "interval": [
                    300
                ],
                "fingerStrength": [
                    1,
                    100
                ],
                "autoGrasp": [
                    0,
                    100
                ],
                "emgSpike": [
                    0,
                    300
                ]
            }
        },
        {
            "id": 101,
            "name": "Mode 2",
            "slot": 1,
            "config": {
                "interval": [
                    400
                ],
                "fingerStrength": [
                    1,
                    100
                ],
                "autoGrasp": [
                    0,
                    100
                ],
                "emgSpike": [
                    0,
                    300
                ]
            }
        },
        {
            "id": 102,
            "name": "Mode 3",
            "slot": 2,
            "config": {
                "interval": [
                    500
                ],
                "fingerStrength": [
                    1,
                    100
                ],
                "autoGrasp": [
                    0,
                    100
                ],
                "emgSpike": [
                    0,
                    300
                ]
            }
        }
    ]
}
 

Example response (200):


[
    {
        "id": 1,
        "device_id": 19,
        "mode_id": 1,
        "key": "ipsa",
        "value": "perspiciatis",
        "created_at": "2026-06-29T13:07:45.000000Z",
        "updated_at": "2026-06-29T13:07:45.000000Z",
        "mode": {
            "id": 1,
            "device_id": 20,
            "slot": null,
            "name": "In atque voluptates quam voluptatem blanditiis.",
            "active": 0,
            "created_at": "2026-06-29T13:07:44.000000Z",
            "updated_at": "2026-06-29T13:07:44.000000Z"
        }
    },
    {
        "id": 2,
        "device_id": 21,
        "mode_id": 2,
        "key": "aspernatur",
        "value": "tempora",
        "created_at": "2026-06-29T13:07:45.000000Z",
        "updated_at": "2026-06-29T13:07:45.000000Z",
        "mode": {
            "id": 2,
            "device_id": 22,
            "slot": null,
            "name": "Iure nihil quis quia consequatur.",
            "active": 0,
            "created_at": "2026-06-29T13:07:45.000000Z",
            "updated_at": "2026-06-29T13:07:45.000000Z"
        }
    }
]
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to view device config",
    "code": "CONFIG:GET:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Device not found):


{
    "message": "Device not found",
    "code": "CONFIG:GET:DEVICE_NOT_FOUND"
}
 

Request   

GET api/device/{deviceId}/config

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

deviceId   integer   

Device ID. Example: 1

Query Parameters

_format   string  optional  

Config format. Pass collection to receive config as resource collection. Example: minima

Response

Response Fields

id   integer   

Config entry ID.

device_id   integer   

Associated device ID.

mode_id   integer   

Associated config mode ID.

key   string   

Config key.

value   string   

Config value.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

mode   object   

Associated config mode.

Update device config

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/device/1/config" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"name\": \"Remote session 2022-05-30\",
    \"common\": \"{\\\"gripPairsConfig\\\": [1, 4, 2, 3, 6, 7, 9, 8], \\\"controlConfig\\\": [0, 1, 0, 0, 0], \\\"gripSequentialConfig\\\": [1, 2, 4, 3, 0, 255, 6, 7, 9, 8, 255, 255]\",
    \"updateNote\": true,
    \"modes\": [
        {
            \"id\": 1,
            \"config\": \"{\\\"gripPairsConfig\\\": [1, 4, 2, 3, 6, 7, 9, 8], \\\"controlConfig\\\": [0, 1, 0, 0, 0], \\\"gripSequentialConfig\\\": [1, 2, 4, 3, 0, 255, 6, 7, 9, 8, 255, 255]\"
        }
    ]
}"
const url = new URL(
    "http://localhost:8000/api/device/1/config"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "name": "Remote session 2022-05-30",
    "common": "{\"gripPairsConfig\": [1, 4, 2, 3, 6, 7, 9, 8], \"controlConfig\": [0, 1, 0, 0, 0], \"gripSequentialConfig\": [1, 2, 4, 3, 0, 255, 6, 7, 9, 8, 255, 255]",
    "updateNote": true,
    "modes": [
        {
            "id": 1,
            "config": "{\"gripPairsConfig\": [1, 4, 2, 3, 6, 7, 9, 8], \"controlConfig\": [0, 1, 0, 0, 0], \"gripSequentialConfig\": [1, 2, 4, 3, 0, 255, 6, 7, 9, 8, 255, 255]"
        }
    ]
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (200, OK):


{
    "common": {
        "gripPairsConfig": [
            1,
            4,
            2,
            3,
            6,
            7,
            9,
            8
        ],
        "controlConfig": [
            0,
            1,
            0,
            0,
            0
        ],
        "emgThresholds": [
            0,
            0,
            0,
            0,
            0,
            0,
            0,
            0,
            0,
            0
        ],
        "interval": [
            100
        ],
        "gripSequentialConfig": [
            1,
            2,
            4,
            3,
            0,
            255,
            6,
            7,
            9,
            8,
            255,
            255
        ]
    },
    "modes": [
        {
            "id": 100,
            "name": "Mode 1",
            "slot": 0,
            "config": {
                "interval": [
                    300
                ],
                "fingerStrength": [
                    1,
                    100
                ],
                "autoGrasp": [
                    0,
                    100
                ],
                "emgSpike": [
                    0,
                    300
                ]
            }
        },
        {
            "id": 101,
            "name": "Mode 2",
            "slot": 1,
            "config": {
                "interval": [
                    400
                ],
                "fingerStrength": [
                    1,
                    100
                ],
                "autoGrasp": [
                    0,
                    100
                ],
                "emgSpike": [
                    0,
                    300
                ]
            }
        },
        {
            "id": 102,
            "name": "Mode 3",
            "slot": 2,
            "config": {
                "interval": [
                    500
                ],
                "fingerStrength": [
                    1,
                    100
                ],
                "autoGrasp": [
                    0,
                    100
                ],
                "emgSpike": [
                    0,
                    300
                ]
            }
        }
    ]
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to update device config",
    "code": "CONFIG:UPDATE:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Device not found):


{
    "message": "Device not found",
    "code": "CONFIG:UPDATE:DEVICE_NOT_FOUND"
}
 

Example response (422, Invalid config):


{
    "message": "Config has some problems and cannot be saved.",
    "errors": {
        "modes": {
            "mode_3": "Config mode 3 does not belong to device 12."
        },
        "values": {
            "common.inputSite": "Invalid value [\"11\"] for key inputSite - contains string values.",
            "common.gripsPositions.1.initial": "Invalid value [200,\"100\",\"100\",\"100\",\"100\"] for key gripsPositions.1.initial - contains string values.",
            "mode_1.inputSite": "Invalid value [\"11\"] for key inputSite - contains string values.",
            "mode_1.gripsPositions.0.initial": "Invalid value [\"200\",\"100\",\"100\",\"100\",\"100\"] for key gripsPositions.1.initial - contains string values."
        }
    },
    "code": "CONFIG:UPDATE:INVALID_CONFIG"
}
 

Request   

POST api/device/{deviceId}/config

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

deviceId   integer   

Device ID. Example: 1

Body Parameters

name   string  optional  

Config history entry name (session name). Example: Remote session 2022-05-30

common   string  optional  

Common config as JSON string. MUST_BE_JSON. Example: {"gripPairsConfig": [1, 4, 2, 3, 6, 7, 9, 8], "controlConfig": [0, 1, 0, 0, 0], "gripSequentialConfig": [1, 2, 4, 3, 0, 255, 6, 7, 9, 8, 255, 255]

updateNote   boolean  optional  

Add config history note with content equal to name parameter. Example: true

modes   object[]  optional  
id   string  optional  

Config mode ID. The id of an existing record in the App\Models\ConfigMode table. Example: 1

config   string  optional  

Config specific for mode as JSON string. MUST_BE_JSON. Example: {"gripPairsConfig": [1, 4, 2, 3, 6, 7, 9, 8], "controlConfig": [0, 1, 0, 0, 0], "gripSequentialConfig": [1, 2, 4, 3, 0, 255, 6, 7, 9, 8, 255, 255]

Get device config history

requires authentication

For amputees only restore points are returned.

Example request:
curl --request GET \
    --get "http://localhost:8000/api/device/1/config/history?restore_point=1&factory_reset_point=1&date_from=1642003200&date_to=1642003200" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"restore_point\": true,
    \"factory_reset_point\": false
}"
const url = new URL(
    "http://localhost:8000/api/device/1/config/history"
);

const params = {
    "restore_point": "1",
    "factory_reset_point": "1",
    "date_from": "1642003200",
    "date_to": "1642003200",
};
Object.keys(params)
    .forEach(key => url.searchParams.append(key, params[key]));

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "restore_point": true,
    "factory_reset_point": false
};

fetch(url, {
    method: "GET",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (200, Normal/compact response):


{
    "common": {
        "gripPairsConfig": [
            1,
            4,
            2,
            3,
            6,
            7,
            9,
            8
        ],
        "controlConfig": [
            0,
            1,
            0,
            0,
            0
        ],
        "emgThresholds": [
            0,
            0,
            0,
            0,
            0,
            0,
            0,
            0,
            0,
            0
        ],
        "interval": [
            100
        ],
        "gripSequentialConfig": [
            1,
            2,
            4,
            3,
            0,
            255,
            6,
            7,
            9,
            8,
            255,
            255
        ]
    },
    "modes": [
        {
            "id": 100,
            "name": "Mode 1",
            "slot": 0,
            "config": {
                "interval": [
                    300
                ],
                "fingerStrength": [
                    1,
                    100
                ],
                "autoGrasp": [
                    0,
                    100
                ],
                "emgSpike": [
                    0,
                    300
                ]
            }
        },
        {
            "id": 101,
            "name": "Mode 2",
            "slot": 1,
            "config": {
                "interval": [
                    400
                ],
                "fingerStrength": [
                    1,
                    100
                ],
                "autoGrasp": [
                    0,
                    100
                ],
                "emgSpike": [
                    0,
                    300
                ]
            }
        },
        {
            "id": 102,
            "name": "Mode 3",
            "slot": 2,
            "config": {
                "interval": [
                    500
                ],
                "fingerStrength": [
                    1,
                    100
                ],
                "autoGrasp": [
                    0,
                    100
                ],
                "emgSpike": [
                    0,
                    300
                ]
            }
        }
    ]
}
 

Example response (200):


{
    "paginator": {
        "total": 2,
        "count": 2,
        "perpage": 20,
        "current_page": 1,
        "last_page": 1
    },
    "items": [
        {
            "id": 1,
            "user_id": null,
            "device_id": 23,
            "index": null,
            "name": "Et quod assumenda ut quo molestiae nemo.",
            "config": "{\"common\":{\"fingerStrength\":[1,200],\"gripPositions\":{\"_\":0,\"0\":{\"initial\":[34,55,11,27,48],\"limit\":[77,57,30,61,50]},\"1\":{\"initial\":[8,53,15,9,19],\"limit\":[47,88,67,9,88]},\"2\":{\"initial\":[41,37,26,6,7],\"limit\":[60,69,89,28,40]},\"3\":{\"initial\":[16,47,17,25,53],\"limit\":[92,81,85,90,62]},\"4\":{\"initial\":[34,62,66,37,10],\"limit\":[81,81,79,57,64]},\"5\":{\"initial\":[11,15,37,12,8],\"limit\":[53,45,70,41,68]},\"6\":{\"initial\":[30,47,13,74,44],\"limit\":[60,65,33,87,61]},\"7\":{\"initial\":[17,11,37,7,35],\"limit\":[37,37,85,19,43]},\"8\":{\"initial\":[33,16,44,31,13],\"limit\":[49,28,92,67,85]},\"9\":{\"initial\":[62,49,35,44,46],\"limit\":[76,94,90,74,81]},\"10\":{\"initial\":[27,55,53,8,1],\"limit\":[70,55,84,72,63]},\"11\":{\"initial\":[2,12,9,31,6],\"limit\":[85,49,45,71,41]},\"12\":{\"initial\":[41,40,22,15,5],\"limit\":[79,73,81,68,81]},\"13\":{\"initial\":[30,49,48,12,47],\"limit\":[91,66,69,22,94]}},\"inputSite\":[1]},\"modes\":[{\"id\":3,\"name\":\"Modi dolore vero dolorem aut magni.\",\"slot\":0,\"config\":{\"autoGrasp\":[1,100],\"coContractionTimings\":[300,100],\"controlMode\":[1],\"emgGains\":[100,100],\"emgSpike\":[0,300],\"emgThresholds\":[50,80,70,70,50,80,20,60,50,90],\"gripPairsConfig\":[7,12,3,10,6,9,8,1],\"gripSequentialConfig\":[6,9,255,255,13,11,10,4,255,1,255,12],\"gripSwitchingMode\":[1],\"holdOpen\":[1500,2000],\"pulseTimings\":[970,360,820,370],\"softGrip\":[1],\"speedControlStrategy\":[0]}},{\"id\":4,\"name\":\"Rerum exercitationem delectus non dolores consectetur.\",\"slot\":1,\"config\":{\"autoGrasp\":[0,100],\"coContractionTimings\":[400,400],\"controlMode\":[0],\"emgGains\":[100,100],\"emgSpike\":[0,300],\"emgThresholds\":[60,80,30,10,80,100,90,100,20,50],\"gripPairsConfig\":[3,7,8,9,10,12,2,13],\"gripSequentialConfig\":[1,2,11,13,9,6,10,5,7,12,4,8],\"gripSwitchingMode\":[1],\"holdOpen\":[1500,2500],\"pulseTimings\":[60,890,800,450],\"softGrip\":[1],\"speedControlStrategy\":[0]}},{\"id\":5,\"name\":\"Minus sapiente dolor fugiat libero perferendis rerum.\",\"slot\":2,\"config\":{\"autoGrasp\":[0,0],\"coContractionTimings\":[400,200],\"controlMode\":[0],\"emgGains\":[100,100],\"emgSpike\":[0,300],\"emgThresholds\":[10,80,10,40,90,80,60,0,100,40],\"gripPairsConfig\":[9,13,5,7,1,11,12,6],\"gripSequentialConfig\":[2,1,255,7,11,9,5,255,255,4,255,255],\"gripSwitchingMode\":[3],\"holdOpen\":[1500,2500],\"pulseTimings\":[220,360,670,410],\"softGrip\":[0],\"speedControlStrategy\":[0]}}]}",
            "restore_point": 1,
            "factory_reset_point": 0,
            "changed_by": 50,
            "firmware_version_id": null,
            "created_at": "2026-06-29T13:07:45.000000Z",
            "updated_at": "2026-06-29T13:07:45.000000Z",
            "author": {
                "id": 50,
                "mrn": "9VDFVUMA1782738465",
                "name": "Marcia D'Amore",
                "email": "1782738465jordan.koss@example.net",
                "language": "en",
                "phone": "1-785-721-2816",
                "phone_country": "UG",
                "phone_verified_at": null,
                "address1": "30974 Macie Throughway",
                "address2": "West Pansy, VA 44455-1306",
                "postal_code": "15868",
                "city": "Hermiston Ltd",
                "country": "IE",
                "clinic_name": "Watersmouth",
                "clinic_location": "230 Kris Lane Apt. 512\nFarrellport, AL 10978",
                "image": null,
                "mfa_enabled": 0,
                "mfa_method": null,
                "mfa_verified_to": null,
                "location_id": null,
                "created_by": null,
                "active": 1,
                "is_internal": 0,
                "notifications_timezone": null,
                "notifications_at": null,
                "created_at": "2026-06-29T13:07:45.000000Z",
                "updated_at": "2026-06-29T13:07:45.000000Z",
                "invitation_status": null,
                "acadle_invitation_status": null,
                "roles": []
            },
            "entries": [
                {
                    "id": 1,
                    "config_history_id": 1,
                    "config_id": 3,
                    "old_value": "quisquam",
                    "new_value": "et",
                    "created_at": "2026-06-29T13:07:46.000000Z",
                    "updated_at": "2026-06-29T13:07:46.000000Z",
                    "config_entry": {
                        "id": 3,
                        "device_id": 31,
                        "mode_id": null,
                        "key": "possimus",
                        "value": "dolores",
                        "created_at": "2026-06-29T13:07:46.000000Z",
                        "updated_at": "2026-06-29T13:07:46.000000Z"
                    }
                }
            ]
        },
        {
            "id": 3,
            "user_id": null,
            "device_id": 32,
            "index": null,
            "name": "Sit et harum quia in est non ratione.",
            "config": "{\"common\":{\"fingerStrength\":[1,500],\"gripPositions\":{\"_\":0,\"0\":{\"initial\":[75,30,48,55,36],\"limit\":[90,50,59,87,40]},\"1\":{\"initial\":[24,28,44,54,30],\"limit\":[37,58,71,85,48]},\"2\":{\"initial\":[1,7,44,56,43],\"limit\":[93,82,52,64,60]},\"3\":{\"initial\":[44,1,13,34,28],\"limit\":[67,17,70,48,67]},\"4\":{\"initial\":[16,46,15,5,36],\"limit\":[42,65,58,47,94]},\"5\":{\"initial\":[11,71,23,2,73],\"limit\":[66,88,77,5,86]},\"6\":{\"initial\":[39,6,31,5,5],\"limit\":[85,59,89,71,10]},\"7\":{\"initial\":[63,76,16,25,32],\"limit\":[88,87,21,54,60]},\"8\":{\"initial\":[1,20,9,40,2],\"limit\":[41,52,55,68,42]},\"9\":{\"initial\":[26,23,74,55,34],\"limit\":[77,38,86,93,68]},\"10\":{\"initial\":[2,25,16,49,59],\"limit\":[36,30,77,72,85]},\"11\":{\"initial\":[17,6,21,72,25],\"limit\":[91,16,93,83,89]},\"12\":{\"initial\":[68,25,13,14,56],\"limit\":[71,78,56,83,70]},\"13\":{\"initial\":[4,2,50,70,1],\"limit\":[84,6,65,82,83]}},\"inputSite\":[0]},\"modes\":[{\"id\":9,\"name\":\"Expedita quod vel modi voluptas porro.\",\"slot\":0,\"config\":{\"autoGrasp\":[0,0],\"coContractionTimings\":[500,400],\"controlMode\":[1],\"emgGains\":[100,100],\"emgSpike\":[0,300],\"emgThresholds\":[90,10,70,40,70,50,60,100,10,60],\"gripPairsConfig\":[4,8,5,12,10,6,3,7],\"gripSequentialConfig\":[12,2,7,13,255,9,5,255,255,255,10,3],\"gripSwitchingMode\":[2],\"holdOpen\":[1500,2500],\"pulseTimings\":[270,310,750,140],\"softGrip\":[1],\"speedControlStrategy\":[0]}},{\"id\":10,\"name\":\"Est accusamus doloribus dicta culpa odit et.\",\"slot\":1,\"config\":{\"autoGrasp\":[1,0],\"coContractionTimings\":[500,400],\"controlMode\":[0],\"emgGains\":[100,100],\"emgSpike\":[1,300],\"emgThresholds\":[70,60,90,60,50,60,0,100,90,80],\"gripPairsConfig\":[5,13,8,4,10,9,6,1],\"gripSequentialConfig\":[11,255,255,255,9,255,13,255,2,255,6,12],\"gripSwitchingMode\":[2],\"holdOpen\":[1500,2000],\"pulseTimings\":[310,930,470,550],\"softGrip\":[0],\"speedControlStrategy\":[1]}},{\"id\":11,\"name\":\"Non repellat deleniti deserunt maxime ut numquam aut id.\",\"slot\":2,\"config\":{\"autoGrasp\":[1,100],\"coContractionTimings\":[300,200],\"controlMode\":[1],\"emgGains\":[100,100],\"emgSpike\":[1,300],\"emgThresholds\":[80,60,80,30,60,80,80,40,10,60],\"gripPairsConfig\":[2,9,7,6,12,4,1,8],\"gripSequentialConfig\":[255,3,13,6,255,255,7,8,255,255,255,12],\"gripSwitchingMode\":[3],\"holdOpen\":[1500,2500],\"pulseTimings\":[950,660,520,300],\"softGrip\":[0],\"speedControlStrategy\":[0]}}]}",
            "restore_point": 1,
            "factory_reset_point": 0,
            "changed_by": 53,
            "firmware_version_id": null,
            "created_at": "2026-06-29T13:07:47.000000Z",
            "updated_at": "2026-06-29T13:07:47.000000Z",
            "author": {
                "id": 53,
                "mrn": "WXUXN4FA1782738466",
                "name": "Jamaal Cronin",
                "email": "1782738466forrest56@example.com",
                "language": "en",
                "phone": "+16463483140",
                "phone_country": "HR",
                "phone_verified_at": null,
                "address1": "9729 Raynor Roads Suite 622",
                "address2": "Kassandraton, MO 10723",
                "postal_code": "53323",
                "city": "McClure, Hilpert and White",
                "country": "FI",
                "clinic_name": "South Anabelside",
                "clinic_location": "935 Pouros Garden Suite 753\nSatterfieldchester, ND 07723-2794",
                "image": null,
                "mfa_enabled": 0,
                "mfa_method": null,
                "mfa_verified_to": null,
                "location_id": null,
                "created_by": null,
                "active": 1,
                "is_internal": 0,
                "notifications_timezone": null,
                "notifications_at": null,
                "created_at": "2026-06-29T13:07:46.000000Z",
                "updated_at": "2026-06-29T13:07:46.000000Z",
                "invitation_status": null,
                "acadle_invitation_status": null,
                "roles": []
            },
            "entries": [
                {
                    "id": 2,
                    "config_history_id": 3,
                    "config_id": 4,
                    "old_value": "mollitia",
                    "new_value": "quia",
                    "created_at": "2026-06-29T13:07:47.000000Z",
                    "updated_at": "2026-06-29T13:07:47.000000Z",
                    "config_entry": {
                        "id": 4,
                        "device_id": 40,
                        "mode_id": null,
                        "key": "omnis",
                        "value": "id",
                        "created_at": "2026-06-29T13:07:47.000000Z",
                        "updated_at": "2026-06-29T13:07:47.000000Z"
                    }
                }
            ]
        }
    ]
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to view device config",
    "code": "CONFIG:HISTORY:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Device not found):


{
    "message": "Device not found",
    "code": "CONFIG:HISTORY:DEVICE_NOT_FOUND"
}
 

Request   

GET api/device/{deviceId}/config/history

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

deviceId   integer   

Device ID. Example: 1

Query Parameters

restore_point   boolean  optional  

Filter config entries by restore point status. Example: 1

factory_reset_point   boolean  optional  

Filter config entries by factory reset point status. Example: 1

date_from   integer  optional  

Filter config entries from date (timestamp). Example: 1642003200

date_to   integer  optional  

Filter config entries to date (timestamp). Example: 1642003200

perpage   integer  optional  

Elements per page (Default: 20).

page   integer  optional  

Page number (Default: 1).

extend   string  optional  

Comma-separated list of relation extensions (available: author, entries).

sortby   string  optional  

Sort by field (available: date). Default: date, desc.

sortdir   string  optional  

Sort direction (available: asc, desc).

Body Parameters

restore_point   boolean  optional  

Example: true

factory_reset_point   boolean  optional  

Example: false

date_from   string  optional  
date_to   string  optional  

Response

Response Fields

items   object   
id   integer   

Config history entry ID.

device_id   integer   

Associated device ID.

index   integer   

Config history index.

name   string   

Config snapshot name.

config   string   

Serialized config data.

restore_point   boolean   

Whether this entry is a restore point.

factory_reset_point   boolean   

Whether this entry is a factory reset point.

changed_by   integer   

ID of the user who made the change.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

author   object   

User who made the change.

entries   object[]   

Individual config history entries.

notes   object[]   

Notes attached to this history entry.

paginator   object   
total   integer   

Total number of items.

count   integer   

Number of items on current page.

perpage   integer   

Items per page.

current_page   integer   

Current page number.

last_page   integer   

Last page number.

Get device config history entry

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/device/1/config/history/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/device/1/config/history/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


{
    "id": 5,
    "user_id": null,
    "device_id": 41,
    "index": null,
    "name": "Iure sed id officiis dignissimos in.",
    "config": "{\"common\":{\"fingerStrength\":[1,200],\"gripPositions\":{\"_\":0,\"0\":{\"initial\":[32,29,2,32,79],\"limit\":[37,49,6,36,84]},\"1\":{\"initial\":[41,49,60,79,16],\"limit\":[64,91,75,90,60]},\"2\":{\"initial\":[2,40,22,9,51],\"limit\":[18,73,52,57,72]},\"3\":{\"initial\":[24,8,4,87,23],\"limit\":[25,22,77,89,52]},\"4\":{\"initial\":[1,59,43,40,9],\"limit\":[86,91,64,83,27]},\"5\":{\"initial\":[22,13,66,51,22],\"limit\":[91,25,80,84,88]},\"6\":{\"initial\":[50,22,24,71,39],\"limit\":[92,38,95,88,49]},\"7\":{\"initial\":[15,2,39,16,83],\"limit\":[26,72,70,36,94]},\"8\":{\"initial\":[36,61,47,19,15],\"limit\":[72,85,54,77,44]},\"9\":{\"initial\":[17,20,5,24,50],\"limit\":[83,48,53,92,53]},\"10\":{\"initial\":[42,75,5,12,51],\"limit\":[65,86,36,41,52]},\"11\":{\"initial\":[8,11,54,66,34],\"limit\":[67,28,70,86,55]},\"12\":{\"initial\":[8,58,4,63,8],\"limit\":[26,69,5,75,34]},\"13\":{\"initial\":[19,14,65,62,11],\"limit\":[30,63,81,95,65]}},\"inputSite\":[1]},\"modes\":[{\"id\":15,\"name\":\"Ut quibusdam omnis consequatur aut ex est.\",\"slot\":0,\"config\":{\"autoGrasp\":[1,0],\"coContractionTimings\":[200,100],\"controlMode\":[0],\"emgGains\":[100,100],\"emgSpike\":[1,300],\"emgThresholds\":[80,0,0,10,0,60,40,90,0,20],\"gripPairsConfig\":[1,9,11,12,7,6,4,13],\"gripSequentialConfig\":[255,255,12,1,255,5,255,255,255,255,9,6],\"gripSwitchingMode\":[1],\"holdOpen\":[1500,1500],\"pulseTimings\":[580,790,620,750],\"softGrip\":[0],\"speedControlStrategy\":[1]}},{\"id\":16,\"name\":\"Temporibus et nam quibusdam quis.\",\"slot\":1,\"config\":{\"autoGrasp\":[0,0],\"coContractionTimings\":[500,400],\"controlMode\":[1],\"emgGains\":[100,100],\"emgSpike\":[1,300],\"emgThresholds\":[90,30,80,0,30,70,10,60,80,60],\"gripPairsConfig\":[8,3,6,7,12,4,11,2],\"gripSequentialConfig\":[1,255,255,5,6,7,255,2,11,9,3,255],\"gripSwitchingMode\":[2],\"holdOpen\":[2000,2500],\"pulseTimings\":[130,560,610,100],\"softGrip\":[0],\"speedControlStrategy\":[1]}},{\"id\":17,\"name\":\"Molestiae reprehenderit veniam porro non.\",\"slot\":2,\"config\":{\"autoGrasp\":[0,0],\"coContractionTimings\":[300,100],\"controlMode\":[0],\"emgGains\":[100,100],\"emgSpike\":[1,300],\"emgThresholds\":[100,90,50,20,30,0,70,60,20,10],\"gripPairsConfig\":[6,4,11,2,9,7,5,13],\"gripSequentialConfig\":[255,9,255,13,255,12,6,4,8,10,1,11],\"gripSwitchingMode\":[2],\"holdOpen\":[1500,1500],\"pulseTimings\":[890,110,90,660],\"softGrip\":[1],\"speedControlStrategy\":[1]}}]}",
    "restore_point": 1,
    "factory_reset_point": 0,
    "changed_by": 55,
    "firmware_version_id": null,
    "created_at": "2026-06-29T13:07:48.000000Z",
    "updated_at": "2026-06-29T13:07:48.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to view device config",
    "code": "CONFIG:HISTORY_ENTRY:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Device not found):


{
    "message": "Device not found",
    "code": "CONFIG:HISTORY_ENTRY:DEVICE_NOT_FOUND"
}
 

Example response (404, Config history entry not found):


{
    "message": "Config history entry not found",
    "code": "CONFIG:HISTORY_ENTRY:HISTORY_ENTRY_NOT_FOUND"
}
 

Request   

GET api/device/{deviceId}/config/history/{configId}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

deviceId   integer   

Device ID. Example: 1

configId   integer   

Config history entry ID. Example: 1

Query Parameters

extend   string  optional  

Comma-separated list of relation extensions (available: author, entries).

Response

Response Fields

id   integer   

Config history entry ID.

device_id   integer   

Associated device ID.

index   integer   

Config history index.

name   string   

Config snapshot name.

config   string   

Serialized config data.

restore_point   boolean   

Whether this entry is a restore point.

factory_reset_point   boolean   

Whether this entry is a factory reset point.

changed_by   integer   

ID of the user who made the change.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

author   object   

User who made the change.

entries   object[]   

Individual config history entries.

notes   object[]   

Notes attached to this history entry.

Update config history

requires authentication

Returns updated config history in response.

Example request:
curl --request POST \
    "http://localhost:8000/api/device/1/config/history/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"name\": \"Remote session 2022-05-30\",
    \"restore_point\": true,
    \"factory_reset_point\": false
}"
const url = new URL(
    "http://localhost:8000/api/device/1/config/history/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "name": "Remote session 2022-05-30",
    "restore_point": true,
    "factory_reset_point": false
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (202):


{
    "id": 6,
    "user_id": null,
    "device_id": 45,
    "index": null,
    "name": "Occaecati non incidunt beatae maxime minima facilis quae.",
    "config": "{\"common\":{\"fingerStrength\":[1,100],\"gripPositions\":{\"_\":0,\"0\":{\"initial\":[47,2,9,40,7],\"limit\":[67,44,92,59,91]},\"1\":{\"initial\":[24,76,15,57,13],\"limit\":[77,88,48,74,89]},\"2\":{\"initial\":[13,45,7,73,19],\"limit\":[83,53,55,74,45]},\"3\":{\"initial\":[86,46,37,38,3],\"limit\":[93,68,40,92,68]},\"4\":{\"initial\":[52,36,10,27,61],\"limit\":[71,70,33,62,77]},\"5\":{\"initial\":[18,25,1,6,6],\"limit\":[48,38,33,95,87]},\"6\":{\"initial\":[6,31,19,7,25],\"limit\":[60,74,90,50,86]},\"7\":{\"initial\":[31,16,17,66,44],\"limit\":[52,30,81,68,65]},\"8\":{\"initial\":[29,21,19,7,3],\"limit\":[56,67,45,24,55]},\"9\":{\"initial\":[74,8,26,30,30],\"limit\":[84,32,36,59,66]},\"10\":{\"initial\":[38,73,61,27,32],\"limit\":[70,88,85,85,86]},\"11\":{\"initial\":[58,12,15,39,25],\"limit\":[82,60,56,90,88]},\"12\":{\"initial\":[5,26,46,6,6],\"limit\":[70,43,86,95,84]},\"13\":{\"initial\":[47,78,57,33,32],\"limit\":[63,90,64,48,78]}},\"inputSite\":[1]},\"modes\":[{\"id\":18,\"name\":\"Culpa voluptatem quibusdam itaque et enim necessitatibus.\",\"slot\":0,\"config\":{\"autoGrasp\":[1,100],\"coContractionTimings\":[500,500],\"controlMode\":[1],\"emgGains\":[100,100],\"emgSpike\":[1,300],\"emgThresholds\":[30,90,30,30,40,0,60,10,60,0],\"gripPairsConfig\":[13,1,11,10,3,5,7,4],\"gripSequentialConfig\":[8,255,9,255,255,255,255,7,255,13,255,4],\"gripSwitchingMode\":[1],\"holdOpen\":[1500,2000],\"pulseTimings\":[810,480,250,480],\"softGrip\":[1],\"speedControlStrategy\":[0]}},{\"id\":19,\"name\":\"Incidunt voluptatem sapiente aut vel.\",\"slot\":1,\"config\":{\"autoGrasp\":[1,100],\"coContractionTimings\":[500,400],\"controlMode\":[0],\"emgGains\":[100,100],\"emgSpike\":[0,300],\"emgThresholds\":[70,60,100,100,30,30,100,70,30,80],\"gripPairsConfig\":[4,6,1,9,5,12,7,3],\"gripSequentialConfig\":[255,12,6,9,8,4,255,2,255,1,255,11],\"gripSwitchingMode\":[2],\"holdOpen\":[1500,1500],\"pulseTimings\":[820,130,40,740],\"softGrip\":[0],\"speedControlStrategy\":[1]}},{\"id\":20,\"name\":\"Ad ullam optio suscipit sapiente.\",\"slot\":2,\"config\":{\"autoGrasp\":[0,0],\"coContractionTimings\":[100,100],\"controlMode\":[0],\"emgGains\":[100,100],\"emgSpike\":[1,300],\"emgThresholds\":[10,30,30,40,70,20,80,90,50,50],\"gripPairsConfig\":[4,7,9,10,8,6,12,5],\"gripSequentialConfig\":[255,13,255,1,10,7,9,4,6,3,2,8],\"gripSwitchingMode\":[2],\"holdOpen\":[2500,2500],\"pulseTimings\":[860,120,140,970],\"softGrip\":[0],\"speedControlStrategy\":[1]}}]}",
    "restore_point": 0,
    "factory_reset_point": 0,
    "changed_by": 56,
    "firmware_version_id": null,
    "created_at": "2026-06-29T13:07:48.000000Z",
    "updated_at": "2026-06-29T13:07:48.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to update device config",
    "code": "CONFIG:HISTORY_UPDATE:INSUFFICIENT_PERMISSION"
}
 

Example response (403, Factory reset point already exists):


{
    "message": "Factory reset point does not exist",
    "code": "CONFIG:HISTORY_UPDATE:FACTORY_RESET_POINT_ALREADY_EXISTS"
}
 

Example response (404, Device not found):


{
    "message": "Device not found",
    "code": "CONFIG:HISTORY_UPDATE:DEVICE_NOT_FOUND"
}
 

Example response (404, Config history entry not found):


{
    "message": "Config history entry not found",
    "code": "CONFIG:HISTORY_UPDATE:HISTORY_ENTRY_NOT_FOUND"
}
 

Request   

POST api/device/{deviceId}/config/history/{configId}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

deviceId   integer   

Device ID. Example: 1

configId   integer   

Config history entry ID. Example: 1

Body Parameters

name   string  optional  

Config history entry name. Example: Remote session 2022-05-30

restore_point   boolean  optional  

Restore point status. Example: true

factory_reset_point   boolean  optional  

Point of factory reset. Example: false

Response

Response Fields

id   integer   

Config history entry ID.

device_id   integer   

Associated device ID.

index   integer   

Config history index.

name   string   

Config snapshot name.

config   string   

Serialized config data.

restore_point   boolean   

Whether this entry is a restore point.

factory_reset_point   boolean   

Whether this entry is a factory reset point.

changed_by   integer   

ID of the user who made the change.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

author   object   

User who made the change.

entries   object[]   

Individual config history entries.

notes   object[]   

Notes attached to this history entry.

Undo single config history change

requires authentication

Returns updated config in response.

Example request:
curl --request DELETE \
    "http://localhost:8000/api/device/1/config/history/undo/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/device/1/config/history/undo/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "DELETE",
    headers,
}).then(response => response.json());

Example response (202, Normal/compact response):


{
    "common": {
        "gripPairsConfig": [
            1,
            4,
            2,
            3,
            6,
            7,
            9,
            8
        ],
        "controlConfig": [
            0,
            1,
            0,
            0,
            0
        ],
        "emgThresholds": [
            0,
            0,
            0,
            0,
            0,
            0,
            0,
            0,
            0,
            0
        ],
        "interval": [
            100
        ],
        "gripSequentialConfig": [
            1,
            2,
            4,
            3,
            0,
            255,
            6,
            7,
            9,
            8,
            255,
            255
        ]
    },
    "modes": [
        {
            "id": 100,
            "name": "Mode 1",
            "slot": 0,
            "config": {
                "interval": [
                    300
                ],
                "fingerStrength": [
                    1,
                    100
                ],
                "autoGrasp": [
                    0,
                    100
                ],
                "emgSpike": [
                    0,
                    300
                ]
            }
        },
        {
            "id": 101,
            "name": "Mode 2",
            "slot": 1,
            "config": {
                "interval": [
                    400
                ],
                "fingerStrength": [
                    1,
                    100
                ],
                "autoGrasp": [
                    0,
                    100
                ],
                "emgSpike": [
                    0,
                    300
                ]
            }
        },
        {
            "id": 102,
            "name": "Mode 3",
            "slot": 2,
            "config": {
                "interval": [
                    500
                ],
                "fingerStrength": [
                    1,
                    100
                ],
                "autoGrasp": [
                    0,
                    100
                ],
                "emgSpike": [
                    0,
                    300
                ]
            }
        }
    ]
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to update device config",
    "code": "CONFIG:UNDO:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Device not found):


{
    "message": "Device not found",
    "code": "CONFIG:UNDO:DEVICE_NOT_FOUND"
}
 

Example response (404, Config history entry not found):


{
    "message": "Config history entry not found",
    "code": "CONFIG:UNDO:HISTORY_ENTRY_NOT_FOUND"
}
 

Request   

DELETE api/device/{deviceId}/config/history/undo/{configId}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

deviceId   integer   

Device ID. Example: 1

configId   integer   

Config history entry ID. Example: 1

Restore config history entry

requires authentication

Restores config from given config history entry (all changes). Sends support ticket if patient is assigned to device, returns config instead.

Example request:
curl --request POST \
    "http://localhost:8000/api/device/1/config/restore/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/device/1/config/restore/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "POST",
    headers,
}).then(response => response.json());

Example response (200, Patient not assigned, returns config):


{
    "common": {
        "gripPairsConfig": [
            1,
            4,
            2,
            3,
            6,
            7,
            9,
            8
        ],
        "controlConfig": [
            0,
            1,
            0,
            0,
            0
        ],
        "emgThresholds": [
            0,
            0,
            0,
            0,
            0,
            0,
            0,
            0,
            0,
            0
        ],
        "interval": [
            100
        ],
        "gripSequentialConfig": [
            1,
            2,
            4,
            3,
            0,
            255,
            6,
            7,
            9,
            8,
            255,
            255
        ]
    },
    "modes": [
        {
            "id": 100,
            "name": "Mode 1",
            "slot": 0,
            "config": {
                "interval": [
                    300
                ],
                "fingerStrength": [
                    1,
                    100
                ],
                "autoGrasp": [
                    0,
                    100
                ],
                "emgSpike": [
                    0,
                    300
                ]
            }
        },
        {
            "id": 101,
            "name": "Mode 2",
            "slot": 1,
            "config": {
                "interval": [
                    400
                ],
                "fingerStrength": [
                    1,
                    100
                ],
                "autoGrasp": [
                    0,
                    100
                ],
                "emgSpike": [
                    0,
                    300
                ]
            }
        },
        {
            "id": 102,
            "name": "Mode 3",
            "slot": 2,
            "config": {
                "interval": [
                    500
                ],
                "fingerStrength": [
                    1,
                    100
                ],
                "autoGrasp": [
                    0,
                    100
                ],
                "emgSpike": [
                    0,
                    300
                ]
            }
        }
    ]
}
 

Example response (202):


{
    "id": 1,
    "sender_id": 57,
    "recipient_id": 58,
    "device_id": null,
    "meeting_date": "2026-06-29 13:07:49",
    "meeting_type": "online_meeting",
    "contact_email": "dwindler@kreiger.com",
    "status": "new",
    "created_at": "2026-06-29T13:07:49.000000Z",
    "updated_at": "2026-06-29T13:07:49.000000Z",
    "sender": {
        "id": 57,
        "mrn": "SRSU3N5A1782738468",
        "name": "Clifford Bernhard",
        "email": "1782738468bulah.funk@example.net",
        "language": "en",
        "phone": "845.328.1445",
        "phone_country": "MK",
        "phone_verified_at": null,
        "address1": "547 Gunner Fort Apt. 797",
        "address2": "Dickensport, NE 12508",
        "postal_code": "99724",
        "city": "Tromp, Bayer and Schimmel",
        "country": "BG",
        "clinic_name": "North Maia",
        "clinic_location": "638 Ledner Shores Apt. 896\nNorth Margefurt, MA 35833",
        "image": null,
        "mfa_enabled": 0,
        "mfa_method": null,
        "mfa_verified_to": null,
        "location_id": null,
        "created_by": null,
        "active": 1,
        "is_internal": 0,
        "notifications_timezone": null,
        "notifications_at": null,
        "created_at": "2026-06-29T13:07:48.000000Z",
        "updated_at": "2026-06-29T13:07:48.000000Z",
        "invitation_status": null,
        "acadle_invitation_status": null,
        "roles": []
    },
    "recipient": {
        "id": 58,
        "mrn": "CEMNPSYZ1782738469",
        "name": "Kelly Altenwerth Jr.",
        "email": "1782738469soconnell@example.net",
        "language": "en",
        "phone": "570-282-5083",
        "phone_country": "GH",
        "phone_verified_at": null,
        "address1": "534 Emerald Creek",
        "address2": "West Yasmine, AL 83499",
        "postal_code": "58257-5355",
        "city": "Prohaska, Heaney and Kuvalis",
        "country": "FR",
        "clinic_name": "Adelbertberg",
        "clinic_location": "968 Swaniawski Stravenue Apt. 792\nEast Rebabury, FL 44832",
        "image": null,
        "mfa_enabled": 0,
        "mfa_method": null,
        "mfa_verified_to": null,
        "location_id": null,
        "created_by": null,
        "active": 1,
        "is_internal": 0,
        "notifications_timezone": null,
        "notifications_at": null,
        "created_at": "2026-06-29T13:07:49.000000Z",
        "updated_at": "2026-06-29T13:07:49.000000Z",
        "invitation_status": null,
        "acadle_invitation_status": null,
        "roles": []
    },
    "device": null,
    "messages": [
        {
            "id": 1,
            "ticket_id": 1,
            "sender_id": 59,
            "title": "Dr.",
            "content": "Voluptatem repudiandae perferendis ab dolorem sed nesciunt debitis consequuntur.",
            "is_read": false,
            "created_at": "2026-06-29T13:07:51.000000Z",
            "updated_at": "2026-06-29T13:07:51.000000Z"
        }
    ]
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to update device config",
    "code": "CONFIG:RESTORE:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Device not found):


{
    "message": "Device not found",
    "code": "CONFIG:RESTORE:DEVICE_NOT_FOUND"
}
 

Example response (404, Config history entry not found):


{
    "message": "Config history entry not found",
    "code": "CONFIG:RESTORE:HISTORY_ENTRY_NOT_FOUND"
}
 

Request   

POST api/device/{deviceId}/config/restore/{configId}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

deviceId   integer   

Device ID. Example: 1

configId   integer   

Config history entry ID. Example: 1

Response

Response Fields

id   integer   

Support ticket ID.

sender_id   integer   

ID of the user who created the ticket.

recipient_id   integer   

ID of the recipient user.

device_id   integer   

Associated device ID.

meeting_date   string   

Scheduled meeting date.

meeting_type   string   

Meeting type.

Must be one of:
  • online
  • in-person
contact_email   string   

Contact email address.

status   string   

Ticket status.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

sender   object   

User who created the ticket.

recipient   object   

Recipient user.

device   object   

Associated device.

messages   object[]   

Ticket messages.

Restore to factory reset point

requires authentication

Restores config from the device's factory reset point. Sends a support ticket if the patient is assigned to the device. Returns the array that contains:

Example request:
curl --request POST \
    "http://localhost:8000/api/device/1/config/restore-factory-reset" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/device/1/config/restore-factory-reset"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "POST",
    headers,
}).then(response => response.json());

Example response (200, OK):


{
    "config": {
        "common": {
            "inputSite": [
                1
            ],
            "generalHandSettings": false,
            "batteryBeep": [
                1,
                0
            ],
            "emgGains": false,
            "autoGrasp": false
        },
        "modes": [
            {
                "id": 1,
                "name": "Mode 0",
                "slot": 0,
                "config": {
                    "gripPairsConfig": false,
                    "emgThresholds": false,
                    "emgSpike": false,
                    "controlMode": false
                }
            },
            {
                "id": 1530,
                "name": "Mode 1",
                "slot": 1,
                "config": {
                    "gripPairsConfig": false,
                    "emgThresholds": false,
                    "emgSpike": false,
                    "controlMode": false
                }
            },
            {
                "id": 1531,
                "name": "Mode 2",
                "slot": 2,
                "config": {
                    "gripPairsConfig": false,
                    "emgThresholds": false,
                    "emgSpike": false,
                    "controlMode": false
                }
            }
        ]
    },
    "not_modified": {
        "common": {
            "inputSite": [
                1
            ],
            "batteryBeep": [
                1,
                0
            ],
            "generalHandSettings": [
                1,
                2,
                3,
                4
            ]
        },
        "modes": [
            {
                "userFeedbackType": false,
                "buzzingVolumeSettings": false
            },
            {
                "userFeedbackType": false,
                "buzzingVolumeSettings": false
            },
            {
                "userFeedbackType": false,
                "buzzingVolumeSettings": false
            }
        ]
    },
    "ticket": {
        "id": 1,
        "sender_id": 1,
        "recipient_id": 2,
        "device_id": 1,
        "meeting_date": "2025-07-22T15:00:00.000000Z",
        "meeting_type": "none",
        "contact_email": null,
        "status": "new",
        "created_at": "2025-07-22T15:00:00.000000Z",
        "updated_at": "2025-07-22T15:00:00.000000Z",
        "messages": [
            {
                "id": 1,
                "ticket_id": 1,
                "sender_id": 1,
                "title": "New config update",
                "content": "",
                "is_read": false,
                "created_at": "2025-07-22T15:00:00.000000Z",
                "updated_at": "2025-07-22T15:00:00.000000Z",
                "attachments": [
                    {
                        "id": 6629,
                        "ticket_id": 12973,
                        "ticket_message_id": 6517,
                        "type": "json",
                        "title": "Current config",
                        "attachment": "{\"common\":{},\"modes\":[{\"id\":1,\"name\":\"Mode 0\",\"slot\":0,\"config\":{}},{\"id\":2,\"name\":\"Mode 1\",\"slot\":1,\"config\":{}},{\"id\":3,\"name\":\"Mode 2\",\"slot\":2,\"config\":{}}]}",
                        "created_at": "2025-07-22T15:00:00.000000Z",
                        "updated_at": "2025-07-22T15:00:00.000000Z"
                    },
                    {
                        "id": 6630,
                        "ticket_id": 12973,
                        "ticket_message_id": 6517,
                        "type": "json",
                        "title": "New config",
                        "attachment": "{\"common\":{},\"modes\":[{\"id\":1,\"name\":\"Mode 0\",\"slot\":0,\"config\":{}},{\"id\":2,\"name\":\"Mode 1\",\"slot\":1,\"config\":{}},{\"id\":3,\"name\":\"Mode 2\",\"slot\":2,\"config\":{}}]}",
                        "created_at": "2025-07-22T15:00:00.000000Z",
                        "updated_at": "2025-07-22T15:00:00.000000Z"
                    }
                ]
            }
        ]
    }
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to update device config",
    "code": "CONFIG:RESTORE_FACTORY_RESET:INSUFFICIENT_PERMISSION"
}
 

Example response (403, Config history entry not found):


{
    "message": "Config history entry not found",
    "code": "CONFIG:RESTORE_FACTORY_RESET:NO_RESTORE_POINT"
}
 

Example response (404, Device not found):


{
    "message": "Device not found",
    "code": "CONFIG:RESTORE_FACTORY_RESET:DEVICE_NOT_FOUND"
}
 

Request   

POST api/device/{deviceId}/config/restore-factory-reset

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

deviceId   integer   

Device ID. Example: 1

Send test config

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/device/1/config/send" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"description\": \"Fixed problem with grips.\",
    \"p2p_session\": 1,
    \"updateConfig\": false,
    \"common\": \"{\\\"gripPairsConfig\\\": [1, 4, 2, 3, 6, 7, 9, 8], \\\"controlConfig\\\": [0, 1, 0, 0, 0], \\\"gripSequentialConfig\\\": [1, 2, 4, 3, 0, 255, 6, 7, 9, 8, 255, 255]\",
    \"modes\": [
        {
            \"id\": 1,
            \"config\": \"{\\\"gripPairsConfig\\\": [1, 4, 2, 3, 6, 7, 9, 8], \\\"controlConfig\\\": [0, 1, 0, 0, 0], \\\"gripSequentialConfig\\\": [1, 2, 4, 3, 0, 255, 6, 7, 9, 8, 255, 255]\"
        }
    ]
}"
const url = new URL(
    "http://localhost:8000/api/device/1/config/send"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "description": "Fixed problem with grips.",
    "p2p_session": 1,
    "updateConfig": false,
    "common": "{\"gripPairsConfig\": [1, 4, 2, 3, 6, 7, 9, 8], \"controlConfig\": [0, 1, 0, 0, 0], \"gripSequentialConfig\": [1, 2, 4, 3, 0, 255, 6, 7, 9, 8, 255, 255]",
    "modes": [
        {
            "id": 1,
            "config": "{\"gripPairsConfig\": [1, 4, 2, 3, 6, 7, 9, 8], \"controlConfig\": [0, 1, 0, 0, 0], \"gripSequentialConfig\": [1, 2, 4, 3, 0, 255, 6, 7, 9, 8, 255, 255]"
        }
    ]
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (201):


{
    "id": 7,
    "sender_id": 68,
    "recipient_id": 69,
    "device_id": null,
    "meeting_date": "2026-06-29 13:07:54",
    "meeting_type": "online_meeting",
    "contact_email": "zroob@aufderhar.biz",
    "status": "new",
    "created_at": "2026-06-29T13:07:55.000000Z",
    "updated_at": "2026-06-29T13:07:55.000000Z",
    "sender": {
        "id": 68,
        "mrn": "CCRKME541782738474",
        "name": "Mr. Makenna Anderson IV",
        "email": "1782738474goyette.shania@example.org",
        "language": "en",
        "phone": "+1-743-792-5613",
        "phone_country": "NI",
        "phone_verified_at": null,
        "address1": "70175 Schaden Hill Apt. 121",
        "address2": "Vandervortbury, IL 75119-5122",
        "postal_code": "77099",
        "city": "Jerde-Upton",
        "country": "CZ",
        "clinic_name": "Wymanbury",
        "clinic_location": "2726 Batz Plains\nShaynabury, MA 19066-1504",
        "image": null,
        "mfa_enabled": 0,
        "mfa_method": null,
        "mfa_verified_to": null,
        "location_id": null,
        "created_by": null,
        "active": 1,
        "is_internal": 0,
        "notifications_timezone": null,
        "notifications_at": null,
        "created_at": "2026-06-29T13:07:54.000000Z",
        "updated_at": "2026-06-29T13:07:54.000000Z",
        "invitation_status": null,
        "acadle_invitation_status": null,
        "roles": []
    },
    "recipient": {
        "id": 69,
        "mrn": "ZTTU26N51782738474",
        "name": "Hildegard Jenkins",
        "email": "1782738474roob.mckayla@example.org",
        "language": "en",
        "phone": "+12489776161",
        "phone_country": "IR",
        "phone_verified_at": null,
        "address1": "460 Winona Burgs",
        "address2": "Elberttown, ID 30932-1438",
        "postal_code": "59426",
        "city": "Robel, Kozey and Bartoletti",
        "country": "RO",
        "clinic_name": "East Chloeborough",
        "clinic_location": "83307 Funk Landing Apt. 763\nAngelitabury, IN 53405",
        "image": null,
        "mfa_enabled": 0,
        "mfa_method": null,
        "mfa_verified_to": null,
        "location_id": null,
        "created_by": null,
        "active": 1,
        "is_internal": 0,
        "notifications_timezone": null,
        "notifications_at": null,
        "created_at": "2026-06-29T13:07:54.000000Z",
        "updated_at": "2026-06-29T13:07:54.000000Z",
        "invitation_status": null,
        "acadle_invitation_status": null,
        "roles": []
    },
    "device": null,
    "messages": [
        {
            "id": 4,
            "ticket_id": 7,
            "sender_id": 70,
            "title": "Prof.",
            "content": "Et est non quia rerum.",
            "is_read": false,
            "created_at": "2026-06-29T13:07:56.000000Z",
            "updated_at": "2026-06-29T13:07:56.000000Z"
        }
    ]
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to update device config",
    "code": "CONFIG:SEND:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Device not found):


{
    "message": "Device not found",
    "code": "CONFIG:SEND:DEVICE_NOT_FOUND"
}
 

Example response (422, Device does not have an amputee assigned):


{
    "message": "Device does not have an amputee assigned",
    "code": "CONFIG:SEND:NO_PATIENT"
}
 

Example response (422, Invalid P2P session):


{
    "message": "Invalid P2P session",
    "code": "CONFIG:SEND:INVALID_P2P_SESSION"
}
 

Example response (422, Invalid config):


{
    "message": "Config has some problems and cannot be saved.",
    "errors": {
        "modes": {
            "mode_3": "Config mode 3 does not belong to device 12."
        },
        "values": {
            "common.inputSite": "Invalid value [\"11\"] for key inputSite - contains string values.",
            "common.gripsPositions.1.initial": "Invalid value [200,\"100\",\"100\",\"100\",\"100\"] for key gripsPositions.1.initial - contains string values.",
            "mode_1.inputSite": "Invalid value [\"11\"] for key inputSite - contains string values.",
            "mode_1.gripsPositions.0.initial": "Invalid value [\"200\",\"100\",\"100\",\"100\",\"100\"] for key gripsPositions.1.initial - contains string values."
        }
    },
    "code": "CONFIG:SEND:INVALID_CONFIG"
}
 

Request   

POST api/device/{deviceId}/config/send

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

deviceId   integer   

Device ID. Example: 1

Body Parameters

description   string  optional  

Config description to add in message notification. Example: Fixed problem with grips.

p2p_session   integer  optional  

P2P Session ID. If config was prepared during P2P session, pass its ID, if not, pass null. The id of an existing record in the App\Models\P2PSession table. Example: 1

updateConfig   boolean  optional  

Determines if device config should be updated. Example: false

common   string  optional  

Common config as JSON string. MUST_BE_JSON. Example: {"gripPairsConfig": [1, 4, 2, 3, 6, 7, 9, 8], "controlConfig": [0, 1, 0, 0, 0], "gripSequentialConfig": [1, 2, 4, 3, 0, 255, 6, 7, 9, 8, 255, 255]

modes   object[]  optional  
id   string  optional  

Config mode ID. The id of an existing record in the App\Models\ConfigMode table. Example: 1

config   string  optional  

Config specific for mode as JSON string. MUST_BE_JSON. Example: {"gripPairsConfig": [1, 4, 2, 3, 6, 7, 9, 8], "controlConfig": [0, 1, 0, 0, 0], "gripSequentialConfig": [1, 2, 4, 3, 0, 255, 6, 7, 9, 8, 255, 255]

Response

Response Fields

id   integer   

Support ticket ID.

sender_id   integer   

ID of the user who created the ticket.

recipient_id   integer   

ID of the recipient user.

device_id   integer   

Associated device ID.

meeting_date   string   

Scheduled meeting date.

meeting_type   string   

Meeting type.

Must be one of:
  • online
  • in-person
contact_email   string   

Contact email address.

status   string   

Ticket status.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

sender   object   

User who created the ticket.

recipient   object   

Recipient user.

device   object   

Associated device.

messages   object[]   

Ticket messages.

Convert config

requires authentication

Convert config JSON to match given Firmware Version. Keys are moved between common config and modes.

Example request:
curl --request POST \
    "http://localhost:8000/api/config/convert" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"config\": \"[\\\"omnis\\\",\\\"commodi\\\"]\",
    \"firmware\": 1
}"
const url = new URL(
    "http://localhost:8000/api/config/convert"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "config": "[\"omnis\",\"commodi\"]",
    "firmware": 1
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (200, OK):


{
    "common": {
        "gripPairsConfig": [
            1,
            4,
            2,
            3,
            6,
            7,
            9,
            8
        ],
        "controlConfig": [
            0,
            1,
            0,
            0,
            0
        ],
        "emgThresholds": [
            0,
            0,
            0,
            0,
            0,
            0,
            0,
            0,
            0,
            0
        ],
        "interval": [
            100
        ],
        "gripSequentialConfig": [
            1,
            2,
            4,
            3,
            0,
            255,
            6,
            7,
            9,
            8,
            255,
            255
        ]
    },
    "modes": [
        {
            "id": 100,
            "name": "Mode 1",
            "slot": 0,
            "config": {
                "interval": [
                    300
                ],
                "fingerStrength": [
                    1,
                    100
                ],
                "autoGrasp": [
                    0,
                    100
                ],
                "emgSpike": [
                    0,
                    300
                ]
            }
        },
        {
            "id": 101,
            "name": "Mode 2",
            "slot": 1,
            "config": {
                "interval": [
                    400
                ],
                "fingerStrength": [
                    1,
                    100
                ],
                "autoGrasp": [
                    0,
                    100
                ],
                "emgSpike": [
                    0,
                    300
                ]
            }
        },
        {
            "id": 102,
            "name": "Mode 3",
            "slot": 2,
            "config": {
                "interval": [
                    500
                ],
                "fingerStrength": [
                    1,
                    100
                ],
                "autoGrasp": [
                    0,
                    100
                ],
                "emgSpike": [
                    0,
                    300
                ]
            }
        }
    ]
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to update device config",
    "code": "CONFIG:CONVERT:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Firmware version not found):


{
    "message": "Firmware version not found",
    "code": "CONFIG:CONVERT:FIRMWARE_NOT_FOUND"
}
 

Request   

POST api/config/convert

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Body Parameters

config   string   

Full config JSON. MUST_BE_JSON. Example: ["omnis","commodi"]

firmware   string   

Firmware Version ID to which config should be adjusted. The id of an existing record in the App\Models\FirmwareVersion table. Example: 1

Config Demo

API endpoints for managing config demos

List config demos

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/device/1/config/demos?accepted=7" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/device/1/config/demos"
);

const params = {
    "accepted": "7",
};
Object.keys(params)
    .forEach(key => url.searchParams.append(key, params[key]));

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


{
    "paginator": {
        "total": 2,
        "count": 2,
        "perpage": 20,
        "current_page": 1,
        "last_page": 1
    },
    "items": [
        {
            "id": 1,
            "user_id": null,
            "device_id": 77,
            "message_id": 8,
            "config": "Delectus occaecati laborum perferendis qui cumque id quo.",
            "is_accepted": 0,
            "notes": "Nihil in eligendi accusamus occaecati.",
            "created_at": "2026-06-29T13:08:04.000000Z",
            "updated_at": "2026-06-29T13:08:04.000000Z",
            "message": {
                "id": 8,
                "ticket_id": 15,
                "sender_id": 91,
                "title": "Dr.",
                "content": "Corporis nihil numquam qui et et quam.",
                "is_read": false,
                "created_at": "2026-06-29T13:08:04.000000Z",
                "updated_at": "2026-06-29T13:08:04.000000Z"
            }
        },
        {
            "id": 2,
            "user_id": null,
            "device_id": 78,
            "message_id": 10,
            "config": "Et beatae laboriosam est qui repellendus quos.",
            "is_accepted": 1,
            "notes": "Sit consequatur quis possimus iste.",
            "created_at": "2026-06-29T13:08:06.000000Z",
            "updated_at": "2026-06-29T13:08:06.000000Z",
            "message": {
                "id": 10,
                "ticket_id": 18,
                "sender_id": 96,
                "title": "Dr.",
                "content": "Et quo et quo et temporibus earum consequatur.",
                "is_read": false,
                "created_at": "2026-06-29T13:08:06.000000Z",
                "updated_at": "2026-06-29T13:08:06.000000Z"
            }
        }
    ]
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to access config demos",
    "code": "CONFIG_DEMO:LIST:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Device not found):


{
    "message": "Device not found",
    "code": "CONFIG_DEMO:LIST:DEVICE_NOT_FOUND"
}
 

Request   

GET api/device/{deviceId}/config/demos

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

deviceId   integer   

Device ID. Example: 1

Query Parameters

accepted   integer  optional  

Filter config demos by accepted status. If not specified, all entries will be returned. Pass -1 to get entries not accepted or rejected yet. The value must be one of -1, 0 or 1. Example: 7

perpage   integer  optional  

Elements per page (Default: 20).

page   integer  optional  

Page number (Default: 1).

extend   string  optional  

Comma-separated list of relation extensions (available: message, message.ticket, message.attachments).

Update config demo

requires authentication

Example request:
curl --request PUT \
    "http://localhost:8000/api/device/1/config/demos/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"is_accepted\": false,
    \"notes\": \"Something is still not working\"
}"
const url = new URL(
    "http://localhost:8000/api/device/1/config/demos/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "is_accepted": false,
    "notes": "Something is still not working"
};

fetch(url, {
    method: "PUT",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (202):


{
    "id": 3,
    "user_id": null,
    "device_id": 79,
    "message_id": 11,
    "config": "Velit tempore ipsam enim perferendis facere.",
    "is_accepted": 0,
    "notes": "Corrupti minima rerum dolorem.",
    "created_at": "2026-06-29T13:08:08.000000Z",
    "updated_at": "2026-06-29T13:08:08.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to access config demos",
    "code": "CONFIG_DEMO:UPDATE:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Device not found):


{
    "message": "Device not found",
    "code": "CONFIG_DEMO:UPDATE:DEVICE_NOT_FOUND"
}
 

Example response (404, Config demo not found):


{
    "message": "Config demo not found",
    "code": "CONFIG_DEMO:UPDATE:DEMO_NOT_FOUND"
}
 

Request   

PUT api/device/{deviceId}/config/demos/{demoId}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

deviceId   integer   

Device ID. Example: 1

demoId   integer   

Config demo ID. Example: 1

Body Parameters

is_accepted   boolean  optional  

Determines if demo config was accepted by patient. Example: false

notes   string  optional  

Patient notes about tested config. Example: Something is still not working

Config Modes

API endpoints for managing config modes

List config modes

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/device/1/config-modes" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/device/1/config-modes"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


[
    {
        "id": 72,
        "device_id": 108,
        "slot": null,
        "name": "Eum quod facere maxime hic et aliquam iusto.",
        "active": 0,
        "created_at": "2026-06-29T13:08:13.000000Z",
        "updated_at": "2026-06-29T13:08:13.000000Z",
        "device": {
            "id": 108,
            "serial": "c3050b47-9c6d-3b4f-a2c1-eb780c259143",
            "bluetooth_id": "b710c31f-4b04-361d-963d-c2fa8887c37e",
            "company_id": null,
            "model_id": null,
            "amputee_id": 109,
            "clinician_id": null,
            "firmware_version_id": null,
            "pcb_version_id": null,
            "reverse_magnets": 0,
            "is_electrode": 0,
            "active": 1,
            "last_activity_at": "0000-00-00 00:00:00",
            "created_at": "2026-06-29T13:08:13.000000Z",
            "updated_at": "2026-06-29T13:08:13.000000Z",
            "amputee": {
                "id": 109,
                "mrn": "8XMSLH7Y1782738492",
                "name": "Robbie O'Keefe",
                "email": "1782738492baby.hagenes@example.com",
                "language": "en",
                "phone": "1-541-732-3189",
                "phone_country": "MQ",
                "phone_verified_at": null,
                "address1": "977 Olson Crossroad",
                "address2": "Minervashire, TN 21591-7125",
                "postal_code": "16339",
                "city": "Wiegand Group",
                "country": "GR",
                "clinic_name": "Hoegerville",
                "clinic_location": "2126 Jettie Parkways Suite 856\nDooleyfurt, IL 40266-1891",
                "image": null,
                "mfa_enabled": 0,
                "mfa_method": null,
                "mfa_verified_to": null,
                "location_id": null,
                "created_by": null,
                "active": 1,
                "is_internal": 0,
                "notifications_timezone": null,
                "notifications_at": null,
                "created_at": "2026-06-29T13:08:13.000000Z",
                "updated_at": "2026-06-29T13:08:13.000000Z",
                "invitation_status": null,
                "acadle_invitation_status": null,
                "roles": []
            }
        }
    },
    {
        "id": 73,
        "device_id": 110,
        "slot": null,
        "name": "Quam enim iste occaecati et accusamus blanditiis optio.",
        "active": 1,
        "created_at": "2026-06-29T13:08:13.000000Z",
        "updated_at": "2026-06-29T13:08:13.000000Z",
        "config": {}
    }
]
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to list config modes",
    "code": "CONFIG_MODES:LIST:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Device not found):


{
    "message": "Device not found",
    "code": "CONFIG_MODES:LIST:DEVICE_NOT_FOUND"
}
 

Request   

GET api/device/{deviceId}/config-modes

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

deviceId   integer   

Device ID. Example: 1

Response

Response Fields

id   integer   

Config mode ID.

device_id   integer   

Associated device ID.

slot   integer   

Mode slot index (0, 1 or 2).

name   string   

Mode name.

active   boolean   

Whether the mode is active.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

Get config mode

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/device/1/config-modes/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/device/1/config-modes/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


{
    "id": 74,
    "device_id": 111,
    "slot": null,
    "name": "Libero maiores molestiae voluptatem quod.",
    "active": 0,
    "created_at": "2026-06-29T13:08:13.000000Z",
    "updated_at": "2026-06-29T13:08:13.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to list config modes",
    "code": "CONFIG_MODES:GET:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Device not found):


{
    "message": "Device not found",
    "code": "CONFIG_MODES:GET:DEVICE_NOT_FOUND"
}
 

Example response (404, Config mode not found):


{
    "message": "Config mode not found",
    "code": "CONFIG_MODES:GET:MODE_NOT_FOUND"
}
 

Request   

GET api/device/{deviceId}/config-modes/{modeId}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

deviceId   integer   

Device ID. Example: 1

modeId   integer   

Config mode ID. Example: 1

Response

Response Fields

id   integer   

Config mode ID.

device_id   integer   

Associated device ID.

slot   integer   

Mode slot index (0, 1 or 2).

name   string   

Mode name.

active   boolean   

Whether the mode is active.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

Create config mode

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/device/1/config-modes" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"slot\": 0,
    \"name\": \"Sport mode\",
    \"active\": true
}"
const url = new URL(
    "http://localhost:8000/api/device/1/config-modes"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "slot": 0,
    "name": "Sport mode",
    "active": true
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (201):


{
    "id": 75,
    "device_id": 112,
    "slot": null,
    "name": "Reiciendis placeat eaque sit esse.",
    "active": 0,
    "created_at": "2026-06-29T13:08:14.000000Z",
    "updated_at": "2026-06-29T13:08:14.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to create config modes",
    "code": "CONFIG_MODES:CREATE:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Device not found):


{
    "message": "Device not found",
    "code": "CONFIG_MODES:CREATE:DEVICE_NOT_FOUND"
}
 

Request   

POST api/device/{deviceId}/config-modes

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

deviceId   integer   

Device ID. Example: 1

Body Parameters

slot   integer  optional  

Mode index on device. Example: 0

Must be one of:
  • 0
  • 1
  • 2
name   string   

Name of mode. Example: Sport mode

active   boolean  optional  

Active status. Default: 1. Example: true

Response

Response Fields

id   integer   

Config mode ID.

device_id   integer   

Associated device ID.

slot   integer   

Mode slot index (0, 1 or 2).

name   string   

Mode name.

active   boolean   

Whether the mode is active.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

Update config mode

requires authentication

Example request:
curl --request PUT \
    "http://localhost:8000/api/device/1/config-modes/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"slot\": 0,
    \"name\": \"Sport mode\",
    \"active\": true
}"
const url = new URL(
    "http://localhost:8000/api/device/1/config-modes/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "slot": 0,
    "name": "Sport mode",
    "active": true
};

fetch(url, {
    method: "PUT",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (202):


{
    "id": 76,
    "device_id": 113,
    "slot": null,
    "name": "Qui dignissimos voluptate consequatur explicabo eos.",
    "active": 0,
    "created_at": "2026-06-29T13:08:14.000000Z",
    "updated_at": "2026-06-29T13:08:14.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to update config mode",
    "code": "CONFIG_MODES:UPDATE:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Device not found):


{
    "message": "Device not found",
    "code": "CONFIG_MODES:UPDATE:DEVICE_NOT_FOUND"
}
 

Example response (404, Config mode not found):


{
    "message": "Config mode not found",
    "code": "CONFIG_MODES:UPDATE:MODE_NOT_FOUND"
}
 

Request   

PUT api/device/{deviceId}/config-modes/{modeId}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

deviceId   integer   

Device ID. Example: 1

modeId   integer   

Config mode ID. Example: 1

Body Parameters

slot   integer  optional  

Mode index on device. Example: 0

Must be one of:
  • 0
  • 1
  • 2
name   string  optional  

Name of mode. Example: Sport mode

active   boolean  optional  

Active status. Default: 1. Example: true

Response

Response Fields

id   integer   

Config mode ID.

device_id   integer   

Associated device ID.

slot   integer   

Mode slot index (0, 1 or 2).

name   string   

Mode name.

active   boolean   

Whether the mode is active.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

Copy device config from template

requires authentication

Copy config template into selected config mode. Sends support ticket if patient is assigned to device, returns config instead.

Example request:
curl --request POST \
    "http://localhost:8000/api/device/1/config-modes/1/from-template/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/device/1/config-modes/1/from-template/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "POST",
    headers,
}).then(response => response.json());

Example response (200, Patient not assigned, returns config):


{
    "common": {
        "gripPairsConfig": [
            1,
            4,
            2,
            3,
            6,
            7,
            9,
            8
        ],
        "controlConfig": [
            0,
            1,
            0,
            0,
            0
        ],
        "emgThresholds": [
            0,
            0,
            0,
            0,
            0,
            0,
            0,
            0,
            0,
            0
        ],
        "interval": [
            100
        ],
        "gripSequentialConfig": [
            1,
            2,
            4,
            3,
            0,
            255,
            6,
            7,
            9,
            8,
            255,
            255
        ]
    },
    "modes": [
        {
            "id": 100,
            "name": "Mode 1",
            "slot": 0,
            "config": {
                "interval": [
                    300
                ],
                "fingerStrength": [
                    1,
                    100
                ],
                "autoGrasp": [
                    0,
                    100
                ],
                "emgSpike": [
                    0,
                    300
                ]
            }
        },
        {
            "id": 101,
            "name": "Mode 2",
            "slot": 1,
            "config": {
                "interval": [
                    400
                ],
                "fingerStrength": [
                    1,
                    100
                ],
                "autoGrasp": [
                    0,
                    100
                ],
                "emgSpike": [
                    0,
                    300
                ]
            }
        },
        {
            "id": 102,
            "name": "Mode 3",
            "slot": 2,
            "config": {
                "interval": [
                    500
                ],
                "fingerStrength": [
                    1,
                    100
                ],
                "autoGrasp": [
                    0,
                    100
                ],
                "emgSpike": [
                    0,
                    300
                ]
            }
        }
    ]
}
 

Example response (202):


{
    "id": 21,
    "sender_id": 111,
    "recipient_id": 112,
    "device_id": null,
    "meeting_date": "2026-06-29 13:08:14",
    "meeting_type": "online_meeting",
    "contact_email": "izabella12@stark.com",
    "status": "new",
    "created_at": "2026-06-29T13:08:15.000000Z",
    "updated_at": "2026-06-29T13:08:15.000000Z",
    "sender": {
        "id": 111,
        "mrn": "YQB2C9VR1782738494",
        "name": "Prof. Noelia Kuhic",
        "email": "1782738494federico21@example.net",
        "language": "en",
        "phone": "+16782226177",
        "phone_country": "PA",
        "phone_verified_at": null,
        "address1": "48198 Maryam Road",
        "address2": "East Louisa, UT 96093",
        "postal_code": "75270",
        "city": "Jacobs, Mosciski and Friesen",
        "country": "LT",
        "clinic_name": "Jermeyport",
        "clinic_location": "71484 Toy Keys\nLake Kirsten, OH 32098",
        "image": null,
        "mfa_enabled": 0,
        "mfa_method": null,
        "mfa_verified_to": null,
        "location_id": null,
        "created_by": null,
        "active": 1,
        "is_internal": 0,
        "notifications_timezone": null,
        "notifications_at": null,
        "created_at": "2026-06-29T13:08:14.000000Z",
        "updated_at": "2026-06-29T13:08:14.000000Z",
        "invitation_status": null,
        "acadle_invitation_status": null,
        "roles": []
    },
    "recipient": {
        "id": 112,
        "mrn": "77ZUMQXT1782738494",
        "name": "Mr. Marcelino Torphy",
        "email": "1782738494kwiegand@example.org",
        "language": "en",
        "phone": "661.884.1000",
        "phone_country": "BM",
        "phone_verified_at": null,
        "address1": "96401 Dannie Rapid",
        "address2": "Allantown, KS 98198-8059",
        "postal_code": "35736",
        "city": "Simonis-Gutkowski",
        "country": "NO",
        "clinic_name": "Hoppeton",
        "clinic_location": "21888 Johnston Loaf Suite 735\nNorth Reynoldview, WA 93044-5234",
        "image": null,
        "mfa_enabled": 0,
        "mfa_method": null,
        "mfa_verified_to": null,
        "location_id": null,
        "created_by": null,
        "active": 1,
        "is_internal": 0,
        "notifications_timezone": null,
        "notifications_at": null,
        "created_at": "2026-06-29T13:08:14.000000Z",
        "updated_at": "2026-06-29T13:08:14.000000Z",
        "invitation_status": null,
        "acadle_invitation_status": null,
        "roles": []
    },
    "device": null,
    "messages": [
        {
            "id": 12,
            "ticket_id": 21,
            "sender_id": 113,
            "title": "Prof.",
            "content": "Aliquam qui assumenda id consequatur.",
            "is_read": false,
            "created_at": "2026-06-29T13:08:16.000000Z",
            "updated_at": "2026-06-29T13:08:16.000000Z"
        }
    ]
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to update config mode",
    "code": "CONFIG_MODES:COPY_TEMPLATE:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Device not found):


{
    "message": "Device not found",
    "code": "CONFIG_MODES:COPY_TEMPLATE:DEVICE_NOT_FOUND"
}
 

Example response (404, Config mode not found):


{
    "message": "Config mode not found",
    "code": "CONFIG_MODES:COPY_TEMPLATE:MODE_NOT_FOUND"
}
 

Example response (404, Config template not found):


{
    "message": "Config template not found",
    "code": "CONFIG_MODES:COPY_TEMPLATE:TEMPLATE_NOT_FOUND"
}
 

Request   

POST api/device/{deviceId}/config-modes/{modeId}/from-template/{templateId}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

deviceId   integer   

Device ID. Example: 1

modeId   integer   

Config mode ID. Example: 1

templateId   integer   

Config template ID. Example: 1

Response

Response Fields

id   integer   

Support ticket ID.

sender_id   integer   

ID of the user who created the ticket.

recipient_id   integer   

ID of the recipient user.

device_id   integer   

Associated device ID.

meeting_date   string   

Scheduled meeting date.

meeting_type   string   

Meeting type.

Must be one of:
  • online
  • in-person
contact_email   string   

Contact email address.

status   string   

Ticket status.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

sender   object   

User who created the ticket.

recipient   object   

Recipient user.

device   object   

Associated device.

messages   object[]   

Ticket messages.

Config Notes

API endpoints for config history notes

Get config entry notes list

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/device/1/config/1/notes?user=1&type=public" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/device/1/config/1/notes"
);

const params = {
    "user": "1",
    "type": "public",
};
Object.keys(params)
    .forEach(key => url.searchParams.append(key, params[key]));

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


{
    "paginator": {
        "total": 2,
        "count": 2,
        "perpage": 20,
        "current_page": 1,
        "last_page": 1
    },
    "items": [
        {
            "id": 1,
            "config_history_id": 7,
            "user_id": 80,
            "note": "Nostrum nihil ex et error natus nisi totam dolores.",
            "type": "public",
            "created_at": "2026-06-29T13:07:59.000000Z",
            "updated_at": "2026-06-29T13:07:59.000000Z",
            "author": {
                "id": 80,
                "mrn": "6ECFXGG61782738479",
                "name": "Jermain Boyle",
                "email": "1782738479lehner.charlie@example.com",
                "language": "en",
                "phone": "(816) 344-7855",
                "phone_country": "CV",
                "phone_verified_at": null,
                "address1": "468 Michele Street",
                "address2": "North Kobeton, CT 73226-6995",
                "postal_code": "96374",
                "city": "Leannon, Dickens and Rogahn",
                "country": "MT",
                "clinic_name": "North Tyrell",
                "clinic_location": "445 Therese Pine Apt. 822\nTrevershire, VT 12098",
                "image": null,
                "mfa_enabled": 0,
                "mfa_method": null,
                "mfa_verified_to": null,
                "location_id": null,
                "created_by": null,
                "active": 1,
                "is_internal": 0,
                "notifications_timezone": null,
                "notifications_at": null,
                "created_at": "2026-06-29T13:07:59.000000Z",
                "updated_at": "2026-06-29T13:07:59.000000Z",
                "invitation_status": null,
                "acadle_invitation_status": null,
                "roles": []
            }
        },
        {
            "id": 2,
            "config_history_id": 8,
            "user_id": 82,
            "note": "Accusamus delectus quo neque similique.",
            "type": "public",
            "created_at": "2026-06-29T13:08:00.000000Z",
            "updated_at": "2026-06-29T13:08:00.000000Z",
            "author": {
                "id": 82,
                "mrn": "H2G8NRKF1782738480",
                "name": "Althea Miller IV",
                "email": "1782738480kgoodwin@example.com",
                "language": "en",
                "phone": "+1 (847) 348-7004",
                "phone_country": "NO",
                "phone_verified_at": null,
                "address1": "707 Lesch Rapids Apt. 186",
                "address2": "Padbergville, OR 88011-1919",
                "postal_code": "45177-7640",
                "city": "Robel-Schinner",
                "country": "UA",
                "clinic_name": "Port Generalton",
                "clinic_location": "1611 Estevan Crossroad Suite 687\nLake Russ, RI 39835",
                "image": null,
                "mfa_enabled": 0,
                "mfa_method": null,
                "mfa_verified_to": null,
                "location_id": null,
                "created_by": null,
                "active": 1,
                "is_internal": 0,
                "notifications_timezone": null,
                "notifications_at": null,
                "created_at": "2026-06-29T13:08:00.000000Z",
                "updated_at": "2026-06-29T13:08:00.000000Z",
                "invitation_status": null,
                "acadle_invitation_status": null,
                "roles": []
            }
        }
    ]
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to access config notes",
    "code": "CONFIG_NOTES:LIST:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Device not found):


{
    "message": "Device not found",
    "code": "CONFIG_NOTES:LIST:DEVICE_NOT_FOUND"
}
 

Example response (404, Config history entry not found):


{
    "message": "Config history entry not found",
    "code": "CONFIG_NOTES:LIST:HISTORY_ENTRY_NOT_FOUND"
}
 

Request   

GET api/device/{deviceId}/config/{configId}/notes

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

deviceId   integer   

Device ID. Example: 1

configId   integer   

Config history entry ID. Example: 1

Query Parameters

user   integer  optional  

Filter notes by user. Example: 1

type   string  optional  

Filter notes by type (available: public and private) Example: public

perpage   integer  optional  

Elements per page (Default: 20).

page   integer  optional  

Page number (Default: 1).

extend   string  optional  

Comma-separated list of relation extensions (available: author).

sortby   string  optional  

Sort by field (available: date). Default: date, desc.

sortdir   string  optional  

Sort direction (available: asc, desc).

Response

Response Fields

items   object   
id   integer   

Note ID.

config_history_id   integer   

Associated config history entry ID.

user_id   integer   

ID of the user who wrote the note.

note   string   

Note content.

type   string   

Note visibility.

Must be one of:
  • public
  • private
created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

author   object   

User who wrote the note.

paginator   object   
total   integer   

Total number of items.

count   integer   

Number of items on current page.

perpage   integer   

Items per page.

current_page   integer   

Current page number.

last_page   integer   

Last page number.

Get config entry note

requires authentication

Returns single config history entry note in response.

Example request:
curl --request GET \
    --get "http://localhost:8000/api/device/1/config/1/notes/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/device/1/config/1/notes/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


{
    "id": 3,
    "config_history_id": 9,
    "user_id": 84,
    "note": "Odio quasi rerum voluptas.",
    "type": "public",
    "created_at": "2026-06-29T13:08:01.000000Z",
    "updated_at": "2026-06-29T13:08:01.000000Z",
    "author": {
        "id": 84,
        "mrn": "Y4XCGVS21782738481",
        "name": "Dorris Pacocha",
        "email": "1782738481stiedemann.lolita@example.net",
        "language": "en",
        "phone": "628.305.9007",
        "phone_country": "CA",
        "phone_verified_at": null,
        "address1": "48741 Bednar Cliffs Suite 136",
        "address2": "Port Jaeden, AZ 43401",
        "postal_code": "58254",
        "city": "Willms and Sons",
        "country": "HU",
        "clinic_name": "Jensenview",
        "clinic_location": "46957 Vincenza Neck Apt. 065\nSouth Larue, NM 29645",
        "image": null,
        "mfa_enabled": 0,
        "mfa_method": null,
        "mfa_verified_to": null,
        "location_id": null,
        "created_by": null,
        "active": 1,
        "is_internal": 0,
        "notifications_timezone": null,
        "notifications_at": null,
        "created_at": "2026-06-29T13:08:01.000000Z",
        "updated_at": "2026-06-29T13:08:01.000000Z",
        "invitation_status": null,
        "acadle_invitation_status": null,
        "roles": []
    }
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to access config notes",
    "code": "CONFIG_NOTES:GET_ENTRY:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Device not found):


{
    "message": "Device not found",
    "code": "CONFIG_NOTES:GET_ENTRY:DEVICE_NOT_FOUND"
}
 

Example response (404, Config history entry not found):


{
    "message": "Config history entry not found",
    "code": "CONFIG_NOTES:GET_ENTRY:HISTORY_ENTRY_NOT_FOUND"
}
 

Example response (404, Config history note not found):


{
    "message": "Config history note not found",
    "code": "CONFIG_NOTES:GET_ENTRY:HISTORY_NOTE_NOT_FOUND"
}
 

Request   

GET api/device/{deviceId}/config/{configId}/notes/{noteId}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

deviceId   integer   

Device ID. Example: 1

configId   integer   

Config history entry ID. Example: 1

noteId   integer   

Device config entry note ID. Example: 1

Query Parameters

extend   string  optional  

Comma-separated list of relation extensions (available: author).

Response

Response Fields

id   integer   

Note ID.

config_history_id   integer   

Associated config history entry ID.

user_id   integer   

ID of the user who wrote the note.

note   string   

Note content.

type   string   

Note visibility.

Must be one of:
  • public
  • private
created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

author   object   

User who wrote the note.

Create config entry note

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/device/1/config/1/notes" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"note\": \"Accusamus qui molestias dolores rerum qui qui et.\",
    \"type\": \"public\"
}"
const url = new URL(
    "http://localhost:8000/api/device/1/config/1/notes"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "note": "Accusamus qui molestias dolores rerum qui qui et.",
    "type": "public"
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (200):


{
    "id": 4,
    "config_history_id": 10,
    "user_id": 86,
    "note": "Laboriosam reiciendis sit qui fugiat quaerat eos.",
    "type": "public",
    "created_at": "2026-06-29T13:08:02.000000Z",
    "updated_at": "2026-06-29T13:08:02.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to add config notes",
    "code": "CONFIG_NOTES:CREATE:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Device not found):


{
    "message": "Device not found",
    "code": "CONFIG_NOTES:CREATE:DEVICE_NOT_FOUND"
}
 

Example response (404, Config history entry not found):


{
    "message": "Config history entry not found",
    "code": "CONFIG_NOTES:CREATE:HISTORY_ENTRY_NOT_FOUND"
}
 

Request   

POST api/device/{deviceId}/config/{configId}/notes

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

deviceId   integer   

Device ID. Example: 1

configId   integer   

Config history entry ID. Example: 1

Body Parameters

note   string  optional  

Note text. Example: Accusamus qui molestias dolores rerum qui qui et.

type   string  optional  

Type of the note. Default: public. Example: public

Must be one of:
  • public
  • private

Response

Response Fields

id   integer   

Note ID.

config_history_id   integer   

Associated config history entry ID.

user_id   integer   

ID of the user who wrote the note.

note   string   

Note content.

type   string   

Note visibility.

Must be one of:
  • public
  • private
created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

author   object   

User who wrote the note.

Delete config note

requires authentication

Example request:
curl --request DELETE \
    "http://localhost:8000/api/device/1/config/1/notes/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/device/1/config/1/notes/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "DELETE",
    headers,
}).then(response => response.json());

Example response (202, OK):


{
    "message": "Config history note deleted",
    "code": "CONFIG_NOTES:DELETE:DELETED"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to delete config notes",
    "code": "CONFIG_NOTES:DELETE:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Device not found):


{
    "message": "Device not found",
    "code": "CONFIG_NOTES:DELETE:DEVICE_NOT_FOUND"
}
 

Example response (404, Config history entry not found):


{
    "message": "Config history entry not found",
    "code": "CONFIG_NOTES:DELETE:HISTORY_ENTRY_NOT_FOUND"
}
 

Example response (404, Config history note not found):


{
    "message": "Config history note not found",
    "code": "CONFIG_NOTES:DELETE:HISTORY_NOTE_NOT_FOUND"
}
 

Request   

DELETE api/device/{deviceId}/config/{configId}/notes/{noteId}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

deviceId   integer   

Device ID. Example: 1

configId   integer   

Config history entry ID. Example: 1

noteId   integer   

Device config entry note ID. Example: 1

Config Schema

API endpoints for config schema management

Get config schema

requires authentication

Returns list of config schema entries for given firmware version.

Example request:
curl --request GET \
    --get "http://localhost:8000/api/versions/firmware/1/schema?filter=modes" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/versions/firmware/1/schema"
);

const params = {
    "filter": "modes",
};
Object.keys(params)
    .forEach(key => url.searchParams.append(key, params[key]));

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


[
    {
        "id": 1,
        "firmware_id": 7,
        "key": "vero",
        "is_common": 0,
        "created_at": "2026-06-29T13:09:20.000000Z",
        "updated_at": "2026-06-29T13:09:20.000000Z"
    },
    {
        "id": 2,
        "firmware_id": 9,
        "key": "suscipit",
        "is_common": 0,
        "created_at": "2026-06-29T13:09:20.000000Z",
        "updated_at": "2026-06-29T13:09:20.000000Z"
    }
]
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to view config schema",
    "code": "CONFIG_SCHEMA:GET:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Firmware version not found):


{
    "message": "Firmware version not found",
    "code": "CONFIG_SCHEMA:GET:FIRMWARE_NOT_FOUND"
}
 

Request   

GET api/versions/firmware/{firmwareId}/schema

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

firmwareId   integer   

Firmware version ID. Example: 1

Query Parameters

filter   string  optional  

Filter entries by type (available: common, modes). By default all entries all returned. Example: modes

Response

Response Fields

id   integer   

Config schema ID.

firmware_id   integer   

Associated firmware version ID.

key   string   

Config schema key.

is_common   boolean   

Whether this key is shared across all modes.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

firmware   object   

Associated firmware version.

Add config schema

requires authentication

Add one or many config schema entries. Each entry is one key in config. Body of this request is simple array of objects:


            [
                {"key": "key_name", "is_common": 1},
                {"key": "another_name", "is_common": 0},
                ...
            ]
        
Example request:
curl --request POST \
    "http://localhost:8000/api/versions/firmware/nesciunt/schema" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "[
    {
        \"key\": \"gripsPosition.0.initial\",
        \"is_common\": 1
    }
]"
const url = new URL(
    "http://localhost:8000/api/versions/firmware/nesciunt/schema"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = [
    {
        "key": "gripsPosition.0.initial",
        "is_common": 1
    }
];

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (200):


[
    {
        "id": 3,
        "firmware_id": 11,
        "key": "omnis",
        "is_common": 1,
        "created_at": "2026-06-29T13:09:20.000000Z",
        "updated_at": "2026-06-29T13:09:20.000000Z"
    },
    {
        "id": 4,
        "firmware_id": 13,
        "key": "enim",
        "is_common": 0,
        "created_at": "2026-06-29T13:09:20.000000Z",
        "updated_at": "2026-06-29T13:09:20.000000Z"
    }
]
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to manage config schema",
    "code": "CONFIG_SCHEMA:ADD:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Firmware version not found):


{
    "message": "Firmware version not found",
    "code": "CONFIG_SCHEMA:ADD:FIRMWARE_NOT_FOUND"
}
 

Request   

POST api/versions/firmware/{firmwareId}/schema

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

firmwareId   string   

Example: nesciunt

Body Parameters

The request body is an array (object[]`). Each item has the following properties:

key   string  optional  

Config key. Example: gripsPosition.0.initial

is_common   integer  optional  

Information if the key belongs to common config (1) or to modes (0). Default: 1. Example: 1

Response

Response Fields

id   integer   

Config schema ID.

firmware_id   integer   

Associated firmware version ID.

key   string   

Config schema key.

is_common   boolean   

Whether this key is shared across all modes.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

firmware   object   

Associated firmware version.

Delete config schema

requires authentication

Example request:
curl --request DELETE \
    "http://localhost:8000/api/versions/firmware/1/schema/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/versions/firmware/1/schema/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "DELETE",
    headers,
}).then(response => response.json());

Example response (202, OK):


{
    "message": "Config schema entry deleted",
    "code": "CONFIG_SCHEMA:DELETE:DELETED"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to manage config schema",
    "code": "CONFIG_SCHEMA:DELETE:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Firmware version not found):


{
    "message": "Firmware version not found",
    "code": "CONFIG_SCHEMA:DELETE:FIRMWARE_NOT_FOUND"
}
 

Example response (404, Config schema entry not found):


{
    "message": "Config schema entry not found",
    "code": "CONFIG_SCHEMA:DELETE:SCHEMA_NOT_FOUND"
}
 

Request   

DELETE api/versions/firmware/{firmwareId}/schema/{schemaId}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

firmwareId   integer   

Firmware version ID. Example: 1

schemaId   integer   

Config schema ID. Example: 1

Config Templates

API endpoints for managing config templates

Get config templates list

requires authentication

Entries where author is present are private and owned by its author. Entries where author is null should be considered as global templates prepared by Aether team.

Example request:
curl --request GET \
    --get "http://localhost:8000/api/config/templates?search=sport&author=1&scope=me" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/config/templates"
);

const params = {
    "search": "sport",
    "author": "1",
    "scope": "me",
};
Object.keys(params)
    .forEach(key => url.searchParams.append(key, params[key]));

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


{
    "paginator": {
        "total": 2,
        "count": 2,
        "perpage": 20,
        "current_page": 1,
        "last_page": 1
    },
    "items": [
        {
            "id": 1,
            "name": "Voluptatem labore numquam illo sunt quia voluptatem.",
            "description": "Sunt id quis iure quia nostrum molestiae consequuntur.",
            "author_id": 100,
            "company_id": null,
            "config": "{\"autoGrasp\":[0,0],\"coContractionTimings\":[300,300],\"controlMode\":[0],\"emgGains\":[100,100],\"emgSpike\":[1,300],\"emgThresholds\":[30,90,50,30,30,70,30,60,10,40],\"gripPairsConfig\":[8,2,13,9,4,12,5,6],\"gripSequentialConfig\":[10,5,255,255,13,1,255,12,8,255,255,255],\"gripSwitchingMode\":[1],\"holdOpen\":[1500,2000],\"pulseTimings\":[90,370,670,930],\"softGrip\":[1],\"speedControlStrategy\":[0]}",
            "created_at": "2026-06-29T13:08:08.000000Z",
            "updated_at": "2026-06-29T13:08:08.000000Z",
            "author": {
                "id": 100,
                "mrn": "VY4ZTKDM1782738488",
                "name": "Juvenal Satterfield",
                "email": "1782738488fspencer@example.com",
                "language": "en",
                "phone": "(341) 660-1664",
                "phone_country": "BA",
                "phone_verified_at": null,
                "address1": "70853 Ellsworth Lakes",
                "address2": "Port Jeniferfort, NY 97734-6046",
                "postal_code": "51319",
                "city": "Kiehn-Veum",
                "country": "EE",
                "clinic_name": "North Telly",
                "clinic_location": "1463 Celia Lane Suite 730\nKayliberg, CA 23789-4682",
                "image": null,
                "mfa_enabled": 0,
                "mfa_method": null,
                "mfa_verified_to": null,
                "location_id": null,
                "created_by": null,
                "active": 1,
                "is_internal": 0,
                "notifications_timezone": null,
                "notifications_at": null,
                "created_at": "2026-06-29T13:08:08.000000Z",
                "updated_at": "2026-06-29T13:08:08.000000Z",
                "invitation_status": null,
                "acadle_invitation_status": null,
                "roles": []
            }
        },
        {
            "id": 2,
            "name": "Laboriosam autem quis unde quae.",
            "description": "Omnis incidunt et ratione quis.",
            "author_id": 101,
            "company_id": null,
            "config": "{\"autoGrasp\":[1,100],\"coContractionTimings\":[300,200],\"controlMode\":[1],\"emgGains\":[100,100],\"emgSpike\":[1,300],\"emgThresholds\":[40,100,20,70,60,0,60,30,30,60],\"gripPairsConfig\":[1,4,10,9,7,5,6,12],\"gripSequentialConfig\":[12,1,255,13,2,5,255,255,10,7,255,9],\"gripSwitchingMode\":[3],\"holdOpen\":[1500,2500],\"pulseTimings\":[240,230,30,620],\"softGrip\":[0],\"speedControlStrategy\":[0]}",
            "created_at": "2026-06-29T13:08:09.000000Z",
            "updated_at": "2026-06-29T13:08:09.000000Z",
            "author": {
                "id": 101,
                "mrn": "SBSK5SAG1782738488",
                "name": "Dr. Franz Considine II",
                "email": "1782738488boehm.fiona@example.com",
                "language": "en",
                "phone": "+15208418670",
                "phone_country": "FM",
                "phone_verified_at": null,
                "address1": "4015 Wolff Way Suite 677",
                "address2": "Lake Pearlineborough, KY 03205",
                "postal_code": "82897-1384",
                "city": "Mosciski-Rolfson",
                "country": "SK",
                "clinic_name": "Shanelleview",
                "clinic_location": "1368 Bethany Prairie Apt. 631\nNorth Irving, CA 64045",
                "image": null,
                "mfa_enabled": 0,
                "mfa_method": null,
                "mfa_verified_to": null,
                "location_id": null,
                "created_by": null,
                "active": 1,
                "is_internal": 0,
                "notifications_timezone": null,
                "notifications_at": null,
                "created_at": "2026-06-29T13:08:08.000000Z",
                "updated_at": "2026-06-29T13:08:08.000000Z",
                "invitation_status": null,
                "acadle_invitation_status": null,
                "roles": []
            }
        }
    ]
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to list config templates",
    "code": "CONFIG_TEMPLATES:LIST:INSUFFICIENT_PERMISSION"
}
 

Request   

GET api/config/templates

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Query Parameters

search   string  optional  

Filter config templates by name. Example: sport

author   integer  optional  

Super Admin only: Filter config templates by author. Example: 1

scope   string  optional  

ClinicAdmin/Clinician/ClinicianSupport only: Filter config templates by scope. The value must be one of:

  • me (entries where current user is author),
  • global (entries added by Aether).
Example: `me`
perpage   integer  optional  

Elements per page (Default: 20).

page   integer  optional  

Page number (Default: 1).

extend   string  optional  

Comma-separated list of relation extensions (available: author).

Response

Response Fields

items   object   
id   integer   

Config template ID.

name   string   

Template name.

description   string   

Template description.

author_id   integer   

ID of the user who created the template.

company_id   integer   

Associated company ID.

config   string   

Serialized config data.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

author   object   

User who created the template.

notes   object[]   

Notes attached to this template.

paginator   object   
total   integer   

Total number of items.

count   integer   

Number of items on current page.

perpage   integer   

Items per page.

current_page   integer   

Current page number.

last_page   integer   

Last page number.

Get config template

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/config/templates/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/config/templates/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


{
    "id": 3,
    "name": "Doloribus voluptatum iste possimus in.",
    "description": "Aut nulla illum nemo iure.",
    "author_id": 102,
    "company_id": null,
    "config": "{\"autoGrasp\":[1,0],\"coContractionTimings\":[500,200],\"controlMode\":[0],\"emgGains\":[100,100],\"emgSpike\":[0,300],\"emgThresholds\":[20,60,20,80,90,70,20,50,10,20],\"gripPairsConfig\":[5,9,12,13,10,8,7,1],\"gripSequentialConfig\":[1,6,12,255,11,10,4,255,8,255,5,2],\"gripSwitchingMode\":[2],\"holdOpen\":[2000,2500],\"pulseTimings\":[480,430,540,460],\"softGrip\":[0],\"speedControlStrategy\":[1]}",
    "created_at": "2026-06-29T13:08:09.000000Z",
    "updated_at": "2026-06-29T13:08:09.000000Z",
    "author": {
        "id": 102,
        "mrn": "QDXG5WDD1782738489",
        "name": "Chet O'Hara",
        "email": "1782738489ppurdy@example.org",
        "language": "en",
        "phone": "(610) 867-9279",
        "phone_country": "BQ",
        "phone_verified_at": null,
        "address1": "59189 Shanie Light Apt. 616",
        "address2": "McDermottfort, NE 75710",
        "postal_code": "14457",
        "city": "Mertz and Sons",
        "country": "CZ",
        "clinic_name": "West Therese",
        "clinic_location": "26157 Dimitri Spur\nRafaelport, NY 76370-4317",
        "image": null,
        "mfa_enabled": 0,
        "mfa_method": null,
        "mfa_verified_to": null,
        "location_id": null,
        "created_by": null,
        "active": 1,
        "is_internal": 0,
        "notifications_timezone": null,
        "notifications_at": null,
        "created_at": "2026-06-29T13:08:09.000000Z",
        "updated_at": "2026-06-29T13:08:09.000000Z",
        "invitation_status": null,
        "acadle_invitation_status": null,
        "roles": []
    }
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to view config template",
    "code": "CONFIG_TEMPLATES:GET:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Config template not found):


{
    "message": "Config template not found",
    "code": "CONFIG_TEMPLATES:GET:TEMPLATE_NOT_FOUND"
}
 

Request   

GET api/config/templates/{id}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   integer   

Config template ID. Example: 1

Query Parameters

extend   string  optional  

Comma-separated list of relation extensions (available: author).

Response

Response Fields

id   integer   

Config template ID.

name   string   

Template name.

description   string   

Template description.

author_id   integer   

ID of the user who created the template.

company_id   integer   

Associated company ID.

config   string   

Serialized config data.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

author   object   

User who created the template.

notes   object[]   

Notes attached to this template.

Create new config template

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/config/templates" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"name\": \"Default config for Aether Zeus\",
    \"description\": \"Description of the config template.\",
    \"owner\": \"company\",
    \"author\": 1,
    \"config\": \"{\\\"param_1\\\": [100, 200], \\\"param_2\\\": [100, 200, 300]}\"
}"
const url = new URL(
    "http://localhost:8000/api/config/templates"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "name": "Default config for Aether Zeus",
    "description": "Description of the config template.",
    "owner": "company",
    "author": 1,
    "config": "{\"param_1\": [100, 200], \"param_2\": [100, 200, 300]}"
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (201):


{
    "id": 4,
    "name": "Repellat aut est et sunt ad id consectetur.",
    "description": "Et asperiores officiis dolorem rerum ut reiciendis.",
    "author_id": 103,
    "company_id": null,
    "config": "{\"autoGrasp\":[0,0],\"coContractionTimings\":[200,100],\"controlMode\":[1],\"emgGains\":[100,100],\"emgSpike\":[1,300],\"emgThresholds\":[10,70,50,0,10,20,60,40,0,80],\"gripPairsConfig\":[6,1,12,8,7,9,11,3],\"gripSequentialConfig\":[13,9,8,255,2,11,7,6,3,10,1,255],\"gripSwitchingMode\":[2],\"holdOpen\":[1500,1500],\"pulseTimings\":[800,500,110,50],\"softGrip\":[1],\"speedControlStrategy\":[0]}",
    "created_at": "2026-06-29T13:08:10.000000Z",
    "updated_at": "2026-06-29T13:08:10.000000Z",
    "author": {
        "id": 103,
        "mrn": "22FHBGAU1782738489",
        "name": "Myrtis Goodwin Jr.",
        "email": "1782738489lharvey@example.net",
        "language": "en",
        "phone": "(657) 708-0168",
        "phone_country": "CF",
        "phone_verified_at": null,
        "address1": "5223 Greenfelder Branch Apt. 817",
        "address2": "East Trudie, MA 69520",
        "postal_code": "33739-7806",
        "city": "Abernathy, Hane and Kovacek",
        "country": "CZ",
        "clinic_name": "Port Letitia",
        "clinic_location": "106 Lew Canyon\nMonteside, MA 10271",
        "image": null,
        "mfa_enabled": 0,
        "mfa_method": null,
        "mfa_verified_to": null,
        "location_id": null,
        "created_by": null,
        "active": 1,
        "is_internal": 0,
        "notifications_timezone": null,
        "notifications_at": null,
        "created_at": "2026-06-29T13:08:09.000000Z",
        "updated_at": "2026-06-29T13:08:09.000000Z",
        "invitation_status": null,
        "acadle_invitation_status": null,
        "roles": []
    }
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to create config template",
    "code": "CONFIG_TEMPLATES:CREATE:INSUFFICIENT_PERMISSION"
}
 

Request   

POST api/config/templates

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Body Parameters

name   string   

Name of the config template. Example: Default config for Aether Zeus

description   string  optional  

Description of the config template. Example: Description of the config template.

owner   string  optional  

Mark config template owned by clinician or company. Default: me (clinician). Example: company

Must be one of:
  • me
  • company
author   string  optional  

Super Admin only: User ID to be the author of template. The id of an existing record in the App\Models\User table. Example: 1

config   string   

Full config. MUST_BE_JSON. Example: {"param_1": [100, 200], "param_2": [100, 200, 300]}

Response

Response Fields

id   integer   

Config template ID.

name   string   

Template name.

description   string   

Template description.

author_id   integer   

ID of the user who created the template.

company_id   integer   

Associated company ID.

config   string   

Serialized config data.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

author   object   

User who created the template.

notes   object[]   

Notes attached to this template.

Update config template

requires authentication

Example request:
curl --request PUT \
    "http://localhost:8000/api/config/templates/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"name\": \"Default config for Aether Zeus\",
    \"description\": \"Description of the config template.\",
    \"owner\": \"company\",
    \"author\": 1,
    \"config\": \"{\\\"param_1\\\": [100, 200], \\\"param_2\\\": [100, 200, 300]}\"
}"
const url = new URL(
    "http://localhost:8000/api/config/templates/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "name": "Default config for Aether Zeus",
    "description": "Description of the config template.",
    "owner": "company",
    "author": 1,
    "config": "{\"param_1\": [100, 200], \"param_2\": [100, 200, 300]}"
};

fetch(url, {
    method: "PUT",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (202):


{
    "id": 5,
    "name": "Vel hic et iure corporis.",
    "description": "Optio non rerum eos facere eos maiores.",
    "author_id": 104,
    "company_id": null,
    "config": "{\"autoGrasp\":[1,100],\"coContractionTimings\":[500,100],\"controlMode\":[0],\"emgGains\":[100,100],\"emgSpike\":[0,300],\"emgThresholds\":[90,100,50,60,30,100,50,80,70,0],\"gripPairsConfig\":[2,4,6,8,10,13,1,11],\"gripSequentialConfig\":[11,255,6,5,255,255,255,255,255,9,8,10],\"gripSwitchingMode\":[3],\"holdOpen\":[2000,2000],\"pulseTimings\":[460,160,330,970],\"softGrip\":[1],\"speedControlStrategy\":[1]}",
    "created_at": "2026-06-29T13:08:10.000000Z",
    "updated_at": "2026-06-29T13:08:10.000000Z",
    "author": {
        "id": 104,
        "mrn": "9J26BWWR1782738490",
        "name": "Dr. Mollie Weissnat III",
        "email": "1782738490demario.rogahn@example.org",
        "language": "en",
        "phone": "+1-480-448-9274",
        "phone_country": "EC",
        "phone_verified_at": null,
        "address1": "4292 Jayson Knoll Suite 218",
        "address2": "South Citlalli, NH 95370-4552",
        "postal_code": "63768",
        "city": "Hill-Gorczany",
        "country": "GB",
        "clinic_name": "South Enricofurt",
        "clinic_location": "2088 Morar Tunnel\nNew Vaughn, WI 50751-4841",
        "image": null,
        "mfa_enabled": 0,
        "mfa_method": null,
        "mfa_verified_to": null,
        "location_id": null,
        "created_by": null,
        "active": 1,
        "is_internal": 0,
        "notifications_timezone": null,
        "notifications_at": null,
        "created_at": "2026-06-29T13:08:10.000000Z",
        "updated_at": "2026-06-29T13:08:10.000000Z",
        "invitation_status": null,
        "acadle_invitation_status": null,
        "roles": []
    }
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to update config template",
    "code": "CONFIG_TEMPLATES:UPDATE:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Config template not found):


{
    "message": "Config template not found",
    "code": "CONFIG_TEMPLATES:UPDATE:TEMPLATE_NOT_FOUND"
}
 

Request   

PUT api/config/templates/{id}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   integer   

Config template ID. Example: 1

Body Parameters

name   string  optional  

Name of the config template. Example: Default config for Aether Zeus

description   string  optional  

Description of the config template. Example: Description of the config template.

owner   string  optional  

Mark config template owned by clinician or company. Default: me (clinician). Example: company

Must be one of:
  • me
  • company
author   string  optional  

Super Admin only: User ID to be the author of template. The id of an existing record in the App\Models\User table. Example: 1

config   string  optional  

Full config. MUST_BE_JSON. Example: {"param_1": [100, 200], "param_2": [100, 200, 300]}

Response

Response Fields

id   integer   

Config template ID.

name   string   

Template name.

description   string   

Template description.

author_id   integer   

ID of the user who created the template.

company_id   integer   

Associated company ID.

config   string   

Serialized config data.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

author   object   

User who created the template.

notes   object[]   

Notes attached to this template.

Delete config template

requires authentication

Example request:
curl --request DELETE \
    "http://localhost:8000/api/config/templates/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/config/templates/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "DELETE",
    headers,
}).then(response => response.json());

Example response (202, OK):


{
    "message": "Config template deleted",
    "code": "CONFIG_TEMPLATES:DELETE:DELETED"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to delete config template",
    "code": "CONFIG_TEMPLATES:DELETE:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Config template not found):


{
    "message": "Config template not found",
    "code": "CONFIG_TEMPLATES:DELETE:TEMPLATE_NOT_FOUND"
}
 

Request   

DELETE api/config/templates/{id}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   integer   

Config template ID. Example: 1

Config Templates Notes

API endpoints for config templates notes

Get config templates notes list

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/config/templates/1/notes?user=1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/config/templates/1/notes"
);

const params = {
    "user": "1",
};
Object.keys(params)
    .forEach(key => url.searchParams.append(key, params[key]));

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


{
    "paginator": {
        "total": 2,
        "count": 2,
        "perpage": 20,
        "current_page": 1,
        "last_page": 1
    },
    "items": [
        {
            "id": 1,
            "template_id": 6,
            "user_id": 105,
            "note": "Placeat incidunt nisi aut eveniet asperiores voluptatem.",
            "created_at": "2026-06-29T13:08:11.000000Z",
            "updated_at": "2026-06-29T13:08:11.000000Z",
            "author": {
                "id": 105,
                "mrn": "65QSFMMZ1782738490",
                "name": "Estrella Nitzsche MD",
                "email": "1782738490wilford32@example.com",
                "language": "en",
                "phone": "+1.415.702.2990",
                "phone_country": "BG",
                "phone_verified_at": null,
                "address1": "9511 Considine Turnpike Suite 561",
                "address2": "East Domenico, HI 05486-6418",
                "postal_code": "65527-5194",
                "city": "Barton-Turner",
                "country": "RO",
                "clinic_name": "Laurymouth",
                "clinic_location": "9620 Leannon Garden\nLake Augustahaven, SC 45512-1977",
                "image": null,
                "mfa_enabled": 0,
                "mfa_method": null,
                "mfa_verified_to": null,
                "location_id": null,
                "created_by": null,
                "active": 1,
                "is_internal": 0,
                "notifications_timezone": null,
                "notifications_at": null,
                "created_at": "2026-06-29T13:08:10.000000Z",
                "updated_at": "2026-06-29T13:08:10.000000Z",
                "invitation_status": null,
                "acadle_invitation_status": null,
                "roles": []
            }
        },
        {
            "id": 2,
            "template_id": 7,
            "user_id": 106,
            "note": "Consequuntur et expedita totam earum iure.",
            "created_at": "2026-06-29T13:08:11.000000Z",
            "updated_at": "2026-06-29T13:08:11.000000Z",
            "author": {
                "id": 106,
                "mrn": "XPVLU9BT1782738491",
                "name": "Miss Josie Jacobi Jr.",
                "email": "1782738491golda.murazik@example.net",
                "language": "en",
                "phone": "+13365474825",
                "phone_country": "KY",
                "phone_verified_at": null,
                "address1": "215 Austyn Plains",
                "address2": "Candelariofort, WI 67872",
                "postal_code": "15844-7013",
                "city": "Shields, Cole and Deckow",
                "country": "CY",
                "clinic_name": "Kuphalborough",
                "clinic_location": "770 Funk Lodge\nEast Toney, SC 02464",
                "image": null,
                "mfa_enabled": 0,
                "mfa_method": null,
                "mfa_verified_to": null,
                "location_id": null,
                "created_by": null,
                "active": 1,
                "is_internal": 0,
                "notifications_timezone": null,
                "notifications_at": null,
                "created_at": "2026-06-29T13:08:11.000000Z",
                "updated_at": "2026-06-29T13:08:11.000000Z",
                "invitation_status": null,
                "acadle_invitation_status": null,
                "roles": []
            }
        }
    ]
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to access config templates notes",
    "code": "CONFIG_TEMPLATE_NOTES:LIST:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Config template not found):


{
    "message": "Config template not found",
    "code": "CONFIG_TEMPLATE_NOTES:LIST:TEMPLATE_NOT_FOUND"
}
 

Request   

GET api/config/templates/{id}/notes

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   integer   

Config template ID. Example: 1

Query Parameters

user   integer  optional  

Filter notes by user. Example: 1

perpage   integer  optional  

Elements per page (Default: 20).

page   integer  optional  

Page number (Default: 1).

extend   string  optional  

Comma-separated list of relation extensions (available: author).

sortby   string  optional  

Sort by field (available: date). Default: date, desc.

sortdir   string  optional  

Sort direction (available: asc, desc).

Response

Response Fields

items   object   
id   integer   

Note ID.

template_id   integer   

Associated config template ID.

user_id   integer   

ID of the user who wrote the note.

note   string   

Note content.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

author   object   

User who wrote the note.

paginator   object   
total   integer   

Total number of items.

count   integer   

Number of items on current page.

perpage   integer   

Items per page.

current_page   integer   

Current page number.

last_page   integer   

Last page number.

Get config template note

requires authentication

Returns single config template note in response.

Example request:
curl --request GET \
    --get "http://localhost:8000/api/config/templates/1/notes/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/config/templates/1/notes/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


{
    "id": 3,
    "template_id": 8,
    "user_id": 107,
    "note": "Unde in ad maxime ducimus quo.",
    "created_at": "2026-06-29T13:08:12.000000Z",
    "updated_at": "2026-06-29T13:08:12.000000Z",
    "author": {
        "id": 107,
        "mrn": "CDTLN3FZ1782738491",
        "name": "Dell Hammes",
        "email": "1782738491gconn@example.org",
        "language": "en",
        "phone": "(425) 944-1827",
        "phone_country": "SE",
        "phone_verified_at": null,
        "address1": "81001 Kassulke Mountains Apt. 970",
        "address2": "West Maude, OR 04878-2726",
        "postal_code": "87862",
        "city": "Mueller, Muller and Gottlieb",
        "country": "IT",
        "clinic_name": "Lauriannestad",
        "clinic_location": "617 Lottie Cove\nKlockoton, NM 95105-6377",
        "image": null,
        "mfa_enabled": 0,
        "mfa_method": null,
        "mfa_verified_to": null,
        "location_id": null,
        "created_by": null,
        "active": 1,
        "is_internal": 0,
        "notifications_timezone": null,
        "notifications_at": null,
        "created_at": "2026-06-29T13:08:11.000000Z",
        "updated_at": "2026-06-29T13:08:11.000000Z",
        "invitation_status": null,
        "acadle_invitation_status": null,
        "roles": []
    }
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to access config templates notes",
    "code": "CONFIG_TEMPLATE_NOTES:GET:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Config template not found):


{
    "message": "Config template not found",
    "code": "CONFIG_TEMPLATE_NOTES:GET:TEMPLATE_NOT_FOUND"
}
 

Example response (404, Config template note not found):


{
    "message": "Config template note not found",
    "code": "CONFIG_TEMPLATE_NOTES:GET:NOTE_NOT_FOUND"
}
 

Request   

GET api/config/templates/{id}/notes/{noteId}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   integer   

Config template ID. Example: 1

noteId   integer   

Config template note ID. Example: 1

Query Parameters

extend   string  optional  

Comma-separated list of relation extensions (available: author).

Response

Response Fields

id   integer   

Note ID.

template_id   integer   

Associated config template ID.

user_id   integer   

ID of the user who wrote the note.

note   string   

Note content.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

author   object   

User who wrote the note.

Create new config template note

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/config/templates/1/notes" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"note\": \"Soluta sit molestiae repellendus enim cupiditate cum soluta.\"
}"
const url = new URL(
    "http://localhost:8000/api/config/templates/1/notes"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "note": "Soluta sit molestiae repellendus enim cupiditate cum soluta."
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (201):


{
    "id": 4,
    "template_id": 9,
    "user_id": 108,
    "note": "Neque molestiae est qui qui velit vero nesciunt.",
    "created_at": "2026-06-29T13:08:12.000000Z",
    "updated_at": "2026-06-29T13:08:12.000000Z",
    "author": {
        "id": 108,
        "mrn": "8T8EQJRC1782738492",
        "name": "Burley Anderson",
        "email": "1782738492elueilwitz@example.net",
        "language": "en",
        "phone": "872-808-4883",
        "phone_country": "FI",
        "phone_verified_at": null,
        "address1": "695 Leo Islands",
        "address2": "Mayrachester, OH 87051-5356",
        "postal_code": "30929-6839",
        "city": "Johns, Emard and Murphy",
        "country": "NO",
        "clinic_name": "Port Hollis",
        "clinic_location": "217 Jerome Bypass Suite 306\nZiemannburgh, FL 84413",
        "image": null,
        "mfa_enabled": 0,
        "mfa_method": null,
        "mfa_verified_to": null,
        "location_id": null,
        "created_by": null,
        "active": 1,
        "is_internal": 0,
        "notifications_timezone": null,
        "notifications_at": null,
        "created_at": "2026-06-29T13:08:12.000000Z",
        "updated_at": "2026-06-29T13:08:12.000000Z",
        "invitation_status": null,
        "acadle_invitation_status": null,
        "roles": []
    }
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to add config templates notes",
    "code": "CONFIG_TEMPLATE_NOTES:CREATE:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Config template not found):


{
    "message": "Config template not found",
    "code": "CONFIG_TEMPLATE_NOTES:CREATE:TEMPLATE_NOT_FOUND"
}
 

Request   

POST api/config/templates/{id}/notes

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   integer   

Config template ID. Example: 1

Body Parameters

note   string  optional  

Note text. Example: Soluta sit molestiae repellendus enim cupiditate cum soluta.

Response

Response Fields

id   integer   

Note ID.

template_id   integer   

Associated config template ID.

user_id   integer   

ID of the user who wrote the note.

note   string   

Note content.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

author   object   

User who wrote the note.

Delete config template note

requires authentication

Example request:
curl --request DELETE \
    "http://localhost:8000/api/config/templates/1/notes/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/config/templates/1/notes/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "DELETE",
    headers,
}).then(response => response.json());

Example response (202, OK):


{
    "message": "Config template note deleted",
    "code": "CONFIG_TEMPLATE_NOTES:DELETE:DELETED"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to delete config templates notes",
    "code": "CONFIG_TEMPLATE_NOTES:DELETE:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Config template not found):


{
    "message": "Config template not found",
    "code": "CONFIG_TEMPLATE_NOTES:DELETE:TEMPLATE_NOT_FOUND"
}
 

Example response (404, Config template note not found):


{
    "message": "Config template note not found",
    "code": "CONFIG_TEMPLATE_NOTES:DELETE:NOTE_NOT_FOUND"
}
 

Request   

DELETE api/config/templates/{id}/notes/{noteId}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   integer   

Config template ID. Example: 1

noteId   integer   

Config template note ID. Example: 1

Custom Grips

API endpoints for custom grips management

List custom grips templates

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/custom-grips-templates" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/custom-grips-templates"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


{
    "paginator": {
        "total": 2,
        "count": 2,
        "perpage": 20,
        "current_page": 1,
        "last_page": 1
    },
    "items": [
        {
            "id": 1,
            "user_id": 259,
            "name": "bradtke.kane",
            "initial_position": "[50, 50, 50, 50, 50]",
            "limit_position": "[900, 900, 900, 900, 900]",
            "active_fingers": "[0, 1, 1, 1, 1]",
            "created_at": "2026-06-29T13:09:22.000000Z",
            "updated_at": "2026-06-29T13:09:22.000000Z"
        },
        {
            "id": 2,
            "user_id": 260,
            "name": "abechtelar",
            "initial_position": "[50, 50, 50, 50, 50]",
            "limit_position": "[900, 900, 900, 900, 900]",
            "active_fingers": "[0, 1, 1, 1, 1]",
            "created_at": "2026-06-29T13:09:22.000000Z",
            "updated_at": "2026-06-29T13:09:22.000000Z"
        }
    ]
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to manage custom grips templates",
    "code": "CUSTOM_GRIPS_TEMPLATES:LIST:INSUFFICIENT_PERMISSION"
}
 

Request   

GET api/custom-grips-templates

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Query Parameters

perpage   integer  optional  

Elements per page (Default: 20).

page   integer  optional  

Page number (Default: 1).

Response

Response Fields

items   object   
id   integer   

Custom grip template ID.

user_id   integer   

Owner user ID.

name   string   

Template name.

initial_position   string   

Initial finger positions.

limit_position   string   

Limit finger positions.

active_fingers   string   

Active fingers configuration.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

paginator   object   
total   integer   

Total number of items.

count   integer   

Number of items on current page.

perpage   integer   

Items per page.

current_page   integer   

Current page number.

last_page   integer   

Last page number.

Create custom grip template

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/custom-grips-templates" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"name\": \"Custom Grip Template 1\",
    \"initial_position\": \"[50, 50, 50, 50, 50]\",
    \"limit_position\": \"[900, 900, 900, 900, 900]\",
    \"active_fingers\": \"[0, 1, 1, 1, 1]\"
}"
const url = new URL(
    "http://localhost:8000/api/custom-grips-templates"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "name": "Custom Grip Template 1",
    "initial_position": "[50, 50, 50, 50, 50]",
    "limit_position": "[900, 900, 900, 900, 900]",
    "active_fingers": "[0, 1, 1, 1, 1]"
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (201):


{
    "id": 3,
    "user_id": 261,
    "name": "ywuckert",
    "initial_position": "[50, 50, 50, 50, 50]",
    "limit_position": "[900, 900, 900, 900, 900]",
    "active_fingers": "[0, 1, 1, 1, 1]",
    "created_at": "2026-06-29T13:09:23.000000Z",
    "updated_at": "2026-06-29T13:09:23.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to manage custom grips templates",
    "code": "CUSTOM_GRIPS_TEMPLATES:CREATE:INSUFFICIENT_PERMISSION"
}
 

Example response (403, Custom grip template name in use):


{
    "message": "Custom grip template name already in use",
    "code": "CUSTOM_GRIPS_TEMPLATES:CREATE:NAME_IN_USE"
}
 

Request   

POST api/custom-grips-templates

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Body Parameters

name   string   

Name of custom grip template. Example: Custom Grip Template 1

initial_position   string   

Grip initial position. Value should be a string containing the array of values. Example: "[50, 50, 50, 50, 50]". Must start with one of [ Must end with one of ]. Example: [50, 50, 50, 50, 50]

limit_position   string   

Grip limit position. Value should be a string containing the array of values. Example: "[900, 900, 900, 900, 900]". Must start with one of [ Must end with one of ]. Example: [900, 900, 900, 900, 900]

active_fingers   string   

Grip active fingers. Value should be a string containing the array of values. Example: "[0, 1, 1, 1, 1]". Must start with one of [ Must end with one of ]. Example: [0, 1, 1, 1, 1]

Response

Response Fields

id   integer   

Custom grip template ID.

user_id   integer   

Owner user ID.

name   string   

Template name.

initial_position   string   

Initial finger positions.

limit_position   string   

Limit finger positions.

active_fingers   string   

Active fingers configuration.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

Delete custom grip template

requires authentication

Example request:
curl --request DELETE \
    "http://localhost:8000/api/custom-grips-templates/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/custom-grips-templates/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "DELETE",
    headers,
}).then(response => response.json());

Example response (202, OK):


{
    "message": "Custom grip deleted",
    "code": "CUSTOM_GRIPS_TEMPLATES:DELETE:DELETED"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to manage custom grips templates",
    "code": "CUSTOM_GRIPS_TEMPLATES:DELETE:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Custom grip template not found):


{
    "message": "Custom grip template not found",
    "code": "CUSTOM_GRIPS_TEMPLATES:DELETE:TEMPLATE_NOT_FOUND"
}
 

Request   

DELETE api/custom-grips-templates/{id}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   integer   

Custom Grip Template ID. Example: 1

List custom grips

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/device/1/custom-grips" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/device/1/custom-grips"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


{
    "paginator": {
        "total": 2,
        "count": 2,
        "perpage": 20,
        "current_page": 1,
        "last_page": 1
    },
    "items": [
        {
            "id": 1,
            "device_id": 135,
            "name": "rkeebler",
            "opposed": 1,
            "grip_number": 0,
            "created_at": "2026-06-29T13:09:23.000000Z",
            "updated_at": "2026-06-29T13:09:23.000000Z"
        },
        {
            "id": 2,
            "device_id": 136,
            "name": "koch.jayden",
            "opposed": 1,
            "grip_number": 0,
            "created_at": "2026-06-29T13:09:23.000000Z",
            "updated_at": "2026-06-29T13:09:23.000000Z"
        }
    ]
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to view custom grips",
    "code": "CUSTOM_GRIPS:LIST:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Device not found):


{
    "message": "Device not found",
    "code": "CUSTOM_GRIPS:LIST:DEVICE_NOT_FOUND"
}
 

Request   

GET api/device/{deviceId}/custom-grips

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

deviceId   integer   

Device ID. Example: 1

Query Parameters

perpage   integer  optional  

Elements per page (Default: 20).

page   integer  optional  

Page number (Default: 1).

Response

Response Fields

items   object   
id   integer   

Custom grip ID.

device_id   integer   

Associated device ID.

name   string   

Custom grip name.

opposed   boolean   

Whether the grip is opposed.

grip_number   integer   

Grip slot number.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

paginator   object   
total   integer   

Total number of items.

count   integer   

Number of items on current page.

perpage   integer   

Items per page.

current_page   integer   

Current page number.

last_page   integer   

Last page number.

Create custom grip

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/device/1/custom-grips" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"name\": \"Custom Grip 1\",
    \"opposed\": true,
    \"grip_number\": 1
}"
const url = new URL(
    "http://localhost:8000/api/device/1/custom-grips"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "name": "Custom Grip 1",
    "opposed": true,
    "grip_number": 1
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (201):


{
    "id": 3,
    "device_id": 137,
    "name": "norberto96",
    "opposed": 1,
    "grip_number": 0,
    "created_at": "2026-06-29T13:09:23.000000Z",
    "updated_at": "2026-06-29T13:09:23.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to manage custom grips",
    "code": "CUSTOM_GRIPS:CREATE:INSUFFICIENT_PERMISSION"
}
 

Example response (403, Custom grip name in use):


{
    "message": "Custom grip name already in use",
    "code": "CUSTOM_GRIPS:CREATE:NAME_IN_USE"
}
 

Example response (404, Device not found):


{
    "message": "Device not found",
    "code": "CUSTOM_GRIPS:CREATE:DEVICE_NOT_FOUND"
}
 

Request   

POST api/device/{deviceId}/custom-grips

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

deviceId   integer   

Device ID. Example: 1

Body Parameters

name   string   

Name of custom grip. Example: Custom Grip 1

opposed   boolean   

Grip opposed status. Example: true

grip_number   integer   

Grip number (not ID). Example: 1

Response

Response Fields

id   integer   

Custom grip ID.

device_id   integer   

Associated device ID.

name   string   

Custom grip name.

opposed   boolean   

Whether the grip is opposed.

grip_number   integer   

Grip slot number.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

Update custom grip

requires authentication

Example request:
curl --request PUT \
    "http://localhost:8000/api/device/1/custom-grips/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"name\": \"Custom Grip 1\",
    \"opposed\": true,
    \"grip_number\": 1
}"
const url = new URL(
    "http://localhost:8000/api/device/1/custom-grips/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "name": "Custom Grip 1",
    "opposed": true,
    "grip_number": 1
};

fetch(url, {
    method: "PUT",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (202):


{
    "id": 4,
    "device_id": 138,
    "name": "rosalee.ferry",
    "opposed": 1,
    "grip_number": 0,
    "created_at": "2026-06-29T13:09:23.000000Z",
    "updated_at": "2026-06-29T13:09:23.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to manage custom grips",
    "code": "CUSTOM_GRIPS:UPDATE:INSUFFICIENT_PERMISSION"
}
 

Example response (403, Custom grip name in use):


{
    "message": "Custom grip name already in use",
    "code": "CUSTOM_GRIPS:UPDATE:NAME_IN_USE"
}
 

Example response (404, Device not found):


{
    "message": "Device not found",
    "code": "CUSTOM_GRIPS:UPDATE:DEVICE_NOT_FOUND"
}
 

Example response (404, Custom grip not found):


{
    "message": "Custom grip not found",
    "code": "CUSTOM_GRIPS:UPDATE:GRIP_NOT_FOUND"
}
 

Request   

PUT api/device/{deviceId}/custom-grips/{gripId}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

deviceId   integer   

Device ID. Example: 1

gripId   integer   

Custom Grip ID. Example: 1

Body Parameters

name   string  optional  

Name of custom grip. Example: Custom Grip 1

opposed   boolean  optional  

Grip opposed status. Example: true

grip_number   integer  optional  

Grip number (not ID). Example: 1

Response

Response Fields

id   integer   

Custom grip ID.

device_id   integer   

Associated device ID.

name   string   

Custom grip name.

opposed   boolean   

Whether the grip is opposed.

grip_number   integer   

Grip slot number.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

Delete custom grip

requires authentication

Example request:
curl --request DELETE \
    "http://localhost:8000/api/device/1/custom-grips/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/device/1/custom-grips/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "DELETE",
    headers,
}).then(response => response.json());

Example response (202, OK):


{
    "message": "Custom grip template deleted",
    "code": "CUSTOM_GRIPS:DELETE:DELETED"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to manage custom grips",
    "code": "CUSTOM_GRIPS:DELETE:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Device not found):


{
    "message": "Device not found",
    "code": "CUSTOM_GRIPS:DELETE:DEVICE_NOT_FOUND"
}
 

Example response (404, Custom grip not found):


{
    "message": "Custom grip not found",
    "code": "CUSTOM_GRIPS:DELETE:GRIP_NOT_FOUND"
}
 

Request   

DELETE api/device/{deviceId}/custom-grips/{gripId}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

deviceId   integer   

Device ID. Example: 1

gripId   integer   

Custom Grip ID. Example: 1

Device Models

API endpoints for device models management

Get device models list

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/devices/models?active=1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/devices/models"
);

const params = {
    "active": "1",
};
Object.keys(params)
    .forEach(key => url.searchParams.append(key, params[key]));

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


[
    {
        "id": 3,
        "name": "Zeus hand v1",
        "type": "leg",
        "orientation": "right",
        "active": 1,
        "created_at": "2026-06-29T13:07:39.000000Z",
        "updated_at": "2026-06-29T13:07:39.000000Z"
    },
    {
        "id": 4,
        "name": "Zeus hand v1",
        "type": "arm",
        "orientation": "right",
        "active": 1,
        "created_at": "2026-06-29T13:07:39.000000Z",
        "updated_at": "2026-06-29T13:07:39.000000Z"
    }
]
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to list device models",
    "code": "DEVICE_MODELS:LIST:INSUFFICIENT_PERMISSION"
}
 

Request   

GET api/devices/models

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Query Parameters

active   integer  optional  

Filter device models by active status (available: 0 - only inactive, 1 - only active, any - all users). Default: 1. Example: 1

Response

Response Fields

id   integer   

Device model ID.

name   string   

Model name.

type   string   

Model type.

orientation   string   

Model orientation.

active   boolean   

Whether the model is active.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

Create device model

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/devices/models" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"name\": \"Zeus hand v1\",
    \"type\": \"hand\",
    \"orientation\": \"left\",
    \"active\": true
}"
const url = new URL(
    "http://localhost:8000/api/devices/models"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "name": "Zeus hand v1",
    "type": "hand",
    "orientation": "left",
    "active": true
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (201):


{
    "id": 5,
    "name": "Zeus hand v1",
    "type": "arm",
    "orientation": "left",
    "active": 1,
    "created_at": "2026-06-29T13:07:39.000000Z",
    "updated_at": "2026-06-29T13:07:39.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to create device model",
    "code": "DEVICE_MODELS:CREATE:INSUFFICIENT_PERMISSION"
}
 

Request   

POST api/devices/models

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Body Parameters

name   string   

Model name. Example: Zeus hand v1

type   string  optional  

Model type (e.g. hand). Example: hand

orientation   string  optional  

Model orientation if specified. Example: left

active   boolean  optional  

Device model active status (0 - inactive, 1 - active). Example: true

Response

Response Fields

id   integer   

Device model ID.

name   string   

Model name.

type   string   

Model type.

orientation   string   

Model orientation.

active   boolean   

Whether the model is active.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

Update device model

requires authentication

Example request:
curl --request PUT \
    "http://localhost:8000/api/devices/models/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"name\": \"Zeus hand v1\",
    \"type\": \"hand\",
    \"orientation\": \"left\",
    \"active\": true
}"
const url = new URL(
    "http://localhost:8000/api/devices/models/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "name": "Zeus hand v1",
    "type": "hand",
    "orientation": "left",
    "active": true
};

fetch(url, {
    method: "PUT",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (202):


{
    "id": 6,
    "name": "Zeus hand v1",
    "type": "arm",
    "orientation": "right",
    "active": 1,
    "created_at": "2026-06-29T13:07:39.000000Z",
    "updated_at": "2026-06-29T13:07:39.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to update device model",
    "code": "DEVICE_MODELS:UPDATE:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Device model not found):


{
    "message": "Device model not found",
    "code": "DEVICE_MODELS:UPDATE:MODEL_NOT_FOUND"
}
 

Request   

PUT api/devices/models/{id}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   integer   

DeviceModel ID. Example: 1

Body Parameters

name   string  optional  

Model name. Example: Zeus hand v1

type   string  optional  

Model type (e.g. hand). Example: hand

orientation   string  optional  

Model orientation if specified. Example: left

active   boolean  optional  

Device model active status (0 - inactive, 1 - active). Example: true

Response

Response Fields

id   integer   

Device model ID.

name   string   

Model name.

type   string   

Model type.

orientation   string   

Model orientation.

active   boolean   

Whether the model is active.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

Devices

API endpoints for devices management

Check serial number or bluetooth ID

Public endpoint responding with status of given device serial number or bluetooth ID. If any of these numbers can be found in database, status will be true. Otherwise, status will be false (device does not exist).

Example request:
curl --request GET \
    --get "http://localhost:8000/api/device/check/S3R1AL-NUM83R" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"type\": \"serial\"
}"
const url = new URL(
    "http://localhost:8000/api/device/check/S3R1AL-NUM83R"
);

const headers = {
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "type": "serial"
};

fetch(url, {
    method: "GET",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (200, OK):


{
    "status": true
}
 

Request   

GET api/device/check/{serial}

Headers

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

serial   string   

Device serial number or bluetooth ID. Example: S3R1AL-NUM83R

Body Parameters

type   string  optional  

Type of checked identifier. Example: serial

Must be one of:
  • serial
  • bluetooth_id

Get devices list

requires authentication

Possible extend options:

Example request:
curl --request GET \
    --get "http://localhost:8000/api/devices?search=S3R1AL-NUM83R&active=-1&amputee=1&clinician=1&model=1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/devices"
);

const params = {
    "search": "S3R1AL-NUM83R",
    "active": "-1",
    "amputee": "1",
    "clinician": "1",
    "model": "1",
};
Object.keys(params)
    .forEach(key => url.searchParams.append(key, params[key]));

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


{
    "paginator": {
        "total": 2,
        "count": 2,
        "perpage": 20,
        "current_page": 1,
        "last_page": 1
    },
    "items": [
        {
            "id": 5,
            "serial": "68f27064-1b76-39bf-852e-fccd470922f4",
            "bluetooth_id": "9e8b4f1d-2989-3f05-a366-756328d3de51",
            "company_id": null,
            "model_id": 7,
            "amputee_id": 38,
            "clinician_id": null,
            "firmware_version_id": null,
            "pcb_version_id": null,
            "reverse_magnets": 0,
            "is_electrode": 0,
            "active": 1,
            "last_activity_at": "0000-00-00 00:00:00",
            "created_at": "2026-06-29T13:07:39.000000Z",
            "updated_at": "2026-06-29T13:07:39.000000Z",
            "model": {
                "id": 7,
                "name": "Zeus hand v1",
                "type": "leg",
                "orientation": "left",
                "active": 1,
                "created_at": "2026-06-29T13:07:39.000000Z",
                "updated_at": "2026-06-29T13:07:39.000000Z"
            },
            "amputee": {
                "id": 38,
                "mrn": "TJMC2AYW1782738459",
                "name": "Mr. Owen Hickle PhD",
                "email": "1782738459hammes.lacy@example.net",
                "language": "en",
                "phone": "1-954-282-2840",
                "phone_country": "CU",
                "phone_verified_at": null,
                "address1": "132 Barbara Corner",
                "address2": "Drewborough, MT 68933-9603",
                "postal_code": "21720-1900",
                "city": "Lynch Ltd",
                "country": "HR",
                "clinic_name": "Hertaborough",
                "clinic_location": "5490 Ritchie Land\nParkerfurt, NV 11496-3251",
                "image": null,
                "mfa_enabled": 0,
                "mfa_method": null,
                "mfa_verified_to": null,
                "location_id": null,
                "created_by": null,
                "active": 1,
                "is_internal": 0,
                "notifications_timezone": null,
                "notifications_at": null,
                "created_at": "2026-06-29T13:07:39.000000Z",
                "updated_at": "2026-06-29T13:07:39.000000Z",
                "invitation_status": null,
                "acadle_invitation_status": null,
                "roles": []
            }
        },
        {
            "id": 6,
            "serial": "b5e8cf8b-669f-3d94-80a0-c0c7edd04de7",
            "bluetooth_id": "70635825-f4ea-3cb2-b6ff-250b5969918a",
            "company_id": null,
            "model_id": 8,
            "amputee_id": 39,
            "clinician_id": null,
            "firmware_version_id": null,
            "pcb_version_id": null,
            "reverse_magnets": 0,
            "is_electrode": 0,
            "active": 1,
            "last_activity_at": "0000-00-00 00:00:00",
            "created_at": "2026-06-29T13:07:40.000000Z",
            "updated_at": "2026-06-29T13:07:40.000000Z",
            "model": {
                "id": 8,
                "name": "Zeus hand v1",
                "type": "arm",
                "orientation": "left",
                "active": 1,
                "created_at": "2026-06-29T13:07:39.000000Z",
                "updated_at": "2026-06-29T13:07:39.000000Z"
            },
            "amputee": {
                "id": 39,
                "mrn": "NTFKX7DQ1782738459",
                "name": "Jaleel Shanahan",
                "email": "1782738459fosinski@example.net",
                "language": "en",
                "phone": "+1 (430) 370-4356",
                "phone_country": "KI",
                "phone_verified_at": null,
                "address1": "903 Josue Dam",
                "address2": "Fisherfurt, CT 95256-1540",
                "postal_code": "25133-6776",
                "city": "Strosin LLC",
                "country": "SK",
                "clinic_name": "South Albertomouth",
                "clinic_location": "556 Fritsch Harbors Apt. 875\nPort Ally, AR 13477-3872",
                "image": null,
                "mfa_enabled": 0,
                "mfa_method": null,
                "mfa_verified_to": null,
                "location_id": null,
                "created_by": null,
                "active": 1,
                "is_internal": 0,
                "notifications_timezone": null,
                "notifications_at": null,
                "created_at": "2026-06-29T13:07:39.000000Z",
                "updated_at": "2026-06-29T13:07:39.000000Z",
                "invitation_status": null,
                "acadle_invitation_status": null,
                "roles": []
            }
        }
    ]
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to list devices",
    "code": "DEVICES:LIST:INSUFFICIENT_PERMISSION"
}
 

Request   

GET api/devices

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Query Parameters

search   string  optional  

Filter devices by searching in: serial number, bluetooth ID. Example: S3R1AL-NUM83R

active   integer  optional  

Filter devices by active status (available: 0 - only inactive, 1 - only active, -1 - all users). Default: 1. Example: -1

amputee   string  optional  

Filter devices by amputees. Provide single ID (amputee=1), array of IDs (amputee[]=1&amputee[]=2) or comma-separated list of IDs (amputee=1,2). Pass value 0 to get devices unassigned to any amputee. Example: 1

clinician   string  optional  

Filter devices by clinicians. Provide single ID (clinician=1), array of IDs (clinician[]=1&clinician[]=2) or comma-separated list of IDs (clinician=1,2). Pass value 0 to get devices unassigned to any clinician. Example: 1

model   string  optional  

Filter devices by device models. Provide single ID (model=1), array of IDs (model[]=1&model[]=2) or comma-separated list of IDs (model=1,2). Pass value 0 to get devices without model. Example: 1

perpage   integer  optional  

Elements per page (Default: 20).

page   integer  optional  

Page number (Default: 1).

extend   string  optional  

Comma-separated list of relation extensions (available: model, amputee, clinicians, firmwareVersion, pcbVersion, config, joinedDevices, joinedElectrodes).

sortby   string  optional  

Sort by field (available: serial, amputee_name, date). Default: date, desc.

sortdir   string  optional  

Sort direction (available: asc, desc).

Response

Response Fields

items   object   
id   integer   

Device ID.

serial   string   

Device serial number.

bluetooth_id   string   

Bluetooth identifier.

model_id   integer   

Device model ID.

amputee_id   integer   

Assigned patient (amputee) user ID.

firmware_version_id   integer   

Firmware version ID.

pcb_version_id   integer   

PCB version ID.

company_id   integer   

Company ID.

reverse_magnets   boolean   

Whether magnets are reversed.

is_electrode   boolean   

Whether this device is an electrode.

active   boolean   

Whether the device is active.

last_activity_at   string   

Last activity timestamp.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

model   object   

Device model details.

id   integer   

Device model ID.

name   string   

Model name.

type   string   

Model type.

orientation   string   

Model orientation.

active   boolean   

Whether the model is active.

amputee   object   

Assigned patient (amputee) user.

id   integer   

User ID.

name   string   

User full name.

email   string   

User email address.

clinicians   object[]   

Clinicians assigned to this device.

firmwareVersion   object   

Firmware version details.

id   integer   

Firmware version ID.

name   string   

Version name.

file_firmware   string   

Firmware file URL.

file_firmware_v2   string   

Firmware v2 file URL.

file_firmware_v3   string   

Firmware v3 file URL.

file_firmware_v4   string   

Firmware v4 file URL.

file_firmware_v5   string   

Firmware v5 file URL.

file_firmware_new_pcb   string   

New PCB firmware file URL.

file_bootloader   string   

Bootloader file URL.

file_bootloader_v2   string   

Bootloader v2 file URL.

file_bootloader_v3   string   

Bootloader v3 file URL.

file_bootloader_v4   string   

Bootloader v4 file URL.

changelog   string   

Changelog file URL.

pcbVersion   object   

PCB version details.

id   integer   

PCB version ID.

name   string   

Version name.

hardware_id   string   

Hardware identifier.

joinedDevices   object[]   

Joined hand devices.

joinedElectrodes   object[]   

Joined electrode devices.

paginator   object   
total   integer   

Total number of items.

count   integer   

Number of items on current page.

perpage   integer   

Items per page.

current_page   integer   

Current page number.

last_page   integer   

Last page number.

Get device information

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/device/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/device/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


{
    "id": 7,
    "serial": "ea24518c-8d0f-3a09-bc8f-418ce4395da4",
    "bluetooth_id": "85e8808a-ef25-3664-9e10-9748e8081d83",
    "company_id": null,
    "model_id": 9,
    "amputee_id": 40,
    "clinician_id": null,
    "firmware_version_id": 1,
    "pcb_version_id": 1,
    "reverse_magnets": 0,
    "is_electrode": 0,
    "active": 1,
    "last_activity_at": "0000-00-00 00:00:00",
    "created_at": "2026-06-29T13:07:40.000000Z",
    "updated_at": "2026-06-29T13:07:40.000000Z",
    "model": {
        "id": 9,
        "name": "Zeus hand v1",
        "type": "leg",
        "orientation": "left",
        "active": 1,
        "created_at": "2026-06-29T13:07:40.000000Z",
        "updated_at": "2026-06-29T13:07:40.000000Z"
    },
    "amputee": {
        "id": 40,
        "mrn": "43VPD8CB1782738460",
        "name": "Prof. Watson Prosacco II",
        "email": "1782738460ed.herzog@example.com",
        "language": "en",
        "phone": "1-689-924-5156",
        "phone_country": "ER",
        "phone_verified_at": null,
        "address1": "5646 Bartoletti Square Apt. 828",
        "address2": "Lake Rebamouth, CO 73514-2797",
        "postal_code": "68770-7997",
        "city": "Mosciski-Kshlerin",
        "country": "US",
        "clinic_name": "Lake Crystalburgh",
        "clinic_location": "15102 Tracey Drive\nLeonmouth, CA 88656-2175",
        "image": null,
        "mfa_enabled": 0,
        "mfa_method": null,
        "mfa_verified_to": null,
        "location_id": null,
        "created_by": null,
        "active": 1,
        "is_internal": 0,
        "notifications_timezone": null,
        "notifications_at": null,
        "created_at": "2026-06-29T13:07:40.000000Z",
        "updated_at": "2026-06-29T13:07:40.000000Z",
        "invitation_status": null,
        "acadle_invitation_status": null,
        "roles": []
    },
    "pcb_version": {
        "id": 1,
        "name": "3.88.80",
        "hardware_id": "",
        "created_at": "2026-06-29T13:07:40.000000Z",
        "updated_at": "2026-06-29T13:07:40.000000Z"
    }
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to view device data",
    "code": "DEVICES:GET:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Device not found):


{
    "message": "Device not found",
    "code": "DEVICES:GET:DEVICE_NOT_FOUND"
}
 

Request   

GET api/device/{id}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   integer   

Device ID. Example: 1

Query Parameters

extend   string  optional  

Comma-separated list of relation extensions (available: model, amputee, firmwareVersion, pcbVersion, clinicians, joinedDevices, joinedElectrodes).

Response

Response Fields

id   integer   

Device ID.

serial   string   

Device serial number.

bluetooth_id   string   

Bluetooth identifier.

model_id   integer   

Device model ID.

amputee_id   integer   

Assigned patient (amputee) user ID.

firmware_version_id   integer   

Firmware version ID.

pcb_version_id   integer   

PCB version ID.

company_id   integer   

Company ID.

reverse_magnets   boolean   

Whether magnets are reversed.

is_electrode   boolean   

Whether this device is an electrode.

active   boolean   

Whether the device is active.

last_activity_at   string   

Last activity timestamp.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

model   object   

Device model details.

id   integer   

Device model ID.

name   string   

Model name.

type   string   

Model type.

orientation   string   

Model orientation.

active   boolean   

Whether the model is active.

amputee   object   

Assigned patient (amputee) user.

id   integer   

User ID.

name   string   

User full name.

email   string   

User email address.

clinicians   object[]   

Clinicians assigned to this device.

firmwareVersion   object   

Firmware version details.

id   integer   

Firmware version ID.

name   string   

Version name.

file_firmware   string   

Firmware file URL.

file_firmware_v2   string   

Firmware v2 file URL.

file_firmware_v3   string   

Firmware v3 file URL.

file_firmware_v4   string   

Firmware v4 file URL.

file_firmware_v5   string   

Firmware v5 file URL.

file_firmware_new_pcb   string   

New PCB firmware file URL.

file_bootloader   string   

Bootloader file URL.

file_bootloader_v2   string   

Bootloader v2 file URL.

file_bootloader_v3   string   

Bootloader v3 file URL.

file_bootloader_v4   string   

Bootloader v4 file URL.

changelog   string   

Changelog file URL.

pcbVersion   object   

PCB version details.

id   integer   

PCB version ID.

name   string   

Version name.

hardware_id   string   

Hardware identifier.

joinedDevices   object[]   

Joined hand devices.

joinedElectrodes   object[]   

Joined electrode devices.

Create new device

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/device" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"serial\": \"S3R1AL-NUM83R\",
    \"bluetooth_id\": \"BL0123456789\",
    \"model_id\": 1,
    \"amputee_id\": 1,
    \"clinicians\": [
        2
    ],
    \"firmware_version_id\": 1,
    \"pcb_version_id\": 1,
    \"reverse_magnets\": false,
    \"is_electrode\": false,
    \"active\": true,
    \"last_activity_at\": \"2022-08-15 12:00:00\"
}"
const url = new URL(
    "http://localhost:8000/api/device"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "serial": "S3R1AL-NUM83R",
    "bluetooth_id": "BL0123456789",
    "model_id": 1,
    "amputee_id": 1,
    "clinicians": [
        2
    ],
    "firmware_version_id": 1,
    "pcb_version_id": 1,
    "reverse_magnets": false,
    "is_electrode": false,
    "active": true,
    "last_activity_at": "2022-08-15 12:00:00"
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (201):


{
    "id": 8,
    "serial": "8303c8f1-18ed-31cb-aca6-20ad3e920f58",
    "bluetooth_id": "1e38af79-847b-30d1-b7a7-00caa8ad0938",
    "company_id": null,
    "model_id": null,
    "amputee_id": null,
    "clinician_id": null,
    "firmware_version_id": null,
    "pcb_version_id": null,
    "reverse_magnets": 0,
    "is_electrode": 0,
    "active": 1,
    "last_activity_at": "0000-00-00 00:00:00",
    "created_at": "2026-06-29T13:07:40.000000Z",
    "updated_at": "2026-06-29T13:07:40.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to create device",
    "code": "DEVICES:CREATE:INSUFFICIENT_PERMISSION"
}
 

Example response (403, Firmware has no schema):


{
    "message": "Cannot create: firmware has no schema",
    "code": "DEVICES:CREATE:NO_FIRMWARE_SCHEMA"
}
 

Example response (500, Server error):


{
    "message": "Server error: device not created",
    "code": "DEVICES:CREATE:SERVER_ERROR"
}
 

Request   

POST api/device

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Body Parameters

serial   string   

Device serial number. Example: S3R1AL-NUM83R

bluetooth_id   string   

Device Bluetooth ID. Example: BL0123456789

model_id   string   

Device Model ID. The id of an existing record in the App\Models\DeviceModel table. Example: 1

amputee_id   string  optional  

Device amputee ID. The id of an existing record in the App\Models\User table. Example: 1

clinicians   integer[]  optional  

Clinician ID. The id of an existing record in the App\Models\User table.

firmware_version_id   string  optional  

Firmware Version ID. The id of an existing record in the App\Models\FirmwareVersion table. Example: 1

pcb_version_id   string  optional  

PCB Version ID. The id of an existing record in the App\Models\PCBVersion table. Example: 1

reverse_magnets   boolean  optional  

Device reverse magnets. Default: 0. Example: false

is_electrode   boolean  optional  

Super Admin only: Device is electrode. Default: 0. Example: false

active   boolean  optional  

Device active status (0 - inactive, 1 - active). Example: true

last_activity_at   string  optional  

Device last activity date. Update this value each time device connects to the mobile app. Always shift local datetime to UTC timezone. Must be a valid date in the format Y-m-d H:i:s. Example: 2022-08-15 12:00:00

Response

Response Fields

id   integer   

Device ID.

serial   string   

Device serial number.

bluetooth_id   string   

Bluetooth identifier.

model_id   integer   

Device model ID.

amputee_id   integer   

Assigned patient (amputee) user ID.

firmware_version_id   integer   

Firmware version ID.

pcb_version_id   integer   

PCB version ID.

company_id   integer   

Company ID.

reverse_magnets   boolean   

Whether magnets are reversed.

is_electrode   boolean   

Whether this device is an electrode.

active   boolean   

Whether the device is active.

last_activity_at   string   

Last activity timestamp.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

model   object   

Device model details.

id   integer   

Device model ID.

name   string   

Model name.

type   string   

Model type.

orientation   string   

Model orientation.

active   boolean   

Whether the model is active.

amputee   object   

Assigned patient (amputee) user.

id   integer   

User ID.

name   string   

User full name.

email   string   

User email address.

clinicians   object[]   

Clinicians assigned to this device.

firmwareVersion   object   

Firmware version details.

id   integer   

Firmware version ID.

name   string   

Version name.

file_firmware   string   

Firmware file URL.

file_firmware_v2   string   

Firmware v2 file URL.

file_firmware_v3   string   

Firmware v3 file URL.

file_firmware_v4   string   

Firmware v4 file URL.

file_firmware_v5   string   

Firmware v5 file URL.

file_firmware_new_pcb   string   

New PCB firmware file URL.

file_bootloader   string   

Bootloader file URL.

file_bootloader_v2   string   

Bootloader v2 file URL.

file_bootloader_v3   string   

Bootloader v3 file URL.

file_bootloader_v4   string   

Bootloader v4 file URL.

changelog   string   

Changelog file URL.

pcbVersion   object   

PCB version details.

id   integer   

PCB version ID.

name   string   

Version name.

hardware_id   string   

Hardware identifier.

joinedDevices   object[]   

Joined hand devices.

joinedElectrodes   object[]   

Joined electrode devices.

Update device

requires authentication

Amputee of device can update only these fields: serial, bluetooth_id, firmware_version_id, pcb_version_id

Example request:
curl --request PUT \
    "http://localhost:8000/api/device/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"serial\": \"S3R1AL-NUM83R\",
    \"bluetooth_id\": \"BL0123456789\",
    \"model_id\": 1,
    \"amputee_id\": 1,
    \"clinicians\": [
        2
    ],
    \"firmware_version_id\": 1,
    \"pcb_version_id\": 1,
    \"reverse_magnets\": false,
    \"is_electrode\": false,
    \"active\": true,
    \"last_activity_at\": \"2022-08-15 12:00:00\"
}"
const url = new URL(
    "http://localhost:8000/api/device/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "serial": "S3R1AL-NUM83R",
    "bluetooth_id": "BL0123456789",
    "model_id": 1,
    "amputee_id": 1,
    "clinicians": [
        2
    ],
    "firmware_version_id": 1,
    "pcb_version_id": 1,
    "reverse_magnets": false,
    "is_electrode": false,
    "active": true,
    "last_activity_at": "2022-08-15 12:00:00"
};

fetch(url, {
    method: "PUT",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (202):


{
    "id": 9,
    "serial": "4d4c9650-825a-3222-b6f4-63fe5cc55f37",
    "bluetooth_id": "978786cb-fdfd-31ab-85be-0c7a9ea2755d",
    "company_id": null,
    "model_id": null,
    "amputee_id": null,
    "clinician_id": null,
    "firmware_version_id": null,
    "pcb_version_id": null,
    "reverse_magnets": 0,
    "is_electrode": 0,
    "active": 1,
    "last_activity_at": "0000-00-00 00:00:00",
    "created_at": "2026-06-29T13:07:40.000000Z",
    "updated_at": "2026-06-29T13:07:40.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to update device",
    "code": "DEVICES:UPDATE:INSUFFICIENT_PERMISSION"
}
 

Example response (403, Firmware has no schema):


{
    "message": "Cannot update: firmware has no schema",
    "code": "DEVICES:UPDATE:NO_FIRMWARE_SCHEMA"
}
 

Example response (403):


{
    "message": "Cannot update: no clinicians left for patient relation",
    "code": "DEVICES:UPDATE:NO_CLINICIANS"
}
 

Example response (404, Device not found):


{
    "message": "Device not found",
    "code": "DEVICES:UPDATE:DEVICE_NOT_FOUND"
}
 

Request   

PUT api/device/{id}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   integer   

Device ID. Example: 1

Body Parameters

serial   string  optional  

Device serial number. Example: S3R1AL-NUM83R

bluetooth_id   string  optional  

Device Bluetooth ID. Example: BL0123456789

model_id   string  optional  

Device Model ID. The id of an existing record in the App\Models\DeviceModel table. Example: 1

amputee_id   string  optional  

Device amputee ID. Pass null to remove assignment. The id of an existing record in the App\Models\User table. Example: 1

clinicians   integer[]  optional  

Clinician ID. The id of an existing record in the App\Models\User table.

firmware_version_id   string  optional  

Firmware Version ID. The id of an existing record in the App\Models\FirmwareVersion table. Example: 1

pcb_version_id   string  optional  

PCB Version ID. The id of an existing record in the App\Models\PCBVersion table. Example: 1

reverse_magnets   boolean  optional  

Device reverse magnets. Default: 0. Example: false

is_electrode   boolean  optional  

Super Admin only: Device is electrode. Default: 0. Example: false

active   boolean  optional  

Device active status (0 - inactive, 1 - active). Example: true

last_activity_at   string  optional  

Device last activity date. Update this value each time device connects to the mobile app. Always shift local datetime to UTC timezone. Must be a valid date in the format Y-m-d H:i:s. Example: 2022-08-15 12:00:00

Response

Response Fields

id   integer   

Device ID.

serial   string   

Device serial number.

bluetooth_id   string   

Bluetooth identifier.

model_id   integer   

Device model ID.

amputee_id   integer   

Assigned patient (amputee) user ID.

firmware_version_id   integer   

Firmware version ID.

pcb_version_id   integer   

PCB version ID.

company_id   integer   

Company ID.

reverse_magnets   boolean   

Whether magnets are reversed.

is_electrode   boolean   

Whether this device is an electrode.

active   boolean   

Whether the device is active.

last_activity_at   string   

Last activity timestamp.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

model   object   

Device model details.

id   integer   

Device model ID.

name   string   

Model name.

type   string   

Model type.

orientation   string   

Model orientation.

active   boolean   

Whether the model is active.

amputee   object   

Assigned patient (amputee) user.

id   integer   

User ID.

name   string   

User full name.

email   string   

User email address.

clinicians   object[]   

Clinicians assigned to this device.

firmwareVersion   object   

Firmware version details.

id   integer   

Firmware version ID.

name   string   

Version name.

file_firmware   string   

Firmware file URL.

file_firmware_v2   string   

Firmware v2 file URL.

file_firmware_v3   string   

Firmware v3 file URL.

file_firmware_v4   string   

Firmware v4 file URL.

file_firmware_v5   string   

Firmware v5 file URL.

file_firmware_new_pcb   string   

New PCB firmware file URL.

file_bootloader   string   

Bootloader file URL.

file_bootloader_v2   string   

Bootloader v2 file URL.

file_bootloader_v3   string   

Bootloader v3 file URL.

file_bootloader_v4   string   

Bootloader v4 file URL.

changelog   string   

Changelog file URL.

pcbVersion   object   

PCB version details.

id   integer   

PCB version ID.

name   string   

Version name.

hardware_id   string   

Hardware identifier.

joinedDevices   object[]   

Joined hand devices.

joinedElectrodes   object[]   

Joined electrode devices.

Delete device

requires authentication

Example request:
curl --request DELETE \
    "http://localhost:8000/api/device/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/device/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "DELETE",
    headers,
}).then(response => response.json());

Example response (202, OK):


{
    "message": "Device deleted",
    "code": "DEVICES:DELETE:DELETED"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to delete device",
    "code": "DEVICES:DELETE:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Device not found):


{
    "message": "Device not found",
    "code": "DEVICES:DELETE:DEVICE_NOT_FOUND"
}
 

Request   

DELETE api/device/{id}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   integer   

Device ID. Example: 1

Get device hashes

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/device/1/hash" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/device/1/hash"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200, OK):


{
    "hash_global": "123456789012345",
    "hash_common_settings": "123456789012345",
    "hash_common_grips": "123456789012345",
    "hash_mode1": "123456789012345",
    "hash_mode2": "123456789012345",
    "hash_mode3": "123456789012345"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to access device hashes",
    "code": "DEVICES:GET_HASHES:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Device not found):


{
    "message": "Device not found",
    "code": "DEVICES:GET_HASHES:DEVICE_NOT_FOUND"
}
 

Request   

GET api/device/{id}/hash

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   integer   

Device ID. Example: 1

Update device hashes

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/device/1/hash" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"hash_global\": \"123456789012345\",
    \"hash_common_settings\": \"123456789012345\",
    \"hash_common_grips\": \"123456789012345\",
    \"hash_mode1\": \"123456789012345\",
    \"hash_mode2\": \"123456789012345\",
    \"hash_mode3\": \"123456789012345\"
}"
const url = new URL(
    "http://localhost:8000/api/device/1/hash"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "hash_global": "123456789012345",
    "hash_common_settings": "123456789012345",
    "hash_common_grips": "123456789012345",
    "hash_mode1": "123456789012345",
    "hash_mode2": "123456789012345",
    "hash_mode3": "123456789012345"
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (202, OK):


{
    "hash_global": "123456789012345",
    "hash_common_settings": "123456789012345",
    "hash_common_grips": "123456789012345",
    "hash_mode1": "123456789012345",
    "hash_mode2": "123456789012345",
    "hash_mode3": "123456789012345"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to access device hashes",
    "code": "DEVICES:SET_HASHES:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Device not found):


{
    "message": "Device not found",
    "code": "DEVICES:SET_HASHES:DEVICE_NOT_FOUND"
}
 

Request   

POST api/device/{id}/hash

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   integer   

Device ID. Example: 1

Body Parameters

hash_global   string  optional  

Global hash. Example: 123456789012345

hash_common_settings   string  optional  

Common settings hash. Example: 123456789012345

hash_common_grips   string  optional  

Common grips hash. Example: 123456789012345

hash_mode1   string  optional  

Mode 1 hash. Example: 123456789012345

hash_mode2   string  optional  

Mode 2 hash. Example: 123456789012345

hash_mode3   string  optional  

Mode 3 hash. Example: 123456789012345

Detach device

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/device/1/detach" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/device/1/detach"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "POST",
    headers,
}).then(response => response.json());

Example response (202, OK):


{
    "message": "Device detached",
    "code": "DEVICES:DETACH:DETACHED"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to detach device",
    "code": "DEVICES:DETACH:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Device not found):


{
    "message": "Device not found",
    "code": "DEVICES:DETACH:DEVICE_NOT_FOUND"
}
 

Request   

POST api/device/{id}/detach

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   integer   

Device ID. Example: 1

Add device

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/device/add/S3R1AL-NUM83R" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/device/add/S3R1AL-NUM83R"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "POST",
    headers,
}).then(response => response.json());

Example response (202):


{
    "id": 10,
    "serial": "a6324504-b570-3acc-8849-e79e32f19261",
    "bluetooth_id": "6d602d2d-34ff-3282-91c9-0fcdbd683261",
    "company_id": null,
    "model_id": null,
    "amputee_id": null,
    "clinician_id": null,
    "firmware_version_id": null,
    "pcb_version_id": null,
    "reverse_magnets": 0,
    "is_electrode": 0,
    "active": 1,
    "last_activity_at": "0000-00-00 00:00:00",
    "created_at": "2026-06-29T13:07:40.000000Z",
    "updated_at": "2026-06-29T13:07:40.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to assign devices with code",
    "code": "DEVICES:ASSIGN:INSUFFICIENT_PERMISSION"
}
 

Example response (403, User reached the temporary limit of attached devices):


{
    "message": "Reached the limit of assigned devices",
    "code": "DEVICES:ASSIGN:LIMIT_REACHED"
}
 

Example response (404, Device not found):


{
    "message": "Device not found",
    "code": "DEVICES:ASSIGN:DEVICE_NOT_FOUND"
}
 

Request   

POST api/device/add/{serial}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

serial   string   

Device serial number or bluetooth ID. Example: S3R1AL-NUM83R

Response

Response Fields

id   integer   

Device ID.

serial   string   

Device serial number.

bluetooth_id   string   

Bluetooth identifier.

model_id   integer   

Device model ID.

amputee_id   integer   

Assigned patient (amputee) user ID.

firmware_version_id   integer   

Firmware version ID.

pcb_version_id   integer   

PCB version ID.

company_id   integer   

Company ID.

reverse_magnets   boolean   

Whether magnets are reversed.

is_electrode   boolean   

Whether this device is an electrode.

active   boolean   

Whether the device is active.

last_activity_at   string   

Last activity timestamp.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

model   object   

Device model details.

id   integer   

Device model ID.

name   string   

Model name.

type   string   

Model type.

orientation   string   

Model orientation.

active   boolean   

Whether the model is active.

amputee   object   

Assigned patient (amputee) user.

id   integer   

User ID.

name   string   

User full name.

email   string   

User email address.

clinicians   object[]   

Clinicians assigned to this device.

firmwareVersion   object   

Firmware version details.

id   integer   

Firmware version ID.

name   string   

Version name.

file_firmware   string   

Firmware file URL.

file_firmware_v2   string   

Firmware v2 file URL.

file_firmware_v3   string   

Firmware v3 file URL.

file_firmware_v4   string   

Firmware v4 file URL.

file_firmware_v5   string   

Firmware v5 file URL.

file_firmware_new_pcb   string   

New PCB firmware file URL.

file_bootloader   string   

Bootloader file URL.

file_bootloader_v2   string   

Bootloader v2 file URL.

file_bootloader_v3   string   

Bootloader v3 file URL.

file_bootloader_v4   string   

Bootloader v4 file URL.

changelog   string   

Changelog file URL.

pcbVersion   object   

PCB version details.

id   integer   

PCB version ID.

name   string   

Version name.

hardware_id   string   

Hardware identifier.

joinedDevices   object[]   

Joined hand devices.

joinedElectrodes   object[]   

Joined electrode devices.

Connect device

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/device/connect/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/device/connect/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "POST",
    headers,
}).then(response => response.json());

Example response (200, OK):


{
    "message": "Device connected",
    "code": "DEVICES:CONNECT:CONNECTED"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to view device data",
    "code": "DEVICES:CONNECT:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Device not found):


{
    "message": "Device not found",
    "code": "DEVICES:CONNECT:DEVICE_NOT_FOUND"
}
 

Request   

POST api/device/connect/{id}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   integer   

Device ID. Example: 1

Disconnect device

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/device/disconnect/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/device/disconnect/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "POST",
    headers,
}).then(response => response.json());

Example response (200, OK):


{
    "message": "Device disconnected",
    "code": "DEVICES:DISCONNECT:DISCONNECTED"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to view device data",
    "code": "DEVICES:DISCONNECT:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Device not found):


{
    "message": "Device not found",
    "code": "DEVICES:DISCONNECT:DEVICE_NOT_FOUND"
}
 

Request   

POST api/device/disconnect/{id}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   integer   

Device ID. Example: 1

Join devices

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/device/join/1/2" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"force\": false,
    \"patient\": 1
}"
const url = new URL(
    "http://localhost:8000/api/device/join/1/2"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "force": false,
    "patient": 1
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (200):


{
    "id": 11,
    "serial": "ad3387b9-7b0f-3cf7-9701-fd6c441049ec",
    "bluetooth_id": "804e6177-b180-3aa0-b062-8ace37239f70",
    "company_id": null,
    "model_id": null,
    "amputee_id": null,
    "clinician_id": null,
    "firmware_version_id": null,
    "pcb_version_id": null,
    "reverse_magnets": 0,
    "is_electrode": 0,
    "active": 1,
    "last_activity_at": "0000-00-00 00:00:00",
    "created_at": "2026-06-29T13:07:40.000000Z",
    "updated_at": "2026-06-29T13:07:40.000000Z",
    "joined_devices": [
        {
            "id": 12,
            "serial": "327fd028-2f53-3507-b2b3-b9d83d34d596",
            "bluetooth_id": "4395e510-343c-3cac-a9cf-396338a2b86a",
            "company_id": null,
            "model_id": null,
            "amputee_id": null,
            "clinician_id": null,
            "firmware_version_id": null,
            "pcb_version_id": null,
            "reverse_magnets": 0,
            "is_electrode": 0,
            "active": 1,
            "last_activity_at": "0000-00-00 00:00:00",
            "created_at": "2026-06-29T13:07:40.000000Z",
            "updated_at": "2026-06-29T13:07:40.000000Z",
            "pivot": {
                "electrode_id": 11,
                "device_id": 12,
                "created_at": "2026-06-29T13:07:41.000000Z",
                "updated_at": "2026-06-29T13:07:41.000000Z"
            }
        }
    ],
    "joined_electrodes": [
        {
            "id": 13,
            "serial": "81b2ac4a-cb85-3006-8560-18b7667ca23e",
            "bluetooth_id": "bbcd0029-5f14-333b-a4b5-bc4cfac78529",
            "company_id": null,
            "model_id": null,
            "amputee_id": null,
            "clinician_id": null,
            "firmware_version_id": null,
            "pcb_version_id": null,
            "reverse_magnets": 0,
            "is_electrode": 0,
            "active": 1,
            "last_activity_at": "0000-00-00 00:00:00",
            "created_at": "2026-06-29T13:07:41.000000Z",
            "updated_at": "2026-06-29T13:07:41.000000Z",
            "pivot": {
                "device_id": 11,
                "electrode_id": 13,
                "created_at": "2026-06-29T13:07:41.000000Z",
                "updated_at": "2026-06-29T13:07:41.000000Z"
            }
        }
    ]
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to join devices",
    "code": "DEVICES:JOIN:INSUFFICIENT_PERMISSION"
}
 

Example response (403, Device 2 has a patient assigned):


{
    "message": "Device 2 has a patient assigned",
    "code": "DEVICES:JOIN:DEVICE2_HAS_PATIENT"
}
 

Example response (403, Device already has an electrode joined):


{
    "message": "Device already has an electrode joined",
    "code": "DEVICES:JOIN:ALREADY_JOINED"
}
 

Example response (403, Server error):


{
    "message": "Server error",
    "code": "DEVICES:JOIN:SERVER_ERROR"
}
 

Example response (404, Device not found):


{
    "message": "Device not found",
    "code": "DEVICES:JOIN:DEVICE_NOT_FOUND"
}
 

Example response (404, Device 1 cannot be an electrode):


{
    "message": "Device 1 cannot be an electrode",
    "code": "DEVICES:JOIN:INCORRECT_DEVICE1_TYPE"
}
 

Example response (404, Device 2 must be an electrode):


{
    "message": "Device 1 must be an electrode",
    "code": "DEVICES:JOIN:INCORRECT_DEVICE2_TYPE"
}
 

Example response (404, Both devices have no patient assigned):


{
    "message": "Both devices have no patient assigned",
    "code": "DEVICES:JOIN:NO_PATIENT"
}
 

Request   

POST api/device/join/{deviceId}/{electrodeId}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

deviceId   integer   

Device ID (hand). Example: 1

electrodeId   integer   

Device ID (electrode). Example: 2

Body Parameters

force   boolean  optional  

Force assignment even if one or both devices are already joined with other devices. Example: false

patient   integer  optional  

Add or replace patient assignment in joined devices. The id of an existing record in the App\Models\User table. Example: 1

Response

Response Fields

id   integer   

Device ID.

serial   string   

Device serial number.

bluetooth_id   string   

Bluetooth identifier.

model_id   integer   

Device model ID.

amputee_id   integer   

Assigned patient (amputee) user ID.

firmware_version_id   integer   

Firmware version ID.

pcb_version_id   integer   

PCB version ID.

company_id   integer   

Company ID.

reverse_magnets   boolean   

Whether magnets are reversed.

is_electrode   boolean   

Whether this device is an electrode.

active   boolean   

Whether the device is active.

last_activity_at   string   

Last activity timestamp.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

model   object   

Device model details.

id   integer   

Device model ID.

name   string   

Model name.

type   string   

Model type.

orientation   string   

Model orientation.

active   boolean   

Whether the model is active.

amputee   object   

Assigned patient (amputee) user.

id   integer   

User ID.

name   string   

User full name.

email   string   

User email address.

clinicians   object[]   

Clinicians assigned to this device.

firmwareVersion   object   

Firmware version details.

id   integer   

Firmware version ID.

name   string   

Version name.

file_firmware   string   

Firmware file URL.

file_firmware_v2   string   

Firmware v2 file URL.

file_firmware_v3   string   

Firmware v3 file URL.

file_firmware_v4   string   

Firmware v4 file URL.

file_firmware_v5   string   

Firmware v5 file URL.

file_firmware_new_pcb   string   

New PCB firmware file URL.

file_bootloader   string   

Bootloader file URL.

file_bootloader_v2   string   

Bootloader v2 file URL.

file_bootloader_v3   string   

Bootloader v3 file URL.

file_bootloader_v4   string   

Bootloader v4 file URL.

changelog   string   

Changelog file URL.

pcbVersion   object   

PCB version details.

id   integer   

PCB version ID.

name   string   

Version name.

hardware_id   string   

Hardware identifier.

joinedDevices   object[]   

Joined hand devices.

joinedElectrodes   object[]   

Joined electrode devices.

Detach joined devices

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/device/unjoin/1/2" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/device/unjoin/1/2"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "POST",
    headers,
}).then(response => response.json());

Example response (200, OK):


{
    "message": "Devices unjoined",
    "code": "DEVICES:UNJOIN:UNJOINED"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to join devices",
    "code": "DEVICES:UNJOIN:INSUFFICIENT_PERMISSION"
}
 

Example response (403, OK):


{
    "message": "Devices are not joined",
    "code": "DEVICES:UNJOIN:NOT_JOINED"
}
 

Example response (404, Device not found):


{
    "message": "Device not found",
    "code": "DEVICES:UNJOIN:DEVICE_NOT_FOUND"
}
 

Request   

POST api/device/unjoin/{deviceId}/{electrodeId}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

deviceId   integer   

Device ID. Example: 1

electrodeId   integer   

Electrode ID. Example: 2

Create demo patient

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/device/1/dummy-patient" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/device/1/dummy-patient"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "POST",
    headers,
}).then(response => response.json());

Example response (201, OK):


{
    "email": "SERIAL@gmail.com",
    "password": "Demo@123"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to create dummy patient",
    "code": "DEVICES:DUMMY_PATIENT:INSUFFICIENT_PERMISSION"
}
 

Example response (403, Device already has a patient):


{
    "message": "Device already has a patient",
    "code": "DEVICES:DUMMY_PATIENT:PATIENT_EXISTS"
}
 

Example response (404, Device not found):


{
    "message": "Device not found",
    "code": "DEVICES:DUMMY_PATIENT:DEVICE_NOT_FOUND"
}
 

Example response (500, Server error):


{
    "message": "Server error: dummy patient not created",
    "code": "DEVICES:DUMMY_PATIENT:SERVER_ERROR"
}
 

Request   

POST api/device/{id}/dummy-patient

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   integer   

Device ID. Example: 1

Get device internal note

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/device/8/internal-note" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/device/8/internal-note"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


{
    "id": 1,
    "device_id": 17,
    "note": "Sapiente ut ducimus totam temporibus rerum. Corrupti aliquid aut quo quia. Rerum repudiandae saepe aut blanditiis voluptatem. Voluptatem dolorem omnis eos sed inventore incidunt. Laborum deserunt similique perspiciatis quidem qui dignissimos et quibusdam.",
    "created_at": "2026-06-29T13:07:41.000000Z",
    "updated_at": "2026-06-29T13:07:41.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to access internal notes",
    "code": "INTERNAL_NOTE:GET:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Device not found):


{
    "message": "Device not found",
    "code": "INTERNAL_NOTE:GET:DEVICE_NOT_FOUND"
}
 

Request   

GET api/device/{id}/internal-note

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   integer   

The ID of the device. Example: 8

deviceId   integer   

Device ID. Example: 1

Update device internal note

requires authentication

Example request:
curl --request PUT \
    "http://localhost:8000/api/device/1/internal-note" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"note\": \"Device returned from clinic for inspection.\"
}"
const url = new URL(
    "http://localhost:8000/api/device/1/internal-note"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "note": "Device returned from clinic for inspection."
};

fetch(url, {
    method: "PUT",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (202):


{
    "id": 2,
    "device_id": 18,
    "note": "Nulla officia aspernatur dolorem ut et numquam praesentium. Aut rerum similique sed dolor voluptas. Quae voluptas ducimus eius aut quis tempora omnis.",
    "created_at": "2026-06-29T13:07:41.000000Z",
    "updated_at": "2026-06-29T13:07:41.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to access internal notes",
    "code": "INTERNAL_NOTE:UPDATE:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Device not found):


{
    "message": "Device not found",
    "code": "INTERNAL_NOTE:UPDATE:DEVICE_NOT_FOUND"
}
 

Request   

PUT api/device/{id}/internal-note

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   integer   

Device ID. Example: 1

Body Parameters

note   string   

Super Admin only: Internal note for this device. Maximum length: 50 000 characters. MAXIMUM:STRING_LENGTH:50000. Example: Device returned from clinic for inspection.

Documents

API endpoints for documents management

List documents

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/documents?type=web" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/documents"
);

const params = {
    "type": "web",
};
Object.keys(params)
    .forEach(key => url.searchParams.append(key, params[key]));

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


{
    "paginator": {
        "total": 2,
        "count": 2,
        "perpage": 20,
        "current_page": 1,
        "last_page": 1
    },
    "items": [
        {
            "id": 1,
            "name": "Bartender",
            "type": "mobile",
            "created_at": "2026-06-29T13:09:21.000000Z",
            "updated_at": "2026-06-29T13:09:21.000000Z"
        },
        {
            "id": 2,
            "name": "Telecommunications Line Installer",
            "type": "web",
            "created_at": "2026-06-29T13:09:21.000000Z",
            "updated_at": "2026-06-29T13:09:21.000000Z"
        }
    ]
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to manage documents",
    "code": "DOCUMENTS:LIST:INSUFFICIENT_PERMISSION"
}
 

Request   

GET api/documents

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Query Parameters

type   string  optional  

Filter documents by type. Example: web

Must be one of:
  • web
  • mobile
perpage   integer  optional  

Elements per page (Default: 20).

page   integer  optional  

Page number (Default: 1).

Response

Response Fields

items   object   
id   integer   

Document ID.

name   string   

Document name.

type   string   

Document target platform.

Must be one of:
  • web
  • mobile
created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

versions   object[]   

Document versions.

paginator   object   
total   integer   

Total number of items.

count   integer   

Number of items on current page.

perpage   integer   

Items per page.

current_page   integer   

Current page number.

last_page   integer   

Last page number.

Create document

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/documents" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"name\": \"Privacy Policy\",
    \"type\": \"web\"
}"
const url = new URL(
    "http://localhost:8000/api/documents"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "name": "Privacy Policy",
    "type": "web"
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (201):


{
    "id": 3,
    "name": "Athletes and Sports Competitor",
    "type": "web",
    "created_at": "2026-06-29T13:09:21.000000Z",
    "updated_at": "2026-06-29T13:09:21.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to manage documents",
    "code": "DOCUMENTS:CREATE:INSUFFICIENT_PERMISSION"
}
 

Request   

POST api/documents

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Body Parameters

name   string   

Document name. Example: Privacy Policy

type   string   

Document destination. Example: web

Must be one of:
  • web
  • mobile

Response

Response Fields

id   integer   

Document ID.

name   string   

Document name.

type   string   

Document target platform.

Must be one of:
  • web
  • mobile
created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

versions   object[]   

Document versions.

Delete document

requires authentication

Example request:
curl --request DELETE \
    "http://localhost:8000/api/documents/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/documents/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "DELETE",
    headers,
}).then(response => response.json());

Example response (202, OK):


{
    "message": "Document deleted",
    "code": "DOCUMENTS:DELETE:DELETED"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to manage documents",
    "code": "DOCUMENTS:DELETE:INSUFFICIENT_PERMISSION"
}
 

Example response (403, Document has existing versions):


{
    "message": "Cannot delete: document has existing versions (1)",
    "code": "DOCUMENTS:DELETE:HAS_VERSIONS"
}
 

Example response (404, Document not found):


{
    "message": "Document not found",
    "code": "DOCUMENTS:DELETE:DOCUMENT_NOT_FOUND"
}
 

Request   

DELETE api/documents/{documentId}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

documentId   integer   

Document ID. Example: 1

List document versions

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/documents/1/versions" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/documents/1/versions"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


[
    {
        "id": 1,
        "document_id": null,
        "index": 20595714,
        "file": "http://www.prosacco.net/quaerat-ut-cumque-sunt-corporis-eligendi",
        "created_at": "2026-06-29T13:09:21.000000Z",
        "updated_at": "2026-06-29T13:09:21.000000Z"
    },
    {
        "id": 2,
        "document_id": null,
        "index": 2521594,
        "file": "http://www.powlowski.net/dolor-libero-consequuntur-autem-fugit",
        "created_at": "2026-06-29T13:09:21.000000Z",
        "updated_at": "2026-06-29T13:09:21.000000Z"
    }
]
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to manage documents",
    "code": "DOCUMENTS:LIST_VERSIONS:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Document not found):


{
    "message": "Document not found",
    "code": "DOCUMENTS:LIST_VERSIONS:DOCUMENT_NOT_FOUND"
}
 

Request   

GET api/documents/{documentId}/versions

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

documentId   integer   

Document ID. Example: 1

Query Parameters

perpage   integer  optional  

Elements per page (Default: 20).

page   integer  optional  

Page number (Default: 1).

Response

Response Fields

id   integer   

Document version ID.

document_id   integer   

Associated document ID.

index   integer   

Version index number.

file   string   

File path or URL.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

document   object   

Parent document.

Create document version

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/documents/1/versions" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"file\": \"https:\\/\\/www.aetherbiomedical.com\\/privacy-policy\"
}"
const url = new URL(
    "http://localhost:8000/api/documents/1/versions"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "file": "https:\/\/www.aetherbiomedical.com\/privacy-policy"
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (201):


{
    "id": 3,
    "document_id": null,
    "index": 571578776,
    "file": "http://lindgren.biz/sunt-itaque-aliquam-et-ut",
    "created_at": "2026-06-29T13:09:21.000000Z",
    "updated_at": "2026-06-29T13:09:21.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to manage documents",
    "code": "DOCUMENTS:CREATE_VERSION:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Document not found):


{
    "message": "Document not found",
    "code": "DOCUMENTS:CREATE_VERSION:DOCUMENT_NOT_FOUND"
}
 

Request   

POST api/documents/{documentId}/versions

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

documentId   integer   

Document ID. Example: 1

Body Parameters

file   string   

URL to document file. Must be a valid URL. Example: https://www.aetherbiomedical.com/privacy-policy

Response

Response Fields

id   integer   

Document version ID.

document_id   integer   

Associated document ID.

index   integer   

Version index number.

file   string   

File path or URL.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

document   object   

Parent document.

Delete document version

requires authentication

Example request:
curl --request DELETE \
    "http://localhost:8000/api/documents/1/versions/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/documents/1/versions/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "DELETE",
    headers,
}).then(response => response.json());

Example response (202, OK):


{
    "message": "Document version deleted",
    "code": "DOCUMENTS:DELETE_VERSION:DELETED"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to manage documents",
    "code": "DOCUMENTS:DELETE_VERSION:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Document not found):


{
    "message": "Document not found",
    "code": "DOCUMENTS:DELETE_VERSION:DOCUMENT_NOT_FOUND"
}
 

Example response (404, Document version not found):


{
    "message": "Document version not found",
    "code": "DOCUMENTS:DELETE_VERSION:VERSION_NOT_FOUND"
}
 

Request   

DELETE api/documents/{documentId}/versions/{versionId}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

documentId   integer   

Document ID. Example: 1

versionId   integer   

DocumentVersion ID. Example: 1

Get documents status

requires authentication

Any document on the list has to be accepted. Use POST /documents/accept endpoint to mark them as accepted once user agrees to that. Empty list means that user is up-to-date with all required documents and nothing has to be accepted.

Example request:
curl --request GET \
    --get "http://localhost:8000/api/documents/status?type=web" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/documents/status"
);

const params = {
    "type": "web",
};
Object.keys(params)
    .forEach(key => url.searchParams.append(key, params[key]));

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200, OK):


{
    "documents": []
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to view documents status",
    "code": "DOCUMENTS:STATUS:INSUFFICIENT_PERMISSION"
}
 

Request   

GET api/documents/status

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Query Parameters

type   string  optional  

Filter documents by type. Example: web

Must be one of:
  • web
  • mobile

Accept documents

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/documents/accept" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"documents\": [
        1
    ]
}"
const url = new URL(
    "http://localhost:8000/api/documents/accept"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "documents": [
        1
    ]
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (202, OK):


{
    "message": "Accepted 1 document(s)",
    "code": "DOCUMENTS:ACCEPT:ACCEPTED"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to update documents status",
    "code": "DOCUMENTS:ACCEPT:INSUFFICIENT_PERMISSION"
}
 

Request   

POST api/documents/accept

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Body Parameters

documents   integer[]   

Document Version ID. The id of an existing record in the App\Models\DocumentVersion table.

Accept Terms of Service for patients

requires authentication

This endpoint does not save any information to the database. Its purpose is to make sure the patient will be saved in the HubSpot.

Example request:
curl --request POST \
    "http://localhost:8000/api/documents/accept/tos" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/documents/accept/tos"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "POST",
    headers,
}).then(response => response.json());

Example response (202, OK):


{
    "message": "Patients' \"Terms of Service\" accepted",
    "code": "DOCUMENTS:ACCEPT_PATIENT_TOS:ACCEPTED"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to accept patients' \"Terms of Service\"",
    "code": "DOCUMENTS:ACCEPT_PATIENT_TOS:INSUFFICIENT_PERMISSION"
}
 

Request   

POST api/documents/accept/tos

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Feature announcements

Endpoints related to feature announcements

List feature announcements

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/feature-announcements" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/feature-announcements"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


{
    "paginator": {
        "total": 2,
        "count": 2,
        "perpage": 20,
        "current_page": 1,
        "last_page": 1
    },
    "items": [
        {
            "id": 1,
            "name": "FloralWhite",
            "notification_title": "nesciunt-aut.title",
            "notification_body": "nesciunt-aut.body",
            "created_at": "2026-06-29T13:09:58.000000Z",
            "updated_at": "2026-06-29T13:09:58.000000Z"
        },
        {
            "id": 2,
            "name": "LightCoral",
            "notification_title": "est-quisquam-et.title",
            "notification_body": "est-quisquam-et.body",
            "created_at": "2026-06-29T13:09:58.000000Z",
            "updated_at": "2026-06-29T13:09:58.000000Z"
        }
    ]
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to manage feature announcements",
    "code": "FEATURE_ANNOUNCEMENTS:LIST:INSUFFICIENT_PERMISSION"
}
 

Request   

GET api/feature-announcements

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Query Parameters

perpage   integer  optional  

Elements per page (Default: 20).

page   integer  optional  

Page number (Default: 1).

Create feature announcement

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/feature-announcements" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"name\": \"Notification about 1.15 release\",
    \"notification_title\": \"release_1.15.title\",
    \"notification_body\": \"release_1.15.body\"
}"
const url = new URL(
    "http://localhost:8000/api/feature-announcements"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "name": "Notification about 1.15 release",
    "notification_title": "release_1.15.title",
    "notification_body": "release_1.15.body"
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (201):


{
    "id": 3,
    "name": "DarkOrchid",
    "notification_title": "magni-quis-enim.title",
    "notification_body": "magni-quis-enim.body",
    "created_at": "2026-06-29T13:09:58.000000Z",
    "updated_at": "2026-06-29T13:09:58.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to manage feature announcements",
    "code": "FEATURE_ANNOUNCEMENTS:CREATE:INSUFFICIENT_PERMISSION"
}
 

Request   

POST api/feature-announcements

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Body Parameters

name   string   

Notification name. Only for internal usage. Example: Notification about 1.15 release

notification_title   string   

Notification title (Simple Localize key). Please follow the naming: [campaign_name].title in namespace announcements, for example: release_1.15.title. Example: release_1.15.title

notification_body   string   

Notification body (Simple Localize key). Please follow the naming: [campaign_name].body in namespace announcements, for example: release_1.15.body. Example: release_1.15.body

Update feature announcement

requires authentication

Example request:
curl --request PUT \
    "http://localhost:8000/api/feature-announcements/8" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"name\": \"Notification about 1.15 release\",
    \"notification_title\": \"release_1.15.title\",
    \"notification_body\": \"release_1.15.body\"
}"
const url = new URL(
    "http://localhost:8000/api/feature-announcements/8"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "name": "Notification about 1.15 release",
    "notification_title": "release_1.15.title",
    "notification_body": "release_1.15.body"
};

fetch(url, {
    method: "PUT",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (202):


{
    "id": 4,
    "name": "Beige",
    "notification_title": "dolorem-ratione.title",
    "notification_body": "dolorem-ratione.body",
    "created_at": "2026-06-29T13:09:58.000000Z",
    "updated_at": "2026-06-29T13:09:58.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to manage feature announcements",
    "code": "FEATURE_ANNOUNCEMENTS:UPDATE:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Feature announcement not found):


{
    "message": "Feature announcement not found",
    "code": "FEATURE_ANNOUNCEMENTS:UPDATE:NOT_FOUND"
}
 

Request   

PUT api/feature-announcements/{id}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   integer   

The ID of the feature announcement. Example: 8

Body Parameters

name   string  optional  

Notification name. Only for internal usage. Example: Notification about 1.15 release

notification_title   string  optional  

Notification title (Simple Localize key). Please follow the naming: [campaign_name].title in namespace announcements, for example: release_1.15.title. Example: release_1.15.title

notification_body   string  optional  

Notification body (Simple Localize key). Please follow the naming: [campaign_name].body in namespace announcements, for example: release_1.15.body. Example: release_1.15.body

Delete feature announcement

requires authentication

Example request:
curl --request DELETE \
    "http://localhost:8000/api/feature-announcements/13" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/feature-announcements/13"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "DELETE",
    headers,
}).then(response => response.json());

Example response (200, OK):


{
    "message": "Feature announcement deleted",
    "code": "FEATURE_ANNOUNCEMENTS:DELETE:DELETED"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to manage feature announcements",
    "code": "FEATURE_ANNOUNCEMENTS:DELETE:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Feature announcement not found):


{
    "message": "Feature announcement not found",
    "code": "FEATURE_ANNOUNCEMENTS:DELETE:NOT_FOUND"
}
 

Request   

DELETE api/feature-announcements/{id}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   integer   

The ID of the feature announcement. Example: 13

Send feature announcement

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/feature-announcements/19/send" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/feature-announcements/19/send"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "POST",
    headers,
}).then(response => response.json());

Example response (200, OK):


{
    "message": "Feature announcement sent",
    "code": "FEATURE_ANNOUNCEMENTS:SEND:SENT"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to manage feature announcements",
    "code": "FEATURE_ANNOUNCEMENTS:SEND:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Feature announcement not found):


{
    "message": "Feature announcement not found",
    "code": "FEATURE_ANNOUNCEMENTS:SEND:NOT_FOUND"
}
 

Request   

POST api/feature-announcements/{id}/send

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   integer   

The ID of the feature announcement. Example: 19

Feedback

Endpoints related to feedback collecting

Check feedback token

Example request:
curl --request POST \
    "http://localhost:8000/api/feedback/4KJ2YLM0MA64Y6D6FUY2OFY690IICO1OJ2DHR6T68IZNI528H3SKUFJMY0C5DHOA/check" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/feedback/4KJ2YLM0MA64Y6D6FUY2OFY690IICO1OJ2DHR6T68IZNI528H3SKUFJMY0C5DHOA/check"
);

const headers = {
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "POST",
    headers,
}).then(response => response.json());

Example response (200, OK):


{
    "valid": true
}
 

Request   

POST api/feedback/{token}/check

Headers

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

token   string   

Authentication token Example: 4KJ2YLM0MA64Y6D6FUY2OFY690IICO1OJ2DHR6T68IZNI528H3SKUFJMY0C5DHOA

Send feedback with token

Example request:
curl --request POST \
    "http://localhost:8000/api/feedback/4KJ2YLM0MA64Y6D6FUY2OFY690IICO1OJ2DHR6T68IZNI528H3SKUFJMY0C5DHOA" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"type\": \"contextual\",
    \"trigger\": \"remote_session\",
    \"rate\": 5,
    \"description\": \"That was amazing!\",
    \"skipped\": false,
    \"training_day_id\": 1
}"
const url = new URL(
    "http://localhost:8000/api/feedback/4KJ2YLM0MA64Y6D6FUY2OFY690IICO1OJ2DHR6T68IZNI528H3SKUFJMY0C5DHOA"
);

const headers = {
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "type": "contextual",
    "trigger": "remote_session",
    "rate": 5,
    "description": "That was amazing!",
    "skipped": false,
    "training_day_id": 1
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (201):


{
    "id": 1,
    "user_id": 6,
    "type": "contextual",
    "trigger": "async_session",
    "platform": "web",
    "rate": 3,
    "description": "Qui possimus quo ut.",
    "skipped": 1,
    "training_day_id": null,
    "created_at": "2026-06-29T13:07:23.000000Z",
    "updated_at": "2026-06-29T13:07:23.000000Z"
}
 

Example response (403, Invalid token):


{
    "message": "Invalid token",
    "code": "FEEDBACK:SEND_WITH_TOKEN:INVALID_TOKEN"
}
 

Request   

POST api/feedback/{token}

Headers

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

token   string   

Authentication token Example: 4KJ2YLM0MA64Y6D6FUY2OFY690IICO1OJ2DHR6T68IZNI528H3SKUFJMY0C5DHOA

Body Parameters

type   string   

Type of feedback. Example: contextual

Must be one of:
  • contextual
  • periodic
trigger   string  optional  

Feedback trigger. This field is required when type is contextual. Example: remote_session

Must be one of:
  • remote_session
  • local_session
  • async_session
  • patient_create
  • clinician_invite
  • firmware_update
  • new_config
  • grip_change
  • training_failed
  • training_success
rate   integer  optional  

User's rating. MINIMUM:NUMBER:0 MAXIMUM:NUMBER:5. Example: 5

description   string  optional  

User's description. Example: That was amazing!

skipped   boolean  optional  

Feedback skipped by the user. Example: false

training_day_id   integer  optional  

Training day ID (for training feedback only). The id of an existing record in the App\Models\TrainingDay table. Example: 1

Response

Response Fields

id   integer   

Feedback ID.

user_id   integer   

User who submitted the feedback.

type   string   

Feedback type.

trigger   string   

What triggered the feedback.

platform   string   

Platform the feedback was submitted from.

rate   integer   

Feedback rating.

description   string   

Feedback description.

skipped   boolean   

Whether the feedback was skipped.

training_day_id   integer   

Associated training day ID.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

Get feedback status

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/feedback/status" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/feedback/status"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200, OK):


{
    "remote_session": true,
    "firmware_update": true,
    "local_session": true,
    "async_session": true,
    "patient_create": false,
    "clinician_invite": true
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to check feedback status",
    "code": "FEEDBACK:STATUS:INSUFFICIENT_PERMISSION"
}
 

Request   

GET api/feedback/status

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Send feedback

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/feedback" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"type\": \"contextual\",
    \"trigger\": \"remote_session\",
    \"platform\": \"web\",
    \"rate\": 5,
    \"description\": \"That was amazing!\",
    \"skipped\": false,
    \"training_day_id\": 1
}"
const url = new URL(
    "http://localhost:8000/api/feedback"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "type": "contextual",
    "trigger": "remote_session",
    "platform": "web",
    "rate": 5,
    "description": "That was amazing!",
    "skipped": false,
    "training_day_id": 1
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (201):


{
    "id": 2,
    "user_id": 310,
    "type": "contextual",
    "trigger": "async_session",
    "platform": "mobile",
    "rate": 4,
    "description": "Libero sed qui et impedit molestiae est.",
    "skipped": 0,
    "training_day_id": null,
    "created_at": "2026-06-29T13:09:49.000000Z",
    "updated_at": "2026-06-29T13:09:49.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to send feedback",
    "code": "FEEDBACK:SEND:INSUFFICIENT_PERMISSION"
}
 

Request   

POST api/feedback

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Body Parameters

type   string   

Type of feedback. Example: contextual

Must be one of:
  • contextual
  • on_demand
  • periodic
  • training
trigger   string  optional  

Feedback trigger. Example: remote_session

Must be one of:
  • remote_session
  • local_session
  • async_session
  • patient_create
  • clinician_invite
  • firmware_update
  • new_config
  • grip_change
  • training_failed
  • training_success
platform   string   

Feedback platform. Example: web

Must be one of:
  • web
  • mobile
rate   integer  optional  

User's rating. MINIMUM:NUMBER:0 MAXIMUM:NUMBER:5. Example: 5

description   string  optional  

User's description. Example: That was amazing!

skipped   boolean  optional  

Feedback skipped by the user. Example: false

training_day_id   integer  optional  

Training day ID (for training feedback only). The id of an existing record in the App\Models\TrainingDay table. Example: 1

Response

Response Fields

id   integer   

Feedback ID.

user_id   integer   

User who submitted the feedback.

type   string   

Feedback type.

trigger   string   

What triggered the feedback.

platform   string   

Platform the feedback was submitted from.

rate   integer   

Feedback rating.

description   string   

Feedback description.

skipped   boolean   

Whether the feedback was skipped.

training_day_id   integer   

Associated training day ID.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

Schedule feedback notification

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/feedback/schedule" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"trigger\": \"remote_session\"
}"
const url = new URL(
    "http://localhost:8000/api/feedback/schedule"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "trigger": "remote_session"
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (200, OK):


{
    "scheduled_at": "2026-04-13 12:00:00"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to schedule feedback notification",
    "code": "FEEDBACK:SCHEDULE:INSUFFICIENT_PERMISSION"
}
 

Example response (403, Feedback with this trigger was already scheduled today):


{
    "message": "Feedback with this trigger was already scheduled today",
    "code": "FEEDBACK:SCHEDULE:ALREADY_SCHEDULED"
}
 

Request   

POST api/feedback/schedule

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Body Parameters

trigger   string   

Feedback trigger. Example: remote_session

Must be one of:
  • remote_session
  • local_session
  • async_session
  • patient_create
  • clinician_invite
  • firmware_update
  • new_config
  • grip_change
  • training_failed
  • training_success

List feedback

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/feedback" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/feedback"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (201):


{
    "paginator": {
        "total": 2,
        "count": 2,
        "perpage": 25,
        "current_page": 1,
        "last_page": 1
    },
    "items": [
        {
            "id": 3,
            "user_id": 311,
            "type": "on_demand",
            "trigger": "firmware_update",
            "platform": "web",
            "rate": 5,
            "description": "Eos quisquam qui labore accusamus autem exercitationem nisi.",
            "skipped": 0,
            "training_day_id": null,
            "created_at": "2026-06-29T13:09:50.000000Z",
            "updated_at": "2026-06-29T13:09:50.000000Z"
        },
        {
            "id": 4,
            "user_id": 312,
            "type": "contextual",
            "trigger": "clinician_invite",
            "platform": "mobile",
            "rate": 5,
            "description": "Sit omnis explicabo asperiores placeat numquam exercitationem.",
            "skipped": 1,
            "training_day_id": null,
            "created_at": "2026-06-29T13:09:50.000000Z",
            "updated_at": "2026-06-29T13:09:50.000000Z"
        }
    ]
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to list feedback",
    "code": "FEEDBACK:LIST:INSUFFICIENT_PERMISSION"
}
 

Request   

GET api/feedback

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Query Parameters

perpage   integer  optional  

Elements per page (Default: 20).

page   integer  optional  

Page number (Default: 1).

sortby   string  optional  

Sort by field (available: date). Default: date, desc.

sortdir   string  optional  

Sort direction (available: asc, desc).

Response

Response Fields

items   object   
id   integer   

Feedback ID.

user_id   integer   

User who submitted the feedback.

type   string   

Feedback type.

trigger   string   

What triggered the feedback.

platform   string   

Platform the feedback was submitted from.

rate   integer   

Feedback rating.

description   string   

Feedback description.

skipped   boolean   

Whether the feedback was skipped.

training_day_id   integer   

Associated training day ID.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

paginator   object   
total   integer   

Total number of items.

count   integer   

Number of items on current page.

perpage   integer   

Items per page.

current_page   integer   

Current page number.

last_page   integer   

Last page number.

Export feedback to CSV

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/feedback/csv" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/feedback/csv"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200, CSV file):


{
    "file": "https://staging-us-east-2-aether-biomedical-s3-us-bucket.s3.us-east-2.amazonaws.com/feedback/feedback-1759228216.csv",
    "expires": "2025-09-30 10:40:00"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to export feedback",
    "code": "FEEDBACK:EXPORT_CSV:INSUFFICIENT_PERMISSION"
}
 

Request   

GET api/feedback/csv

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Get feedback cooldowns

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/feedback/cooldowns" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/feedback/cooldowns"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200, OK):


{
    "remote_session": 1,
    "local_session": 1,
    "async_session": 1,
    "patient_create": 1,
    "clinician_invite": 1,
    "firmware_update": 1,
    "new_config": 1,
    "grip_change": 1
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to manage feedback cooldowns",
    "code": "FEEDBACK:GET_COOLDOWNS:INSUFFICIENT_PERMISSION"
}
 

Request   

GET api/feedback/cooldowns

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Update feedback cooldowns

requires authentication

Example request:
curl --request PUT \
    "http://localhost:8000/api/feedback/cooldowns" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"remote_session\": 1,
    \"local_session\": 1,
    \"async_session\": 1,
    \"patient_create\": 1,
    \"clinician_invite\": 1,
    \"firmware_update\": 1,
    \"new_config\": 1,
    \"grip_change\": 1
}"
const url = new URL(
    "http://localhost:8000/api/feedback/cooldowns"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "remote_session": 1,
    "local_session": 1,
    "async_session": 1,
    "patient_create": 1,
    "clinician_invite": 1,
    "firmware_update": 1,
    "new_config": 1,
    "grip_change": 1
};

fetch(url, {
    method: "PUT",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (200, OK):


{
    "remote_session": 1,
    "local_session": 1,
    "async_session": 1,
    "patient_create": 1,
    "clinician_invite": 1,
    "firmware_update": 1,
    "new_config": 1,
    "grip_change": 1
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to manage feedback cooldowns",
    "code": "FEEDBACK:UPDATE_COOLDOWNS:INSUFFICIENT_PERMISSION"
}
 

Request   

PUT api/feedback/cooldowns

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Body Parameters

remote_session   integer  optional  

Cooldown for remote session trigger. MINIMUM:NUMBER:1. Example: 1

local_session   integer  optional  

Cooldown for local session trigger. MINIMUM:NUMBER:1. Example: 1

async_session   integer  optional  

Cooldown for async session trigger. MINIMUM:NUMBER:1. Example: 1

patient_create   integer  optional  

Cooldown for patient create trigger. MINIMUM:NUMBER:1. Example: 1

clinician_invite   integer  optional  

Cooldown for clinician invite trigger. MINIMUM:NUMBER:1. Example: 1

firmware_update   integer  optional  

Cooldown for firmware update trigger. MINIMUM:NUMBER:1. Example: 1

new_config   integer  optional  

Cooldown for new config trigger. MINIMUM:NUMBER:1. Example: 1

grip_change   integer  optional  

Cooldown for grip change trigger. MINIMUM:NUMBER:1. Example: 1

Get feedback enabled

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/feedback/enabled" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/feedback/enabled"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200, OK):


{
    "remote_session": true,
    "local_session": true,
    "async_session": true,
    "patient_create": true,
    "clinician_invite": true,
    "firmware_update": true,
    "new_config": true,
    "grip_change": true
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to manage feedback cooldowns",
    "code": "FEEDBACK:GET_ENABLED:INSUFFICIENT_PERMISSION"
}
 

Request   

GET api/feedback/enabled

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Set feedback enabled

requires authentication

Example request:
curl --request PUT \
    "http://localhost:8000/api/feedback/enabled" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"remote_session\": false,
    \"local_session\": false,
    \"async_session\": false,
    \"patient_create\": false,
    \"clinician_invite\": false,
    \"firmware_update\": false,
    \"new_config\": false,
    \"grip_change\": false
}"
const url = new URL(
    "http://localhost:8000/api/feedback/enabled"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "remote_session": false,
    "local_session": false,
    "async_session": false,
    "patient_create": false,
    "clinician_invite": false,
    "firmware_update": false,
    "new_config": false,
    "grip_change": false
};

fetch(url, {
    method: "PUT",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (200, OK):


{
    "remote_session": true,
    "local_session": true,
    "async_session": true,
    "patient_create": true,
    "clinician_invite": true,
    "firmware_update": true,
    "new_config": true,
    "grip_change": true
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to manage feedback cooldowns",
    "code": "FEEDBACK:SET_ENABLED:INSUFFICIENT_PERMISSION"
}
 

Request   

PUT api/feedback/enabled

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Body Parameters

remote_session   boolean  optional  

Enabled state for remote session trigger. Example: false

local_session   boolean  optional  

Enabled state for local session trigger. Example: false

async_session   boolean  optional  

Enabled state for async session trigger. Example: false

patient_create   boolean  optional  

Enabled state for patient create trigger. Example: false

clinician_invite   boolean  optional  

Enabled state for clinician invite trigger. Example: false

firmware_update   boolean  optional  

Enabled state for firmware update trigger. Example: false

new_config   boolean  optional  

Enabled state for new config trigger. Example: false

grip_change   boolean  optional  

Enabled state for grip change trigger. Example: false

Feedback statistics

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/feedback/statistics" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/feedback/statistics"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200, OK):


{
    "submitted": 100,
    "skipped": 150,
    "total": 250,
    "average_rating": 4.76
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to view feedback statistics",
    "code": "FEEDBACK:STATISTICS:INSUFFICIENT_PERMISSION"
}
 

Request   

GET api/feedback/statistics

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Finger Calibrations

API endpoints for managing finger calibration results

Get finger calibration

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/device/1/finger-calibration" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/device/1/finger-calibration"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


{
    "paginator": {
        "total": 2,
        "count": 2,
        "perpage": 20,
        "current_page": 1,
        "last_page": 1
    },
    "items": [
        {
            "id": 1,
            "device_id": 14,
            "result": "dolores",
            "created_at": "2026-06-29T13:07:41.000000Z",
            "updated_at": "2026-06-29T13:07:41.000000Z"
        },
        {
            "id": 2,
            "device_id": 15,
            "result": "corrupti",
            "created_at": "2026-06-29T13:07:41.000000Z",
            "updated_at": "2026-06-29T13:07:41.000000Z"
        }
    ]
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to view finger calibration data",
    "code": "FINGER_CALIBRATION:VIEW:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Device not found):


{
    "message": "Device not found",
    "code": "FINGER_CALIBRATION:VIEW:DEVICE_NOT_FOUND"
}
 

Request   

GET api/device/{id}/finger-calibration

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   integer   

Device ID. Example: 1

Store finger calibration

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/device/1/finger-calibration" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"result\": \"test\"
}"
const url = new URL(
    "http://localhost:8000/api/device/1/finger-calibration"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "result": "test"
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (201):


{
    "id": 3,
    "device_id": 16,
    "result": "voluptas",
    "created_at": "2026-06-29T13:07:41.000000Z",
    "updated_at": "2026-06-29T13:07:41.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to create finger calibration",
    "code": "FINGER_CALIBRATION:CREATE:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Device not found):


{
    "message": "Device not found",
    "code": "FINGER_CALIBRATION:CREATE:DEVICE_NOT_FOUND"
}
 

Request   

POST api/device/{id}/finger-calibration

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   integer   

Device ID. Example: 1

Body Parameters

result   string   

Calibration result. Example: test

GeoData

API endpoints for geodata

Get supported timezones list

Example request:
curl --request GET \
    --get "http://localhost:8000/api/timezones" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/timezones"
);

const headers = {
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200, OK):


[
    "Africa/Abidjan",
    "Africa/Accra",
    "Africa/Addis_Ababa",
    "Africa/Algiers",
    "Africa/Asmara",
    "Africa/Bamako",
    "Africa/Bangui",
    "Africa/Banjul",
    "Africa/Bissau",
    "Africa/Blantyre",
    "Africa/Brazzaville",
    "Africa/Bujumbura",
    "Africa/Cairo",
    "Africa/Casablanca",
    "Africa/Ceuta",
    "Africa/Conakry",
    "Africa/Dakar",
    "Africa/Dar_es_Salaam",
    "Africa/Djibouti",
    "Africa/Douala",
    "Africa/El_Aaiun",
    "Africa/Freetown",
    "Africa/Gaborone",
    "Africa/Harare",
    "Africa/Johannesburg",
    "Africa/Juba",
    "Africa/Kampala",
    "Africa/Khartoum",
    "Africa/Kigali",
    "Africa/Kinshasa",
    "Africa/Lagos",
    "Africa/Libreville",
    "Africa/Lome",
    "Africa/Luanda",
    "Africa/Lubumbashi",
    "Africa/Lusaka",
    "Africa/Malabo",
    "Africa/Maputo",
    "Africa/Maseru",
    "Africa/Mbabane",
    "Africa/Mogadishu",
    "Africa/Monrovia",
    "Africa/Nairobi",
    "Africa/Ndjamena",
    "Africa/Niamey",
    "Africa/Nouakchott",
    "Africa/Ouagadougou",
    "Africa/Porto-Novo",
    "Africa/Sao_Tome",
    "Africa/Tripoli",
    "Africa/Tunis",
    "Africa/Windhoek",
    "America/Adak",
    "America/Anchorage",
    "America/Anguilla",
    "America/Antigua",
    "America/Araguaina",
    "America/Argentina/Buenos_Aires",
    "America/Argentina/Catamarca",
    "America/Argentina/Cordoba",
    "America/Argentina/Jujuy",
    "America/Argentina/La_Rioja",
    "America/Argentina/Mendoza",
    "America/Argentina/Rio_Gallegos",
    "America/Argentina/Salta",
    "America/Argentina/San_Juan",
    "America/Argentina/San_Luis",
    "America/Argentina/Tucuman",
    "America/Argentina/Ushuaia",
    "America/Aruba",
    "America/Asuncion",
    "America/Atikokan",
    "America/Bahia",
    "America/Bahia_Banderas",
    "America/Barbados",
    "America/Belem",
    "America/Belize",
    "America/Blanc-Sablon",
    "America/Boa_Vista",
    "America/Bogota",
    "America/Boise",
    "America/Cambridge_Bay",
    "America/Campo_Grande",
    "America/Cancun",
    "America/Caracas",
    "America/Cayenne",
    "America/Cayman",
    "America/Chicago",
    "America/Chihuahua",
    "America/Costa_Rica",
    "America/Creston",
    "America/Cuiaba",
    "America/Curacao",
    "America/Danmarkshavn",
    "America/Dawson",
    "America/Dawson_Creek",
    "America/Denver",
    "America/Detroit",
    "America/Dominica",
    "America/Edmonton",
    "America/Eirunepe",
    "America/El_Salvador",
    "America/Fort_Nelson",
    "America/Fortaleza",
    "America/Glace_Bay",
    "America/Goose_Bay",
    "America/Grand_Turk",
    "America/Grenada",
    "America/Guadeloupe",
    "America/Guatemala",
    "America/Guayaquil",
    "America/Guyana",
    "America/Halifax",
    "America/Havana",
    "America/Hermosillo",
    "America/Indiana/Indianapolis",
    "America/Indiana/Knox",
    "America/Indiana/Marengo",
    "America/Indiana/Petersburg",
    "America/Indiana/Tell_City",
    "America/Indiana/Vevay",
    "America/Indiana/Vincennes",
    "America/Indiana/Winamac",
    "America/Inuvik",
    "America/Iqaluit",
    "America/Jamaica",
    "America/Juneau",
    "America/Kentucky/Louisville",
    "America/Kentucky/Monticello",
    "America/Kralendijk",
    "America/La_Paz",
    "America/Lima",
    "America/Los_Angeles",
    "America/Lower_Princes",
    "America/Maceio",
    "America/Managua",
    "America/Manaus",
    "America/Marigot",
    "America/Martinique",
    "America/Matamoros",
    "America/Mazatlan",
    "America/Menominee",
    "America/Merida",
    "America/Metlakatla",
    "America/Mexico_City",
    "America/Miquelon",
    "America/Moncton",
    "America/Monterrey",
    "America/Montevideo",
    "America/Montserrat",
    "America/Nassau",
    "America/New_York",
    "America/Nipigon",
    "America/Nome",
    "America/Noronha",
    "America/North_Dakota/Beulah",
    "America/North_Dakota/Center",
    "America/North_Dakota/New_Salem",
    "America/Nuuk",
    "America/Ojinaga",
    "America/Panama",
    "America/Pangnirtung",
    "America/Paramaribo",
    "America/Phoenix",
    "America/Port-au-Prince",
    "America/Port_of_Spain",
    "America/Porto_Velho",
    "America/Puerto_Rico",
    "America/Punta_Arenas",
    "America/Rainy_River",
    "America/Rankin_Inlet",
    "America/Recife",
    "America/Regina",
    "America/Resolute",
    "America/Rio_Branco",
    "America/Santarem",
    "America/Santiago",
    "America/Santo_Domingo",
    "America/Sao_Paulo",
    "America/Scoresbysund",
    "America/Sitka",
    "America/St_Barthelemy",
    "America/St_Johns",
    "America/St_Kitts",
    "America/St_Lucia",
    "America/St_Thomas",
    "America/St_Vincent",
    "America/Swift_Current",
    "America/Tegucigalpa",
    "America/Thule",
    "America/Thunder_Bay",
    "America/Tijuana",
    "America/Toronto",
    "America/Tortola",
    "America/Vancouver",
    "America/Whitehorse",
    "America/Winnipeg",
    "America/Yakutat",
    "America/Yellowknife",
    "Antarctica/Casey",
    "Antarctica/Davis",
    "Antarctica/DumontDUrville",
    "Antarctica/Macquarie",
    "Antarctica/Mawson",
    "Antarctica/McMurdo",
    "Antarctica/Palmer",
    "Antarctica/Rothera",
    "Antarctica/Syowa",
    "Antarctica/Troll",
    "Antarctica/Vostok",
    "Arctic/Longyearbyen",
    "Asia/Aden",
    "Asia/Almaty",
    "Asia/Amman",
    "Asia/Anadyr",
    "Asia/Aqtau",
    "Asia/Aqtobe",
    "Asia/Ashgabat",
    "Asia/Atyrau",
    "Asia/Baghdad",
    "Asia/Bahrain",
    "Asia/Baku",
    "Asia/Bangkok",
    "Asia/Barnaul",
    "Asia/Beirut",
    "Asia/Bishkek",
    "Asia/Brunei",
    "Asia/Chita",
    "Asia/Choibalsan",
    "Asia/Colombo",
    "Asia/Damascus",
    "Asia/Dhaka",
    "Asia/Dili",
    "Asia/Dubai",
    "Asia/Dushanbe",
    "Asia/Famagusta",
    "Asia/Gaza",
    "Asia/Hebron",
    "Asia/Ho_Chi_Minh",
    "Asia/Hong_Kong",
    "Asia/Hovd",
    "Asia/Irkutsk",
    "Asia/Jakarta",
    "Asia/Jayapura",
    "Asia/Jerusalem",
    "Asia/Kabul",
    "Asia/Kamchatka",
    "Asia/Karachi",
    "Asia/Kathmandu",
    "Asia/Khandyga",
    "Asia/Kolkata",
    "Asia/Krasnoyarsk",
    "Asia/Kuala_Lumpur",
    "Asia/Kuching",
    "Asia/Kuwait",
    "Asia/Macau",
    "Asia/Magadan",
    "Asia/Makassar",
    "Asia/Manila",
    "Asia/Muscat",
    "Asia/Nicosia",
    "Asia/Novokuznetsk",
    "Asia/Novosibirsk",
    "Asia/Omsk",
    "Asia/Oral",
    "Asia/Phnom_Penh",
    "Asia/Pontianak",
    "Asia/Pyongyang",
    "Asia/Qatar",
    "Asia/Qostanay",
    "Asia/Qyzylorda",
    "Asia/Riyadh",
    "Asia/Sakhalin",
    "Asia/Samarkand",
    "Asia/Seoul",
    "Asia/Shanghai",
    "Asia/Singapore",
    "Asia/Srednekolymsk",
    "Asia/Taipei",
    "Asia/Tashkent",
    "Asia/Tbilisi",
    "Asia/Tehran",
    "Asia/Thimphu",
    "Asia/Tokyo",
    "Asia/Tomsk",
    "Asia/Ulaanbaatar",
    "Asia/Urumqi",
    "Asia/Ust-Nera",
    "Asia/Vientiane",
    "Asia/Vladivostok",
    "Asia/Yakutsk",
    "Asia/Yangon",
    "Asia/Yekaterinburg",
    "Asia/Yerevan",
    "Atlantic/Azores",
    "Atlantic/Bermuda",
    "Atlantic/Canary",
    "Atlantic/Cape_Verde",
    "Atlantic/Faroe",
    "Atlantic/Madeira",
    "Atlantic/Reykjavik",
    "Atlantic/South_Georgia",
    "Atlantic/St_Helena",
    "Atlantic/Stanley",
    "Australia/Adelaide",
    "Australia/Brisbane",
    "Australia/Broken_Hill",
    "Australia/Darwin",
    "Australia/Eucla",
    "Australia/Hobart",
    "Australia/Lindeman",
    "Australia/Lord_Howe",
    "Australia/Melbourne",
    "Australia/Perth",
    "Australia/Sydney",
    "Europe/Amsterdam",
    "Europe/Andorra",
    "Europe/Astrakhan",
    "Europe/Athens",
    "Europe/Belgrade",
    "Europe/Berlin",
    "Europe/Bratislava",
    "Europe/Brussels",
    "Europe/Bucharest",
    "Europe/Budapest",
    "Europe/Busingen",
    "Europe/Chisinau",
    "Europe/Copenhagen",
    "Europe/Dublin",
    "Europe/Gibraltar",
    "Europe/Guernsey",
    "Europe/Helsinki",
    "Europe/Isle_of_Man",
    "Europe/Istanbul",
    "Europe/Jersey",
    "Europe/Kaliningrad",
    "Europe/Kiev",
    "Europe/Kirov",
    "Europe/Lisbon",
    "Europe/Ljubljana",
    "Europe/London",
    "Europe/Luxembourg",
    "Europe/Madrid",
    "Europe/Malta",
    "Europe/Mariehamn",
    "Europe/Minsk",
    "Europe/Monaco",
    "Europe/Moscow",
    "Europe/Oslo",
    "Europe/Paris",
    "Europe/Podgorica",
    "Europe/Prague",
    "Europe/Riga",
    "Europe/Rome",
    "Europe/Samara",
    "Europe/San_Marino",
    "Europe/Sarajevo",
    "Europe/Saratov",
    "Europe/Simferopol",
    "Europe/Skopje",
    "Europe/Sofia",
    "Europe/Stockholm",
    "Europe/Tallinn",
    "Europe/Tirane",
    "Europe/Ulyanovsk",
    "Europe/Uzhgorod",
    "Europe/Vaduz",
    "Europe/Vatican",
    "Europe/Vienna",
    "Europe/Vilnius",
    "Europe/Volgograd",
    "Europe/Warsaw",
    "Europe/Zagreb",
    "Europe/Zaporozhye",
    "Europe/Zurich",
    "Indian/Antananarivo",
    "Indian/Chagos",
    "Indian/Christmas",
    "Indian/Cocos",
    "Indian/Comoro",
    "Indian/Kerguelen",
    "Indian/Mahe",
    "Indian/Maldives",
    "Indian/Mauritius",
    "Indian/Mayotte",
    "Indian/Reunion",
    "Pacific/Apia",
    "Pacific/Auckland",
    "Pacific/Bougainville",
    "Pacific/Chatham",
    "Pacific/Chuuk",
    "Pacific/Easter",
    "Pacific/Efate",
    "Pacific/Fakaofo",
    "Pacific/Fiji",
    "Pacific/Funafuti",
    "Pacific/Galapagos",
    "Pacific/Gambier",
    "Pacific/Guadalcanal",
    "Pacific/Guam",
    "Pacific/Honolulu",
    "Pacific/Kanton",
    "Pacific/Kiritimati",
    "Pacific/Kosrae",
    "Pacific/Kwajalein",
    "Pacific/Majuro",
    "Pacific/Marquesas",
    "Pacific/Midway",
    "Pacific/Nauru",
    "Pacific/Niue",
    "Pacific/Norfolk",
    "Pacific/Noumea",
    "Pacific/Pago_Pago",
    "Pacific/Palau",
    "Pacific/Pitcairn",
    "Pacific/Pohnpei",
    "Pacific/Port_Moresby",
    "Pacific/Rarotonga",
    "Pacific/Saipan",
    "Pacific/Tahiti",
    "Pacific/Tarawa",
    "Pacific/Tongatapu",
    "Pacific/Wake",
    "Pacific/Wallis",
    "UTC"
]
 

Request   

GET api/timezones

Headers

Content-Type      

Example: application/json

Accept      

Example: application/json

Goals

API endpoints for goals

The goals module consists of:

List grips

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/grips?model=1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/grips"
);

const params = {
    "model": "1",
};
Object.keys(params)
    .forEach(key => url.searchParams.append(key, params[key]));

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


[
    {
        "id": 1,
        "number": 2068,
        "name": "repellat grip",
        "description": null,
        "opposed": 0,
        "created_at": "2026-06-29T13:09:21.000000Z",
        "updated_at": "2026-06-29T13:09:21.000000Z"
    },
    {
        "id": 2,
        "number": 8065,
        "name": "modi grip",
        "description": null,
        "opposed": 0,
        "created_at": "2026-06-29T13:09:21.000000Z",
        "updated_at": "2026-06-29T13:09:21.000000Z"
    }
]
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to view grips",
    "code": "GOALS:LIST_GRIPS:INSUFFICIENT_PERMISSION"
}
 

Request   

GET api/grips

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Query Parameters

model   integer  optional  

Device Model ID. Use this parameter to receive the correct grip images in the image field. When not present, all images will be listed in images array. Example: 1

Response

Response Fields

id   integer   

Grip ID.

number   integer   

Grip number identifier.

name   string   

Grip name.

description   string   

Grip description.

opposed   boolean   

Whether the grip is opposed.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

List exercises

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/exercises" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/exercises"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


{
    "paginator": {
        "total": 2,
        "count": 2,
        "perpage": 20,
        "current_page": 1,
        "last_page": 1
    },
    "items": [
        {
            "id": 1,
            "name": "exercises.Boyer Mountain",
            "description": "exercises.Officiis rerum dolor sunt saepe molestiae maxime voluptatem facilis.",
            "icon": "😒",
            "created_at": "2026-06-29T13:09:23.000000Z",
            "updated_at": "2026-06-29T13:09:23.000000Z"
        },
        {
            "id": 2,
            "name": "exercises.Daisha Parkway",
            "description": "exercises.Odit ut sed dolor voluptatibus officiis rem.",
            "icon": "😔",
            "created_at": "2026-06-29T13:09:23.000000Z",
            "updated_at": "2026-06-29T13:09:23.000000Z"
        }
    ]
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to view exercises",
    "code": "GOALS:LIST_EXERCISES:INSUFFICIENT_PERMISSION"
}
 

Request   

GET api/exercises

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Response

Response Fields

items   object   
id   integer   

Exercise ID.

name   string   

Exercise name.

description   string   

Exercise description.

icon   string   

Exercise icon identifier.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

paginator   object   
total   integer   

Total number of items.

count   integer   

Number of items on current page.

perpage   integer   

Items per page.

current_page   integer   

Current page number.

last_page   integer   

Last page number.

Create exercise

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/exercises" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"name\": \"Water plants\",
    \"description\": \"Use Tripod Close Grip and water your plants\",
    \"icon\": \"🪴\"
}"
const url = new URL(
    "http://localhost:8000/api/exercises"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "name": "Water plants",
    "description": "Use Tripod Close Grip and water your plants",
    "icon": "🪴"
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (201):


{
    "id": 3,
    "name": "exercises.Keegan Port",
    "description": "exercises.Porro soluta velit aliquid et.",
    "icon": "😲",
    "created_at": "2026-06-29T13:09:23.000000Z",
    "updated_at": "2026-06-29T13:09:23.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to manage exercises",
    "code": "GOALS:CREATE_EXERCISE:INSUFFICIENT_PERMISSION"
}
 

Request   

POST api/exercises

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Body Parameters

name   string   

Exercise name. Example: Water plants

description   string   

Exercise description. Example: Use Tripod Close Grip and water your plants

icon   string   

Emoji icon. Example: 🪴

Response

Response Fields

id   integer   

Exercise ID.

name   string   

Exercise name.

description   string   

Exercise description.

icon   string   

Exercise icon identifier.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

Update exercise

requires authentication

Example request:
curl --request PUT \
    "http://localhost:8000/api/exercises/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"name\": \"Water plants\",
    \"description\": \"Use Tripod Close Grip and water your plants\",
    \"icon\": \"🪴\"
}"
const url = new URL(
    "http://localhost:8000/api/exercises/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "name": "Water plants",
    "description": "Use Tripod Close Grip and water your plants",
    "icon": "🪴"
};

fetch(url, {
    method: "PUT",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (202):


{
    "id": 4,
    "name": "exercises.Susie Pike",
    "description": "exercises.Sed nostrum et neque aspernatur.",
    "icon": "😬",
    "created_at": "2026-06-29T13:09:23.000000Z",
    "updated_at": "2026-06-29T13:09:23.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to manage exercises",
    "code": "GOALS:UPDATE_EXERCISE:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Exercise not found):


{
    "message": "Exercise not found",
    "code": "GOALS:UPDATE_EXERCISE:EXERCISE_NOT_FOUND"
}
 

Request   

PUT api/exercises/{exerciseId}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

exerciseId   integer   

Exercise ID. Example: 1

Body Parameters

name   string  optional  

Exercise name. Example: Water plants

description   string  optional  

Exercise description. Example: Use Tripod Close Grip and water your plants

icon   string  optional  

Emoji icon. Example: 🪴

Response

Response Fields

id   integer   

Exercise ID.

name   string   

Exercise name.

description   string   

Exercise description.

icon   string   

Exercise icon identifier.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

Delete exercise

requires authentication

Example request:
curl --request DELETE \
    "http://localhost:8000/api/exercises/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/exercises/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "DELETE",
    headers,
}).then(response => response.json());

Example response (202, OK):


{
    "message": "Exercise deleted",
    "code": "GOALS:DELETE_EXERCISE:DELETED"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to manage exercises",
    "code": "GOALS:DELETE_EXERCISE:INSUFFICIENT_PERMISSION"
}
 

Example response (403, Exercise is used in goals):


{
    "message": "Cannot delete: exercise is used in goals (1)",
    "code": "GOALS:DELETE_EXERCISE:HAS_GOALS"
}
 

Example response (404, Exercise not found):


{
    "message": "Exercise not found",
    "code": "GOALS:DELETE_EXERCISE:EXERCISE_NOT_FOUND"
}
 

Request   

DELETE api/exercises/{exerciseId}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

exerciseId   integer   

Exercise ID. Example: 1

List user goals

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/user/1/goals?active=1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/user/1/goals"
);

const params = {
    "active": "1",
};
Object.keys(params)
    .forEach(key => url.searchParams.append(key, params[key]));

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


{
    "paginator": {
        "total": 2,
        "count": 2,
        "perpage": 20,
        "current_page": 1,
        "last_page": 1
    },
    "items": [
        {
            "id": 1,
            "amputee_id": 262,
            "clinician_id": 263,
            "start_date": "2009-03-28",
            "end_date": "2004-11-06",
            "active": 1,
            "created_at": "2026-06-29T13:09:24.000000Z",
            "updated_at": "2026-06-29T13:09:24.000000Z"
        },
        {
            "id": 2,
            "amputee_id": 264,
            "clinician_id": 265,
            "start_date": "1993-07-22",
            "end_date": "2016-12-30",
            "active": 1,
            "created_at": "2026-06-29T13:09:25.000000Z",
            "updated_at": "2026-06-29T13:09:25.000000Z"
        }
    ]
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to view user goals",
    "code": "GOALS:LIST_GOALS:INSUFFICIENT_PERMISSION"
}
 

Example response (404, User not found):


{
    "message": "User not found",
    "code": "GOALS:LIST_GOALS:USER_NOT_FOUND"
}
 

Request   

GET api/user/{userId}/goals

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

userId   integer   

User ID. Example: 1

Query Parameters

active   boolean  optional  

Goal active status. Example: 1

sortby   string  optional  

Sort by field (available: start_date). Default: start_date, desc.

sortdir   string  optional  

Sort direction (available: asc, desc).

Response

Response Fields

items   object   
id   integer   

Goal ID.

amputee_id   integer   

Patient (amputee) user ID.

clinician_id   integer   

Clinician user ID.

start_date   string   

Goal start date.

end_date   string   

Goal end date.

active   boolean   

Whether the goal is active.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

paginator   object   
total   integer   

Total number of items.

count   integer   

Number of items on current page.

perpage   integer   

Items per page.

current_page   integer   

Current page number.

last_page   integer   

Last page number.

Create user goal

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/user/1/goals" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"start_date\": \"2023-05-12\",
    \"end_date\": \"2023-05-15\",
    \"active\": true
}"
const url = new URL(
    "http://localhost:8000/api/user/1/goals"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "start_date": "2023-05-12",
    "end_date": "2023-05-15",
    "active": true
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (201):


{
    "id": 3,
    "amputee_id": 266,
    "clinician_id": 267,
    "start_date": "1995-09-06",
    "end_date": "1981-07-22",
    "active": 1,
    "created_at": "2026-06-29T13:09:26.000000Z",
    "updated_at": "2026-06-29T13:09:26.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to manage user goals",
    "code": "GOALS:CREATE_GOAL:INSUFFICIENT_PERMISSION"
}
 

Example response (404, User not found):


{
    "message": "User not found",
    "code": "GOALS:CREATE_GOAL:USER_NOT_FOUND"
}
 

Request   

POST api/user/{userId}/goals

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

userId   integer   

User ID. Example: 1

Body Parameters

start_date   string   

Start date of the goal tracking. MUST_BE_DATE Must be a valid date in the format Y-m-d. MUST_BE_AFTER_OR_EQUAL:today. Example: 2023-05-12

end_date   string   

End date of goal tracking. MUST_BE_DATE Must be a valid date in the format Y-m-d. MUST_BE_AFTER:start_date. Example: 2023-05-15

active   boolean  optional  

Status of goal activity. Example: true

Response

Response Fields

id   integer   

Goal ID.

amputee_id   integer   

Patient (amputee) user ID.

clinician_id   integer   

Clinician user ID.

start_date   string   

Goal start date.

end_date   string   

Goal end date.

active   boolean   

Whether the goal is active.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

Update user goal

requires authentication

Example request:
curl --request PUT \
    "http://localhost:8000/api/user/1/goals/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"start_date\": \"2023-05-12\",
    \"end_date\": \"2023-05-15\",
    \"active\": true
}"
const url = new URL(
    "http://localhost:8000/api/user/1/goals/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "start_date": "2023-05-12",
    "end_date": "2023-05-15",
    "active": true
};

fetch(url, {
    method: "PUT",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (202):


{
    "id": 4,
    "amputee_id": 268,
    "clinician_id": 269,
    "start_date": "1994-07-22",
    "end_date": "1999-10-03",
    "active": 1,
    "created_at": "2026-06-29T13:09:27.000000Z",
    "updated_at": "2026-06-29T13:09:27.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to manage user goals",
    "code": "GOALS:UPDATE_GOAL:INSUFFICIENT_PERMISSION"
}
 

Example response (403, Cannot activate ongoing goal):


{
    "message": "Cannot activate ongoing goal",
    "code": "GOALS:UPDATE_GOAL:GOAL_IS_ONGOING"
}
 

Example response (404, User not found):


{
    "message": "User not found",
    "code": "GOALS:UPDATE_GOAL:USER_NOT_FOUND"
}
 

Example response (404, Goal not found):


{
    "message": "Goal not found",
    "code": "GOALS:UPDATE_GOAL:GOAL_NOT_FOUND"
}
 

Request   

PUT api/user/{userId}/goals/{goalId}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

userId   integer   

User ID. Example: 1

goalId   integer   

Goal ID. Example: 1

Body Parameters

start_date   string  optional  

Start date of the goal tracking. MUST_BE_DATE Must be a valid date in the format Y-m-d. MUST_BE_AFTER_OR_EQUAL:today. Example: 2023-05-12

end_date   string  optional  

End date of goal tracking. MUST_BE_DATE Must be a valid date in the format Y-m-d. MUST_BE_AFTER:start_date. Example: 2023-05-15

active   boolean  optional  

Status of goal activity. Example: true

Response

Response Fields

id   integer   

Goal ID.

amputee_id   integer   

Patient (amputee) user ID.

clinician_id   integer   

Clinician user ID.

start_date   string   

Goal start date.

end_date   string   

Goal end date.

active   boolean   

Whether the goal is active.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

Delete user goal

requires authentication

Example request:
curl --request DELETE \
    "http://localhost:8000/api/user/1/goals/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/user/1/goals/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "DELETE",
    headers,
}).then(response => response.json());

Example response (202, OK):


{
    "message": "Goal deleted",
    "code": "GOALS:DELETE_GOAL:DELETED"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to manage user goals",
    "code": "GOALS:DELETE_GOAL:INSUFFICIENT_PERMISSION"
}
 

Example response (403, Cannot delete ongoing goal):


{
    "message": "Cannot delete active ongoing goal",
    "code": "GOALS:DELETE_GOAL:GOAL_IS_ONGOING"
}
 

Example response (404, User not found):


{
    "message": "User not found",
    "code": "GOALS:DELETE_GOAL:USER_NOT_FOUND"
}
 

Example response (404, Goal not found):


{
    "message": "Goal not found",
    "code": "GOALS:DELETE_GOAL:GOAL_NOT_FOUND"
}
 

Request   

DELETE api/user/{userId}/goals/{goalId}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

userId   integer   

User ID. Example: 1

goalId   integer   

Goal ID. Example: 1

List user goal conditions

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/user/1/goals/1/conditions" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/user/1/goals/1/conditions"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


{
    "paginator": {
        "total": 2,
        "count": 2,
        "perpage": 20,
        "current_page": 1,
        "last_page": 1
    },
    "items": [
        {
            "id": 1,
            "goal_id": 5,
            "type": "exercise",
            "grip_id": 3,
            "grips_frequency": "a",
            "grips_count": 238,
            "switches_frequency": "m",
            "switches_count": 100,
            "exercise_id": 5,
            "exercise_frequency": "w",
            "exercise_count": 7,
            "created_at": "2026-06-29T13:09:28.000000Z",
            "updated_at": "2026-06-29T13:09:28.000000Z"
        },
        {
            "id": 2,
            "goal_id": 6,
            "type": "exercise",
            "grip_id": 4,
            "grips_frequency": "a",
            "grips_count": 874,
            "switches_frequency": "d",
            "switches_count": 840,
            "exercise_id": 6,
            "exercise_frequency": "m",
            "exercise_count": 1,
            "created_at": "2026-06-29T13:09:29.000000Z",
            "updated_at": "2026-06-29T13:09:29.000000Z"
        }
    ]
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to view user goals",
    "code": "GOALS:LIST_CONDITIONS:INSUFFICIENT_PERMISSION"
}
 

Example response (404, User not found):


{
    "message": "User not found",
    "code": "GOALS:LIST_CONDITIONS:USER_NOT_FOUND"
}
 

Example response (404, Goal not found):


{
    "message": "Goal not found",
    "code": "GOALS:LIST_CONDITIONS:GOAL_NOT_FOUND"
}
 

Request   

GET api/user/{userId}/goals/{goalId}/conditions

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

userId   integer   

User ID. Example: 1

goalId   integer   

Goal ID. Example: 1

Response

Response Fields

items   object   
id   integer   

Goal condition ID.

goal_id   integer   

Associated goal ID.

type   string   

Condition type.

Must be one of:
  • grip
  • switch
  • exercise
grip_id   integer   

Target grip ID.

grips_frequency   string   

Grip frequency period.

Must be one of:
  • d
  • w
  • m
  • a
grips_count   integer   

Required grip count.

switches_frequency   string   

Switch frequency period.

Must be one of:
  • d
  • w
  • m
  • a
switches_count   integer   

Required switch count.

exercise_id   integer   

Target exercise ID.

exercise_frequency   string   

Exercise frequency period.

Must be one of:
  • d
  • w
  • m
exercise_count   integer   

Required exercise count.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

paginator   object   
total   integer   

Total number of items.

count   integer   

Number of items on current page.

perpage   integer   

Items per page.

current_page   integer   

Current page number.

last_page   integer   

Last page number.

Create user goal condition

requires authentication

Each goal condition could be one of type: grip, switch or exercise.

If goal condition is type of grip, fill only grip_id (optional), grips_frequency and grips_count.
If grip_id is null or missing, patient can perform any grip to fulfill objective.

If goal condition is type of switch, fill only switches_frequency and switches_count.

If goal condition is type of exercise, fill only exercise_id, exercise_frequency and exercise_count.


Restrictions:

  • you can add one grip-any condition (grip_id=null, any grip is counted) and many grip-specific conditions (for example: grip 1 - 100 times and grip 2 - 50 times),
  • all grips conditions must have same frequency (grips_frequency field),
  • sum of grip-specific conditions (grips_count field) cannot be greater than grip-any condition for same goal
  • you can add only one switch condition for same goal,
  • you can add multiple exercise conditions, but each exercise can be used only once.
Example request:
curl --request POST \
    "http://localhost:8000/api/user/1/goals/1/conditions" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"type\": \"grip\",
    \"grip_id\": 1,
    \"grips_frequency\": \"d\",
    \"grips_count\": 100,
    \"switches_frequency\": \"d\",
    \"switches_count\": 100,
    \"exercise_id\": 1,
    \"exercise_frequency\": \"d\",
    \"exercise_count\": 5
}"
const url = new URL(
    "http://localhost:8000/api/user/1/goals/1/conditions"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "type": "grip",
    "grip_id": 1,
    "grips_frequency": "d",
    "grips_count": 100,
    "switches_frequency": "d",
    "switches_count": 100,
    "exercise_id": 1,
    "exercise_frequency": "d",
    "exercise_count": 5
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (201):


{
    "id": 3,
    "goal_id": 7,
    "type": "exercise",
    "grip_id": 5,
    "grips_frequency": "w",
    "grips_count": 864,
    "switches_frequency": "d",
    "switches_count": 524,
    "exercise_id": 7,
    "exercise_frequency": "d",
    "exercise_count": 6,
    "created_at": "2026-06-29T13:09:30.000000Z",
    "updated_at": "2026-06-29T13:09:30.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to manage user goals",
    "code": "GOALS:CREATE_CONDITION:INSUFFICIENT_PERMISSION"
}
 

Example response (403, Cannot create condition: all grip conditions have to be same frequency):


{
    "message": "Cannot create condition: all grip conditions have to be same frequency",
    "code": "GOALS:CREATE_CONDITION:INVALID_FREQUENCY"
}
 

Example response (403, Cannot create condition: grip-any condition for this goal already exist):


{
    "message": "Cannot create condition: grip-any condition for this goal already exist",
    "code": "GOALS:CREATE_CONDITION:GRIP_ANY_ALREADY_EXISTS"
}
 

Example response (403, Cannot create condition: condition with this grip already exist):


{
    "message": "Cannot create condition: condition with this grip already exist",
    "code": "GOALS:CREATE_CONDITION:GRIP_CONDITION_ALREADY_EXISTS"
}
 

Example response (403, Cannot create condition: grip-any value cannot be lower than sum of grip-specific conditions):


{
    "message": "Cannot create condition: grip-any value cannot be lower than sum of grip-specific conditions",
    "code": "GOALS:CREATE_CONDITION:GRIP_ANY_LOWER_THAN_GRIPS_SUM"
}
 

Example response (403, Cannot create condition: sum of grip-specific conditions cannot be greater than value of grip-any condition):


{
    "message": "Cannot create condition: sum of grip-specific conditions cannot be greater than value of grip-any condition",
    "code": "GOALS:CREATE_CONDITION:GRIPS_SUM_GREATER_THAN_GRIP_ANY"
}
 

Example response (403, Cannot create condition: switch condition for this goal already exist):


{
    "message": "Cannot create condition: switch condition for this goal already exist",
    "code": "GOALS:CREATE_CONDITION:SWITCH_CONDITION_ALREADY_EXISTS"
}
 

Example response (403, Cannot create condition: condition with this exercise already exist):


{
    "message": "Cannot create condition: condition with this exercise already exist",
    "code": "GOALS:CREATE_CONDITION:EXERCISE_CONDITION_ALREADY_EXISTS"
}
 

Example response (404, User not found):


{
    "message": "User not found",
    "code": "GOALS:CREATE_CONDITION:USER_NOT_FOUND"
}
 

Example response (404, Goal not found):


{
    "message": "Goal not found",
    "code": "GOALS:CREATE_CONDITION:GOAL_NOT_FOUND"
}
 

Request   

POST api/user/{userId}/goals/{goalId}/conditions

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

userId   integer   

User ID. Example: 1

goalId   integer   

Goal ID. Example: 1

Body Parameters

type   string   

Goal condition type. Example: grip

Must be one of:
  • grip
  • switch
  • exercise
grip_id   integer  optional  

Grip number required for condition. Pass null to allow any grip. The id of an existing record in the App\Models\Grip table. Example: 1

grips_frequency   string  optional  

Grips frequency unit. d - daily, w - weekly, m - monthly, a - all time (within goal). This field is required when type is grip. Example: d

Must be one of:
  • d
  • w
  • m
  • a
grips_count   integer  optional  

Required number of grips per frequency unit. This field is required when type is grip. MINIMUM:NUMBER:1. Example: 100

switches_frequency   string  optional  

Switches frequency unit. d - daily, w - weekly, m - monthly, a - all time (within goal). This field is required when type is switch. Example: d

Must be one of:
  • d
  • w
  • m
  • a
switches_count   integer  optional  

Required number of switches per frequency unit. This field is required when type is switch. MINIMUM:NUMBER:1. Example: 100

exercise_id   integer  optional  

Exercise ID. This field is required when type is exercise. The id of an existing record in the App\Models\Exercise table. Example: 1

exercise_frequency   string  optional  

Exercise frequency unit. d - daily, w - weekly, m - monthly. This field is required when type is exercise. Example: d

Must be one of:
  • d
  • w
  • m
exercise_count   integer  optional  

Required number of performed exercises per frequency unit. This field is required when type is exercise. MINIMUM:NUMBER:1. Example: 5

Response

Response Fields

id   integer   

Goal condition ID.

goal_id   integer   

Associated goal ID.

type   string   

Condition type.

Must be one of:
  • grip
  • switch
  • exercise
grip_id   integer   

Target grip ID.

grips_frequency   string   

Grip frequency period.

Must be one of:
  • d
  • w
  • m
  • a
grips_count   integer   

Required grip count.

switches_frequency   string   

Switch frequency period.

Must be one of:
  • d
  • w
  • m
  • a
switches_count   integer   

Required switch count.

exercise_id   integer   

Target exercise ID.

exercise_frequency   string   

Exercise frequency period.

Must be one of:
  • d
  • w
  • m
exercise_count   integer   

Required exercise count.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

Delete user goal condition

requires authentication

Example request:
curl --request DELETE \
    "http://localhost:8000/api/user/1/goals/1/conditions/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/user/1/goals/1/conditions/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "DELETE",
    headers,
}).then(response => response.json());

Example response (202, OK):


{
    "message": "Goal condition deleted",
    "code": "GOALS:DELETE_CONDITION:DELETED"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to manage user goals",
    "code": "GOALS:DELETE_CONDITION:INSUFFICIENT_PERMISSION"
}
 

Example response (404, User not found):


{
    "message": "User not found",
    "code": "GOALS:DELETE_CONDITION:USER_NOT_FOUND"
}
 

Example response (404, Goal not found):


{
    "message": "Goal not found",
    "code": "GOALS:DELETE_CONDITION:GOAL_NOT_FOUND"
}
 

Request   

DELETE api/user/{userId}/goals/{goalId}/conditions/{conditionId}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

userId   integer   

User ID. Example: 1

goalId   integer   

Goal ID. Example: 1

conditionId   integer   

Goal condition ID. Example: 1

Get user goal progress

requires authentication

Data is grouped into three parts:
  • grips - data about grips progress,
  • switches - data about switches progress,
  • exercises - data about exercises progress and attempts made.
For grips and switches there is summary, which is divided into 4 parts:
  • overall - summary of whole goal time-frame,
  • period - summary of given period, according to frequency (for example: if frequency of conditions is "weekly", these data is summary of current's week).
  • today - summary of today's, used mainly to send daily summary notifications,
  • conditions - goal conditions with progress for each one.
There are also extra fields inside the summary parts:
  • type for grips overall summary, which points which conditions were used to calculate the summary. If grip-any condition exists, it has priority over grip-specific conditions, otherwise summary contains sum of all grip-specific conditions,
  • frequency, frequency_from and frequency_to for period summary for both grips and switches, which describe time-frame of frequency and period,
  • done for today's summary for both grips and switches, indicates if today's goal is reached (it's calculated only for conditions of frequency "daily").
Example request:
curl --request GET \
    --get "http://localhost:8000/api/goals/1/progress" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/goals/1/progress"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200, OK):


{
    "grips": {
        "meta": {
            "overall": {
                "from": "2023-09-01 00:00:00",
                "to": "2023-08-30 23:59:59"
            },
            "period": {
                "from": "2023-09-15 23:59:59",
                "to": "2023-09-21 23:59:59",
                "frequency": "w"
            }
        },
        "summary": {
            "type": "grips-specific",
            "progress": 222,
            "goal": 2535
        },
        "progress": [
            {
                "grip": {
                    "id": 1,
                    "number": 0,
                    "name": "Rest Opposition",
                    "description": null,
                    "created_at": "2023-08-30T12:20:00.000000Z",
                    "updated_at": "2023-08-30T12:20:00.000000Z"
                },
                "overall": {
                    "progress": 125,
                    "goal": 200
                },
                "period": {
                    "progress": 22,
                    "goal": 50
                }
            },
            {
                "grip": {
                    "id": 2,
                    "number": 1,
                    "name": "Power",
                    "description": null,
                    "created_at": "2023-05-18T11:24:11.000000Z",
                    "updated_at": "2023-05-18T11:24:11.000000Z"
                },
                "overall": {
                    "progress": 90,
                    "goal": 150
                },
                "period": {
                    "progress": 10,
                    "goal": 30
                }
            },
            {
                "grip": null,
                "overall": {
                    "progress": 78,
                    "goal": 1250
                },
                "period": {
                    "progress": 17,
                    "goal": 240
                }
            }
        ],
        "today": {
            "performed": 0,
            "goal": 0,
            "done": true
        }
    },
    "switches": {
        "overall": {
            "performed": 55,
            "goal": 300
        },
        "period": {
            "performed": 25,
            "goal": 30,
            "frequency": "d",
            "frequency_from": "2023-09-20 00:00:00",
            "frequency_to": "2023-09-20 23:59:59"
        },
        "today": {
            "performed": 25,
            "goal": 30,
            "done": false
        },
        "condition": {
            "type": "switch",
            "switches_frequency": "d",
            "switches_count": 30
        }
    },
    "exercises": {
        "performed": 1,
        "goal": 3,
        "done": false,
        "conditions": [
            {
                "type": "exercise",
                "exercise_id": 1,
                "exercise_frequency": "d",
                "exercise_count": 3,
                "attempts": [
                    {
                        "date_from": "2023-06-06",
                        "date_to": "2023-06-12",
                        "count_done": 1,
                        "count_not_done": 1
                    },
                    {
                        "date_from": "2023-06-13",
                        "date_to": "2023-06-19",
                        "count_done": 0,
                        "count_not_done": 0
                    },
                    {
                        "date_from": "2023-06-20",
                        "date_to": "2023-06-26",
                        "count_done": 0,
                        "count_not_done": 0
                    },
                    {
                        "date_from": "2023-06-27",
                        "date_to": "2023-07-03",
                        "count_done": 0,
                        "count_not_done": 0
                    }
                ],
                "exercise": {
                    "id": 1,
                    "name": "Water plants",
                    "description": "Use Tripod Grip and water your plants",
                    "icon": "🪴",
                    "created_at": "2023-05-19T10:25:37.000000Z",
                    "updated_at": "2023-05-19T10:25:37.000000Z"
                }
            }
        ]
    }
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to view goal progress",
    "code": "GOALS:GET_PROGRESS:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Goal not found):


{
    "message": "Goal not found",
    "code": "GOALS:GET_PROGRESS:GOAL_NOT_FOUND"
}
 

Request   

GET api/goals/{goalId}/progress

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

goalId   integer   

Goal ID. Example: 1

Update user goal progress

requires authentication

Use this endpoint to update goal progress as patient. Add exercise attempts and mark them as done or not done.

Example request:
curl --request POST \
    "http://localhost:8000/api/goals/1/progress" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"exercise_id\": 1,
    \"exercise_done\": true
}"
const url = new URL(
    "http://localhost:8000/api/goals/1/progress"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "exercise_id": 1,
    "exercise_done": true
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (202):


{
    "id": 1,
    "user_id": 276,
    "goal_id": 8,
    "type": "exercise",
    "grip_id": null,
    "grips": 654,
    "switches": 158,
    "exercise_id": 8,
    "exercise_done": 0,
    "created_at": "2026-06-29T13:09:31.000000Z",
    "updated_at": "2026-06-29T13:09:31.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to update goal progress",
    "code": "GOALS:UPDATE_PROGRESS:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Goal not found):


{
    "message": "Goal not found",
    "code": "GOALS:UPDATE_PROGRESS:GOAL_NOT_FOUND"
}
 

Example response (422, User timezone not set):


{
    "message": "User timezone not set",
    "code": "GOALS:UPDATE_PROGRESS:NO_TIMEZONE"
}
 

Request   

POST api/goals/{goalId}/progress

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

goalId   integer   

Goal ID. Example: 1

Body Parameters

exercise_id   integer   

Exercise ID. The id of an existing record in the App\Models\Exercise table. Example: 1

exercise_done   boolean  optional  

Status of exercise attempt. Example: true

Response

Response Fields

id   integer   

User goal ID.

user_id   integer   

Associated user ID.

goal_id   integer   

Associated goal ID.

type   string   

Goal condition type.

Must be one of:
  • grip
  • switch
  • exercise
grip_id   integer   

Target grip ID.

grips   integer   

Grip count progress.

switches   integer   

Switch count progress.

exercise_id   integer   

Target exercise ID.

exercise_done   boolean   

Whether the exercise is completed.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

Invitations

Accept clinician invitation

Example request:
curl --request POST \
    "http://localhost:8000/api/invite/accept" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"token\": \"ABC123DEF456GHI789JKL0\",
    \"email\": \"example@domain.com\",
    \"password\": \"Test123!\",
    \"language\": \"en\",
    \"name\": \"Tom Smith\",
    \"clinic_name\": \"My clinic Ltd\",
    \"clinic_location\": \"Example St 1\\/345 New York, NY\",
    \"address1\": \"31455 Kiehn Fort\",
    \"address2\": \"Vivienneborough, MT 64756\",
    \"mfa_enabled\": true,
    \"mfa_method\": \"email\"
}"
const url = new URL(
    "http://localhost:8000/api/invite/accept"
);

const headers = {
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "token": "ABC123DEF456GHI789JKL0",
    "email": "example@domain.com",
    "password": "Test123!",
    "language": "en",
    "name": "Tom Smith",
    "clinic_name": "My clinic Ltd",
    "clinic_location": "Example St 1\/345 New York, NY",
    "address1": "31455 Kiehn Fort",
    "address2": "Vivienneborough, MT 64756",
    "mfa_enabled": true,
    "mfa_method": "email"
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (200):


{
    "id": 4,
    "mrn": "3NN9P4871782738442",
    "name": "Dr. Mavis Wyman II",
    "email": "1782738442metz.rachael@example.com",
    "language": "en",
    "phone": "+1 (628) 798-2655",
    "phone_country": "IE",
    "phone_verified_at": null,
    "address1": "470 Meredith Springs Apt. 551",
    "address2": "Theresachester, ID 17395",
    "postal_code": "12876",
    "city": "Hoppe-Okuneva",
    "country": "SI",
    "clinic_name": "South Tod",
    "clinic_location": "5201 Ronaldo Center Apt. 603\nEast Eva, FL 55349",
    "image": null,
    "mfa_enabled": 0,
    "mfa_method": null,
    "mfa_verified_to": null,
    "location_id": null,
    "created_by": null,
    "active": 1,
    "is_internal": 0,
    "notifications_timezone": null,
    "notifications_at": null,
    "created_at": "2026-06-29T13:07:22.000000Z",
    "updated_at": "2026-06-29T13:07:22.000000Z",
    "invitation_status": "accepted",
    "acadle_invitation_status": null,
    "roles": [
        {
            "id": 4,
            "name": "Clinician"
        }
    ]
}
 

Example response (403, Invitation expired):


{
    "message": "Invitation expired",
    "code": "INVITATIONS:ACCEPT:INVITATION_EXPIRED"
}
 

Example response (404, Invitation not found):


{
    "message": "Invitation not found",
    "code": "INVITATIONS:ACCEPT:INVITATION_NOT_FOUND"
}
 

Example response (500, Server error):


{
    "message": "Server error: invitation not accepted",
    "code": "INVITATIONS:ACCEPT:SERVER_ERROR"
}
 

Request   

POST api/invite/accept

Headers

Content-Type      

Example: application/json

Accept      

Example: application/json

Body Parameters

token   string   

Invitation token sent by e-mail. SIZE:STRING_LENGTH:24. Example: ABC123DEF456GHI789JKL0

email   string   

User e-mail. MUST_BE_EMAIL. Example: example@domain.com

password   string   

User password. Example: Test123!

language   string   

User language. Example: en

name   string   

User name. Example: Tom Smith

clinic_name   string  optional  

Clinic name. Example: My clinic Ltd

clinic_location   string  optional  

Clinic location. Example: Example St 1/345 New York, NY

address1   string  optional  

User address line 1. Example: 31455 Kiehn Fort

address2   string  optional  

User address line 2. Example: Vivienneborough, MT 64756

mfa_enabled   boolean  optional  

MFA enabled. Example: true

mfa_method   string  optional  

MFA method. Example: email

Must be one of:
  • email
  • sms

Response

Response Fields

id   integer   

User ID.

mrn   string   

Medical Record Number.

name   string   

User full name.

email   string   

User email address.

language   string   

User preferred language.

phone   string   

User phone number.

phone_country   string   

Phone country code.

phone_verified_at   string   

Phone verification date.

address1   string   

Address line 1.

address2   string   

Address line 2.

postal_code   string   

Postal code.

city   string   

City.

country   string   

Country code (ISO 3166 Alpha-2).

clinic_name   string   

Clinic name.

clinic_location   string   

Clinic location.

image   string   

User profile image URL.

mfa_enabled   boolean   

Whether MFA is enabled.

mfa_method   string   

Preferred MFA method.

mfa_verified_to   string   

MFA session verified until.

location_id   integer   

Location ID.

created_by   integer   

ID of the user who created this account.

active   boolean   

Whether the user account is active.

is_internal   boolean   

Whether the user is an internal user.

notifications_timezone   string   

Timezone for notifications.

notifications_at   string   

Preferred notification time.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

invitation_status   string   

User invitation status.

acadle_invitation_status   string   

Acadle invitation status.

roles   object[]   

User roles.

id   integer   

Role ID.

name   string   

Role name.

permissions   object[]   

User permissions.

clinicians   object[]   

Assigned clinicians.

devices   object[]   

Assigned devices.

patients   object[]   

Assigned patients.

invitations   object[]   

User invitations.

Accept Acadle invitation

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/invite/acadle/accept" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"token\": \"a1b2c3d4e5f6g7h8i9j0k1l2m3\",
    \"email\": \"user@example.com\",
    \"password\": \"securePassword123\",
    \"phone\": \"+17328662067\",
    \"phone_country\": \"US\",
    \"name\": \"John Doe\",
    \"language\": \"en\"
}"
const url = new URL(
    "http://localhost:8000/api/invite/acadle/accept"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "token": "a1b2c3d4e5f6g7h8i9j0k1l2m3",
    "email": "user@example.com",
    "password": "securePassword123",
    "phone": "+17328662067",
    "phone_country": "US",
    "name": "John Doe",
    "language": "en"
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (200):


{
    "id": 5,
    "mrn": "TX3UZQ341782738442",
    "name": "Prof. Eduardo Runolfsson",
    "email": "1782738442wilson22@example.com",
    "language": "en",
    "phone": "+1 (463) 584-9138",
    "phone_country": "ZA",
    "phone_verified_at": null,
    "address1": "967 Wintheiser Run Suite 781",
    "address2": "Wehnerside, OK 57987-8582",
    "postal_code": "97753-0523",
    "city": "Harber Ltd",
    "country": "IT",
    "clinic_name": "West Arthur",
    "clinic_location": "224 Gabriel Motorway\nNorth Waino, NH 58259",
    "image": null,
    "mfa_enabled": 0,
    "mfa_method": null,
    "mfa_verified_to": null,
    "location_id": null,
    "created_by": null,
    "active": 1,
    "is_internal": 0,
    "notifications_timezone": null,
    "notifications_at": null,
    "created_at": "2026-06-29T13:07:22.000000Z",
    "updated_at": "2026-06-29T13:07:22.000000Z",
    "invitation_status": "accepted",
    "acadle_invitation_status": null,
    "roles": [
        {
            "id": 3,
            "name": "ClinicAdmin"
        }
    ]
}
 

Example response (403, Invitation expired):


{
    "message": "Invitation expired",
    "code": "INVITATIONS_ACADLE:ACCEPT:INVITATION_EXPIRED"
}
 

Example response (404, Invitation not found):


{
    "message": "Invitation not found",
    "code": "INVITATIONS_ACADLE:ACCEPT:INVITATION_NOT_FOUND"
}
 

Example response (500, Server error):


{
    "message": "Server error: invitation not accepted",
    "code": "INVITATIONS_ACADLE:ACCEPT:SERVER_ERROR"
}
 

Request   

POST api/invite/acadle/accept

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Body Parameters

token   string   

Invitation token. SIZE:STRING_LENGTH:24. Example: a1b2c3d4e5f6g7h8i9j0k1l2m3

email   string   

Email address of the Acadle user. MUST_BE_EMAIL. Example: user@example.com

password   string   

User password. Example: securePassword123

phone   string   

User phone number. Example: +17328662067

phone_country   string   

Phone number's country (2 characters). SIZE:STRING_LENGTH:2. Example: US

name   string   

User name. Example: John Doe

language   string   

User preferred language. Example: en

Response

Response Fields

id   integer   

User ID.

mrn   string   

Medical Record Number.

name   string   

User full name.

email   string   

User email address.

language   string   

User preferred language.

phone   string   

User phone number.

phone_country   string   

Phone country code.

phone_verified_at   string   

Phone verification date.

address1   string   

Address line 1.

address2   string   

Address line 2.

postal_code   string   

Postal code.

city   string   

City.

country   string   

Country code (ISO 3166 Alpha-2).

clinic_name   string   

Clinic name.

clinic_location   string   

Clinic location.

image   string   

User profile image URL.

mfa_enabled   boolean   

Whether MFA is enabled.

mfa_method   string   

Preferred MFA method.

mfa_verified_to   string   

MFA session verified until.

location_id   integer   

Location ID.

created_by   integer   

ID of the user who created this account.

active   boolean   

Whether the user account is active.

is_internal   boolean   

Whether the user is an internal user.

notifications_timezone   string   

Timezone for notifications.

notifications_at   string   

Preferred notification time.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

invitation_status   string   

User invitation status.

acadle_invitation_status   string   

Acadle invitation status.

roles   object[]   

User roles.

id   integer   

Role ID.

name   string   

Role name.

permissions   object[]   

User permissions.

clinicians   object[]   

Assigned clinicians.

devices   object[]   

Assigned devices.

patients   object[]   

Assigned patients.

invitations   object[]   

User invitations.

List users for invitations

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/invite/users" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/invite/users"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


{
    "paginator": {
        "total": 2,
        "count": 2,
        "perpage": 20,
        "current_page": 1,
        "last_page": 1
    },
    "items": [
        {
            "id": 15,
            "mrn": "2TRPN9RM1782738447",
            "name": "Tyrese Bahringer",
            "email": "1782738447melissa.olson@example.com",
            "language": "en",
            "phone": "(862) 652-6045",
            "phone_country": "SR",
            "phone_verified_at": null,
            "address1": "601 Tyler Cape",
            "address2": "Devantefurt, MN 45994-2890",
            "postal_code": "26061",
            "city": "Walker PLC",
            "country": "IN",
            "clinic_name": "Lake Paytonview",
            "clinic_location": "87890 Zaria River\nJerryview, DC 34243-4197",
            "image": null,
            "mfa_enabled": 0,
            "mfa_method": null,
            "mfa_verified_to": null,
            "location_id": null,
            "created_by": null,
            "active": 1,
            "is_internal": 0,
            "notifications_timezone": null,
            "notifications_at": null,
            "created_at": "2026-06-29T13:07:27.000000Z",
            "updated_at": "2026-06-29T13:07:27.000000Z",
            "invitation_status": "accepted",
            "acadle_invitation_status": null,
            "roles": [
                {
                    "id": 4,
                    "name": "Clinician"
                }
            ]
        },
        {
            "id": 16,
            "mrn": "NVMDMGN21782738448",
            "name": "Fernando Runolfsdottir",
            "email": "1782738448tillman.kali@example.org",
            "language": "en",
            "phone": "586-285-2812",
            "phone_country": "FK",
            "phone_verified_at": null,
            "address1": "60405 Rosalia Mount",
            "address2": "New Elissastad, OK 21846",
            "postal_code": "61861-6806",
            "city": "Quigley, Padberg and Feest",
            "country": "GR",
            "clinic_name": "Uptonchester",
            "clinic_location": "496 Cydney Cove\nJessicaville, NE 43374-0974",
            "image": null,
            "mfa_enabled": 0,
            "mfa_method": null,
            "mfa_verified_to": null,
            "location_id": null,
            "created_by": null,
            "active": 1,
            "is_internal": 0,
            "notifications_timezone": null,
            "notifications_at": null,
            "created_at": "2026-06-29T13:07:28.000000Z",
            "updated_at": "2026-06-29T13:07:28.000000Z",
            "invitation_status": null,
            "acadle_invitation_status": null,
            "roles": [
                {
                    "id": 6,
                    "name": "Amputee"
                }
            ]
        }
    ]
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to list users for invitations",
    "code": "INVITATIONS:USERS:INSUFFICIENT_PERMISSION"
}
 

Request   

GET api/invite/users

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Query Parameters

perpage   integer  optional  

Elements per page (Default: 20).

page   integer  optional  

Page number (Default: 1).

extend   string  optional  

Comma-separated list of relation extensions (available: clinicians, patients, devices, devicesAsClinician, roles, permissions).

Response

Response Fields

items   object   
id   integer   

User ID.

mrn   string   

Medical Record Number.

name   string   

User full name.

email   string   

User email address.

language   string   

User preferred language.

phone   string   

User phone number.

phone_country   string   

Phone country code.

phone_verified_at   string   

Phone verification date.

address1   string   

Address line 1.

address2   string   

Address line 2.

postal_code   string   

Postal code.

city   string   

City.

country   string   

Country code (ISO 3166 Alpha-2).

clinic_name   string   

Clinic name.

clinic_location   string   

Clinic location.

image   string   

User profile image URL.

mfa_enabled   boolean   

Whether MFA is enabled.

mfa_method   string   

Preferred MFA method.

mfa_verified_to   string   

MFA session verified until.

location_id   integer   

Location ID.

created_by   integer   

ID of the user who created this account.

active   boolean   

Whether the user account is active.

is_internal   boolean   

Whether the user is an internal user.

notifications_timezone   string   

Timezone for notifications.

notifications_at   string   

Preferred notification time.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

invitation_status   string   

User invitation status.

acadle_invitation_status   string   

Acadle invitation status.

roles   object[]   

User roles.

id   integer   

Role ID.

name   string   

Role name.

permissions   object[]   

User permissions.

clinicians   object[]   

Assigned clinicians.

devices   object[]   

Assigned devices.

patients   object[]   

Assigned patients.

invitations   object[]   

User invitations.

paginator   object   
total   integer   

Total number of items.

count   integer   

Number of items on current page.

perpage   integer   

Items per page.

current_page   integer   

Current page number.

last_page   integer   

Last page number.

Create clinician invitations

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/invite" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"patient_id\": 1,
    \"invitations\": [
        {
            \"user_id\": 1,
            \"user_email\": \"newuser@domain.com\",
            \"role\": \"Clinician\",
            \"training_confirmed\": true,
            \"permissions\": [
                \"consequatur\"
            ]
        }
    ]
}"
const url = new URL(
    "http://localhost:8000/api/invite"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "patient_id": 1,
    "invitations": [
        {
            "user_id": 1,
            "user_email": "newuser@domain.com",
            "role": "Clinician",
            "training_confirmed": true,
            "permissions": [
                "consequatur"
            ]
        }
    ]
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (201):


{
    "paginator": {
        "total": 2,
        "count": 2,
        "perpage": 10,
        "current_page": 1,
        "last_page": 1
    },
    "items": [
        {
            "id": 17,
            "mrn": "VSPFCXSW1782738448",
            "name": "Carmelo Runolfsson",
            "email": "1782738448lbecker@example.org",
            "language": "en",
            "phone": "1-281-323-6853",
            "phone_country": "GM",
            "phone_verified_at": null,
            "address1": "25990 Cremin Islands",
            "address2": "Garrisonburgh, KY 13858",
            "postal_code": "50351",
            "city": "Effertz LLC",
            "country": "FI",
            "clinic_name": "Lake Clemenston",
            "clinic_location": "33716 Schimmel Forks Suite 495\nEast Jaidastad, AK 69409",
            "image": null,
            "mfa_enabled": 0,
            "mfa_method": null,
            "mfa_verified_to": null,
            "location_id": null,
            "created_by": null,
            "active": 1,
            "is_internal": 0,
            "notifications_timezone": null,
            "notifications_at": null,
            "created_at": "2026-06-29T13:07:28.000000Z",
            "updated_at": "2026-06-29T13:07:28.000000Z",
            "invitation_status": null,
            "acadle_invitation_status": "accepted",
            "invitations": [
                {
                    "id": 1,
                    "user_id": 18,
                    "invited_user_id": 17,
                    "type": "clinician",
                    "training_confirmed": 0,
                    "created_at": "2026-06-29T13:07:30.000000Z",
                    "updated_at": "2026-06-29T13:07:30.000000Z"
                }
            ],
            "roles": [
                {
                    "id": 7,
                    "name": "AcadleUser"
                }
            ]
        },
        {
            "id": 20,
            "mrn": "J3YWBDET1782738450",
            "name": "Kaci Shields",
            "email": "1782738450nikki83@example.com",
            "language": "en",
            "phone": "1-786-729-2782",
            "phone_country": "ER",
            "phone_verified_at": null,
            "address1": "498 Bechtelar Tunnel Suite 255",
            "address2": "Kaileemouth, KS 37363",
            "postal_code": "90915-8788",
            "city": "Bailey-Will",
            "country": "LU",
            "clinic_name": "Lake Marcelina",
            "clinic_location": "3794 McDermott View\nLake Rollin, RI 66274-7662",
            "image": null,
            "mfa_enabled": 0,
            "mfa_method": null,
            "mfa_verified_to": null,
            "location_id": null,
            "created_by": null,
            "active": 1,
            "is_internal": 0,
            "notifications_timezone": null,
            "notifications_at": null,
            "created_at": "2026-06-29T13:07:30.000000Z",
            "updated_at": "2026-06-29T13:07:30.000000Z",
            "invitation_status": "accepted",
            "acadle_invitation_status": null,
            "invitations": [
                {
                    "id": 2,
                    "user_id": 21,
                    "invited_user_id": 20,
                    "type": "clinician",
                    "training_confirmed": 1,
                    "created_at": "2026-06-29T13:07:31.000000Z",
                    "updated_at": "2026-06-29T13:07:31.000000Z"
                }
            ],
            "roles": [
                {
                    "id": 5,
                    "name": "ClinicianSupport"
                }
            ]
        }
    ]
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to create invitations",
    "code": "INVITATIONS:CREATE:INSUFFICIENT_PERMISSION"
}
 

Example response (403, No access to given patient):


{
    "message": "No access to given patient",
    "code": "INVITATIONS:CREATE:NO_ACCESS_TO_PATIENT"
}
 

Request   

POST api/invite

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Body Parameters

patient_id   string  optional  

Patient user ID. The id of an existing record in the App\Models\User table. Example: 1

invitations   object[]   

List of invitations (maximum entries: 10, array of objects).

user_id   integer  optional  

Invited user ID. Use only for existing users. Don't use together with user_email. This field is required when invitations.*.user_email is not present. The id of an existing record in the App\Models\User table. Example: 1

user_email   string  optional  

Invited user e-mail. Use only for non-existing users. Don't use together with user_id. This field is required when invitations.*.user_id is not present. MUST_BE_EMAIL. Example: newuser@domain.com

role   string  optional  

Invited user role. Use only for non-existing users. This field is required when invitations.*.user_id is not present. Example: Clinician

Must be one of:
  • ClinicAdmin
  • Clinician
  • ClinicianSupport
training_confirmed   boolean   

Confirmation that invited user was properly trained to use ADP. Must be accepted. Example: true

permissions   string[]  optional  

List of permissions to assign to the user (use that for ClinicianSupport role).

permissions[]   string  optional  

Permission name. Example: a

Response

Response Fields

items   object   
id   integer   

User ID.

mrn   string   

Medical Record Number.

name   string   

User full name.

email   string   

User email address.

language   string   

User preferred language.

phone   string   

User phone number.

phone_country   string   

Phone country code.

phone_verified_at   string   

Phone verification date.

address1   string   

Address line 1.

address2   string   

Address line 2.

postal_code   string   

Postal code.

city   string   

City.

country   string   

Country code (ISO 3166 Alpha-2).

clinic_name   string   

Clinic name.

clinic_location   string   

Clinic location.

image   string   

User profile image URL.

mfa_enabled   boolean   

Whether MFA is enabled.

mfa_method   string   

Preferred MFA method.

mfa_verified_to   string   

MFA session verified until.

location_id   integer   

Location ID.

created_by   integer   

ID of the user who created this account.

active   boolean   

Whether the user account is active.

is_internal   boolean   

Whether the user is an internal user.

notifications_timezone   string   

Timezone for notifications.

notifications_at   string   

Preferred notification time.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

invitation_status   string   

User invitation status.

acadle_invitation_status   string   

Acadle invitation status.

roles   object[]   

User roles.

id   integer   

Role ID.

name   string   

Role name.

permissions   object[]   

User permissions.

clinicians   object[]   

Assigned clinicians.

devices   object[]   

Assigned devices.

patients   object[]   

Assigned patients.

invitations   object[]   

User invitations.

paginator   object   
total   integer   

Total number of items.

count   integer   

Number of items on current page.

perpage   integer   

Items per page.

current_page   integer   

Current page number.

last_page   integer   

Last page number.

Resend invitation

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/invite/1/resend" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/invite/1/resend"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "POST",
    headers,
}).then(response => response.json());

Example response (201):


{
    "id": 23,
    "mrn": "DP3K9CTZ1782738451",
    "name": "Presley O'Conner",
    "email": "1782738451xswaniawski@example.com",
    "language": "en",
    "phone": "(757) 563-4352",
    "phone_country": "KR",
    "phone_verified_at": null,
    "address1": "47417 Zulauf Island",
    "address2": "New Staceychester, AZ 36910-9377",
    "postal_code": "00574-0542",
    "city": "Reichert Inc",
    "country": "LU",
    "clinic_name": "Brockland",
    "clinic_location": "5163 Jettie Mission Apt. 923\nLake King, ID 99934",
    "image": null,
    "mfa_enabled": 0,
    "mfa_method": null,
    "mfa_verified_to": null,
    "location_id": null,
    "created_by": null,
    "active": 1,
    "is_internal": 0,
    "notifications_timezone": null,
    "notifications_at": null,
    "created_at": "2026-06-29T13:07:31.000000Z",
    "updated_at": "2026-06-29T13:07:31.000000Z",
    "invitation_status": null,
    "acadle_invitation_status": null,
    "invitations": [
        {
            "id": 3,
            "user_id": 24,
            "invited_user_id": 23,
            "type": "clinician",
            "training_confirmed": 1,
            "created_at": "2026-06-29T13:07:33.000000Z",
            "updated_at": "2026-06-29T13:07:33.000000Z"
        }
    ],
    "roles": [
        {
            "id": 6,
            "name": "Amputee"
        }
    ]
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to resend invitations",
    "code": "INVITATIONS:RESEND:INSUFFICIENT_PERMISSION"
}
 

Example response (403, User not found):


{
    "message": "User not found",
    "code": "INVITATIONS:RESEND:USER_NOT_FOUND"
}
 

Example response (403, Invitation already accepted):


{
    "message": "Invitation already accepted",
    "code": "INVITATIONS:RESEND:INVITATION_ALREADY_ACCEPTED"
}
 

Request   

POST api/invite/{userId}/resend

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

userId   integer   

User ID. Example: 1

Response

Response Fields

id   integer   

User ID.

mrn   string   

Medical Record Number.

name   string   

User full name.

email   string   

User email address.

language   string   

User preferred language.

phone   string   

User phone number.

phone_country   string   

Phone country code.

phone_verified_at   string   

Phone verification date.

address1   string   

Address line 1.

address2   string   

Address line 2.

postal_code   string   

Postal code.

city   string   

City.

country   string   

Country code (ISO 3166 Alpha-2).

clinic_name   string   

Clinic name.

clinic_location   string   

Clinic location.

image   string   

User profile image URL.

mfa_enabled   boolean   

Whether MFA is enabled.

mfa_method   string   

Preferred MFA method.

mfa_verified_to   string   

MFA session verified until.

location_id   integer   

Location ID.

created_by   integer   

ID of the user who created this account.

active   boolean   

Whether the user account is active.

is_internal   boolean   

Whether the user is an internal user.

notifications_timezone   string   

Timezone for notifications.

notifications_at   string   

Preferred notification time.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

invitation_status   string   

User invitation status.

acadle_invitation_status   string   

Acadle invitation status.

roles   object[]   

User roles.

id   integer   

Role ID.

name   string   

Role name.

permissions   object[]   

User permissions.

clinicians   object[]   

Assigned clinicians.

devices   object[]   

Assigned devices.

patients   object[]   

Assigned patients.

invitations   object[]   

User invitations.

List all users invited to Acadle

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/invite/acadle/users?search=john" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/invite/acadle/users"
);

const params = {
    "search": "john",
};
Object.keys(params)
    .forEach(key => url.searchParams.append(key, params[key]));

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


{
    "paginator": {
        "total": 2,
        "count": 2,
        "perpage": 20,
        "current_page": 1,
        "last_page": 1
    },
    "items": [
        {
            "id": 26,
            "mrn": "62GG4K2W1782738453",
            "name": "Stephany Paucek",
            "email": "1782738453tdietrich@example.net",
            "language": "en",
            "phone": "(260) 454-3929",
            "phone_country": "YT",
            "phone_verified_at": null,
            "address1": "86868 Frederik Plaza Apt. 469",
            "address2": "Prosaccoview, KY 37187",
            "postal_code": "45141-2402",
            "city": "Larson-Hagenes",
            "country": "EE",
            "clinic_name": "West Karlee",
            "clinic_location": "44984 Cassin Route Suite 427\nEast Mable, AK 59272-2260",
            "image": null,
            "mfa_enabled": 0,
            "mfa_method": null,
            "mfa_verified_to": null,
            "location_id": null,
            "created_by": null,
            "active": 1,
            "is_internal": 0,
            "notifications_timezone": null,
            "notifications_at": null,
            "created_at": "2026-06-29T13:07:33.000000Z",
            "updated_at": "2026-06-29T13:07:33.000000Z",
            "invitation_status": "accepted",
            "acadle_invitation_status": null,
            "roles": [
                {
                    "id": 5,
                    "name": "ClinicianSupport"
                }
            ]
        },
        {
            "id": 27,
            "mrn": "AU8LF5ZJ1782738453",
            "name": "Jayden Rippin",
            "email": "1782738453augusta51@example.org",
            "language": "en",
            "phone": "+1-716-557-2317",
            "phone_country": "MS",
            "phone_verified_at": null,
            "address1": "7970 Rylan Creek",
            "address2": "North Harrisonville, IN 56675",
            "postal_code": "56008-6713",
            "city": "Glover-Klocko",
            "country": "LV",
            "clinic_name": "West Joy",
            "clinic_location": "203 Angelica Grove Apt. 263\nMcGlynnside, TX 02282",
            "image": null,
            "mfa_enabled": 0,
            "mfa_method": null,
            "mfa_verified_to": null,
            "location_id": null,
            "created_by": null,
            "active": 1,
            "is_internal": 0,
            "notifications_timezone": null,
            "notifications_at": null,
            "created_at": "2026-06-29T13:07:33.000000Z",
            "updated_at": "2026-06-29T13:07:33.000000Z",
            "invitation_status": null,
            "acadle_invitation_status": null,
            "roles": [
                {
                    "id": 2,
                    "name": "CommunityAdmin"
                }
            ]
        }
    ]
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to list users for invitations",
    "code": "INVITATIONS_ACADLE:USERS:INSUFFICIENT_PERMISSION"
}
 

Request   

GET api/invite/acadle/users

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Query Parameters

search   string  optional  

Filter users by searching in: user name, user email, contact name, contact surname, contact email, CPO number. Example: john

perpage   integer  optional  

Elements per page (Default: 20).

page   integer  optional  

Page number (Default: 1).

extend   string  optional  

Comma-separated list of relation extensions (available: roles, acadleSurvey, latestAcadleSurvey).

sortby   string  optional  

Sort by field (available: survey_completion_date). Default: survey_completion_date, desc.

sortdir   string  optional  

Sort direction (available: asc, desc).

Response

Response Fields

items   object   
id   integer   

User ID.

mrn   string   

Medical Record Number.

name   string   

User full name.

email   string   

User email address.

language   string   

User preferred language.

phone   string   

User phone number.

phone_country   string   

Phone country code.

phone_verified_at   string   

Phone verification date.

address1   string   

Address line 1.

address2   string   

Address line 2.

postal_code   string   

Postal code.

city   string   

City.

country   string   

Country code (ISO 3166 Alpha-2).

clinic_name   string   

Clinic name.

clinic_location   string   

Clinic location.

image   string   

User profile image URL.

mfa_enabled   boolean   

Whether MFA is enabled.

mfa_method   string   

Preferred MFA method.

mfa_verified_to   string   

MFA session verified until.

location_id   integer   

Location ID.

created_by   integer   

ID of the user who created this account.

active   boolean   

Whether the user account is active.

is_internal   boolean   

Whether the user is an internal user.

notifications_timezone   string   

Timezone for notifications.

notifications_at   string   

Preferred notification time.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

invitation_status   string   

User invitation status.

acadle_invitation_status   string   

Acadle invitation status.

roles   object[]   

User roles.

id   integer   

Role ID.

name   string   

Role name.

permissions   object[]   

User permissions.

clinicians   object[]   

Assigned clinicians.

devices   object[]   

Assigned devices.

patients   object[]   

Assigned patients.

invitations   object[]   

User invitations.

paginator   object   
total   integer   

Total number of items.

count   integer   

Number of items on current page.

perpage   integer   

Items per page.

current_page   integer   

Current page number.

last_page   integer   

Last page number.

Create Acadle invitation

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/invite/acadle" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"email\": \"oshields@example.org\"
}"
const url = new URL(
    "http://localhost:8000/api/invite/acadle"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "email": "oshields@example.org"
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (201):


{
    "id": 28,
    "mrn": "2ZAVS7JC1782738454",
    "name": "Dr. Alejandra Spencer PhD",
    "email": "1782738454gus.kohler@example.org",
    "language": "en",
    "phone": "239.769.1204",
    "phone_country": "JO",
    "phone_verified_at": null,
    "address1": "87769 Nola Gateway Apt. 837",
    "address2": "Schusterland, NV 16604",
    "postal_code": "15516-6239",
    "city": "Emmerich, Kihn and Jacobs",
    "country": "FI",
    "clinic_name": "Coletown",
    "clinic_location": "8933 Ortiz Ramp\nMarquardtstad, WY 04600-8006",
    "image": null,
    "mfa_enabled": 0,
    "mfa_method": null,
    "mfa_verified_to": null,
    "location_id": null,
    "created_by": null,
    "active": 1,
    "is_internal": 0,
    "notifications_timezone": null,
    "notifications_at": null,
    "created_at": "2026-06-29T13:07:34.000000Z",
    "updated_at": "2026-06-29T13:07:34.000000Z",
    "invitation_status": null,
    "acadle_invitation_status": null,
    "invitations": [
        {
            "id": 4,
            "user_id": 29,
            "invited_user_id": 28,
            "type": "clinician",
            "training_confirmed": 0,
            "created_at": "2026-06-29T13:07:35.000000Z",
            "updated_at": "2026-06-29T13:07:35.000000Z"
        }
    ],
    "roles": [
        {
            "id": 1,
            "name": "SuperAdmin"
        }
    ]
}
 

Example response (400, User already exists):


{
    "message": "User with this email already exists in the system",
    "code": "INVITATIONS_ACADLE:CREATE:USER_ALREADY_EXISTS"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to create invitations",
    "code": "INVITATIONS_ACADLE:CREATE:INSUFFICIENT_PERMISSION"
}
 

Request   

POST api/invite/acadle

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Body Parameters

email   string   

Email address of the Acadle user. Example: oshields@example.org

Response

Response Fields

id   integer   

User ID.

mrn   string   

Medical Record Number.

name   string   

User full name.

email   string   

User email address.

language   string   

User preferred language.

phone   string   

User phone number.

phone_country   string   

Phone country code.

phone_verified_at   string   

Phone verification date.

address1   string   

Address line 1.

address2   string   

Address line 2.

postal_code   string   

Postal code.

city   string   

City.

country   string   

Country code (ISO 3166 Alpha-2).

clinic_name   string   

Clinic name.

clinic_location   string   

Clinic location.

image   string   

User profile image URL.

mfa_enabled   boolean   

Whether MFA is enabled.

mfa_method   string   

Preferred MFA method.

mfa_verified_to   string   

MFA session verified until.

location_id   integer   

Location ID.

created_by   integer   

ID of the user who created this account.

active   boolean   

Whether the user account is active.

is_internal   boolean   

Whether the user is an internal user.

notifications_timezone   string   

Timezone for notifications.

notifications_at   string   

Preferred notification time.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

invitation_status   string   

User invitation status.

acadle_invitation_status   string   

Acadle invitation status.

roles   object[]   

User roles.

id   integer   

Role ID.

name   string   

Role name.

permissions   object[]   

User permissions.

clinicians   object[]   

Assigned clinicians.

devices   object[]   

Assigned devices.

patients   object[]   

Assigned patients.

invitations   object[]   

User invitations.

Resend Acadle invitation

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/invite/acadle/1/resend" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/invite/acadle/1/resend"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "POST",
    headers,
}).then(response => response.json());

Example response (201):


{
    "id": 31,
    "mrn": "JP3ZZ8ZN1782738455",
    "name": "Mrs. Maria Hauck",
    "email": "1782738455curtis13@example.com",
    "language": "en",
    "phone": "(727) 691-9864",
    "phone_country": "MA",
    "phone_verified_at": null,
    "address1": "9702 Monroe Court",
    "address2": "South Roseburgh, AR 83113-6582",
    "postal_code": "79277-4786",
    "city": "Schmidt, Breitenberg and Hill",
    "country": "HR",
    "clinic_name": "East Estaville",
    "clinic_location": "859 Monty Trafficway Apt. 285\nWest Pearline, AK 29956-4467",
    "image": null,
    "mfa_enabled": 0,
    "mfa_method": null,
    "mfa_verified_to": null,
    "location_id": null,
    "created_by": null,
    "active": 1,
    "is_internal": 0,
    "notifications_timezone": null,
    "notifications_at": null,
    "created_at": "2026-06-29T13:07:35.000000Z",
    "updated_at": "2026-06-29T13:07:35.000000Z",
    "invitation_status": null,
    "acadle_invitation_status": null,
    "invitations": [
        {
            "id": 5,
            "user_id": 32,
            "invited_user_id": 31,
            "type": "clinician",
            "training_confirmed": 0,
            "created_at": "2026-06-29T13:07:37.000000Z",
            "updated_at": "2026-06-29T13:07:37.000000Z"
        }
    ],
    "roles": [
        {
            "id": 1,
            "name": "SuperAdmin"
        }
    ]
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to resend invitations",
    "code": "INVITATIONS_ACADLE:RESEND:INSUFFICIENT_PERMISSION"
}
 

Example response (403, User not found):


{
    "message": "User not found",
    "code": "INVITATIONS_ACADLE:RESEND:USER_NOT_FOUND"
}
 

Example response (403, Invitation already accepted):


{
    "message": "Invitation already accepted",
    "code": "INVITATIONS_ACADLE:RESEND:INVITATION_ALREADY_ACCEPTED"
}
 

Request   

POST api/invite/acadle/{userId}/resend

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

userId   integer   

User ID. Example: 1

Response

Response Fields

id   integer   

User ID.

mrn   string   

Medical Record Number.

name   string   

User full name.

email   string   

User email address.

language   string   

User preferred language.

phone   string   

User phone number.

phone_country   string   

Phone country code.

phone_verified_at   string   

Phone verification date.

address1   string   

Address line 1.

address2   string   

Address line 2.

postal_code   string   

Postal code.

city   string   

City.

country   string   

Country code (ISO 3166 Alpha-2).

clinic_name   string   

Clinic name.

clinic_location   string   

Clinic location.

image   string   

User profile image URL.

mfa_enabled   boolean   

Whether MFA is enabled.

mfa_method   string   

Preferred MFA method.

mfa_verified_to   string   

MFA session verified until.

location_id   integer   

Location ID.

created_by   integer   

ID of the user who created this account.

active   boolean   

Whether the user account is active.

is_internal   boolean   

Whether the user is an internal user.

notifications_timezone   string   

Timezone for notifications.

notifications_at   string   

Preferred notification time.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

invitation_status   string   

User invitation status.

acadle_invitation_status   string   

Acadle invitation status.

roles   object[]   

User roles.

id   integer   

Role ID.

name   string   

Role name.

permissions   object[]   

User permissions.

clinicians   object[]   

Assigned clinicians.

devices   object[]   

Assigned devices.

patients   object[]   

Assigned patients.

invitations   object[]   

User invitations.

Admin access to invitation tokens

requires authentication

Requires admin.invitations_tokens_access permission.
Fetches only non-accepted and non-expired invitations.

Example request:
curl --request GET \
    --get "http://localhost:8000/api/invite/tokens/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/invite/tokens/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200, OK):


[
    {
        "id": 1,
        "user_id": 1,
        "invited_user_id": 2,
        "token": "I0V25NUVMHC0F8RRF1YEY5BT",
        "training_confirmed": 1,
        "created_at": "2025-05-12T12:00:00.000000Z",
        "updated_at": "2025-05-12T12:00:00.000000Z"
    }
]
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to get invitation tokens",
    "code": "INVITATIONS:ADMIN_TOKENS:INSUFFICIENT_PERMISSION"
}
 

Example response (404, User not found):


{
    "message": "User not found",
    "code": "INVITATIONS:ADMIN_TOKENS:USER_NOT_FOUND"
}
 

Request   

GET api/invite/tokens/{userId}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

userId   integer   

User ID. Example: 1

Logs

API endpoints for managing event logs

Get events log

requires authentication

user - user account that performed the action
element - element model that has been affected by the action

Example request:
curl --request GET \
    --get "http://localhost:8000/api/logs?search=Test&ip=200.200.100.5&user=1&type=user&date_from=1642003200&date_to=1642003200&include_sessions=1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
const url = new URL(
    "http://localhost:8000/api/logs"
);

const params = {
    "search": "Test",
    "ip": "200.200.100.5",
    "user": "1",
    "type": "user",
    "date_from": "1642003200",
    "date_to": "1642003200",
    "include_sessions": "1",
};
Object.keys(params)
    .forEach(key => url.searchParams.append(key, params[key]));

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


{
    "paginator": {
        "total": 2,
        "count": 2,
        "perpage": 20,
        "current_page": 1,
        "last_page": 1
    },
    "items": [
        {
            "id": 1,
            "user_id": 281,
            "event_name": "event_factory",
            "element_type": "App\\Models\\User",
            "element_id": 280,
            "comments": "",
            "ip_address": "213.48.206.193",
            "created_at": "1980-12-22T13:15:38.000000Z",
            "updated_at": "2026-06-29T13:09:32.000000Z",
            "username": "Lexus Daugherty",
            "user": {
                "id": 281,
                "mrn": "WUPYQBJL1782738572",
                "name": "Lexus Daugherty",
                "email": "1782738572eleanora70@example.org",
                "language": "en",
                "phone": "+1.843.484.1154",
                "phone_country": "TH",
                "phone_verified_at": null,
                "address1": "964 Clyde Ferry",
                "address2": "Aliviaberg, ND 79224-5886",
                "postal_code": "52669",
                "city": "Nikolaus, Schiller and Heller",
                "country": "PT",
                "clinic_name": "North Leilaniland",
                "clinic_location": "4543 Christiansen Harbor\nEphraimchester, TX 65421",
                "image": null,
                "mfa_enabled": 0,
                "mfa_method": null,
                "mfa_verified_to": null,
                "location_id": null,
                "created_by": null,
                "active": 1,
                "is_internal": 0,
                "notifications_timezone": null,
                "notifications_at": null,
                "created_at": "2026-06-29T13:09:32.000000Z",
                "updated_at": "2026-06-29T13:09:32.000000Z",
                "invitation_status": null,
                "acadle_invitation_status": null,
                "roles": []
            },
            "element": {
                "id": 280,
                "mrn": "YHAHJ8WJ1782738571",
                "name": "Dr. Max Bartell",
                "email": "1782738571alvah.stiedemann@example.com",
                "language": "en",
                "phone": "435-310-9706",
                "phone_country": "BI",
                "phone_verified_at": null,
                "address1": "799 Lueilwitz Streets Suite 416",
                "address2": "Wunschmouth, FL 02466",
                "postal_code": "07713-7439",
                "city": "Feeney PLC",
                "country": "LU",
                "clinic_name": "North Alverta",
                "clinic_location": "401 London Springs Suite 238\nKiehnmouth, MI 77758",
                "image": null,
                "mfa_enabled": 0,
                "mfa_method": null,
                "mfa_verified_to": null,
                "location_id": null,
                "created_by": null,
                "active": 1,
                "is_internal": 0,
                "notifications_timezone": null,
                "notifications_at": null,
                "created_at": "2026-06-29T13:09:32.000000Z",
                "updated_at": "2026-06-29T13:09:32.000000Z",
                "invitation_status": null,
                "acadle_invitation_status": null,
                "roles": []
            }
        },
        {
            "id": 2,
            "user_id": 284,
            "event_name": "event_factory",
            "element_type": "App\\Models\\User",
            "element_id": 283,
            "comments": "",
            "ip_address": "223.172.70.39",
            "created_at": "1984-05-26T11:28:25.000000Z",
            "updated_at": "2026-06-29T13:09:34.000000Z",
            "username": "Julio Dickinson DVM",
            "user": {
                "id": 284,
                "mrn": "NTJLXZ3X1782738573",
                "name": "Julio Dickinson DVM",
                "email": "1782738573breitenberg.manuel@example.com",
                "language": "en",
                "phone": "248-676-4489",
                "phone_country": "MC",
                "phone_verified_at": null,
                "address1": "77078 Von Path Suite 820",
                "address2": "New Magnus, LA 99402",
                "postal_code": "56002-3674",
                "city": "Dibbert-Jenkins",
                "country": "US",
                "clinic_name": "West Georgettebury",
                "clinic_location": "8562 Zachariah Stravenue\nSouth Darrel, CO 67683-2848",
                "image": null,
                "mfa_enabled": 0,
                "mfa_method": null,
                "mfa_verified_to": null,
                "location_id": null,
                "created_by": null,
                "active": 1,
                "is_internal": 0,
                "notifications_timezone": null,
                "notifications_at": null,
                "created_at": "2026-06-29T13:09:33.000000Z",
                "updated_at": "2026-06-29T13:09:33.000000Z",
                "invitation_status": null,
                "acadle_invitation_status": null,
                "roles": []
            },
            "element": {
                "id": 283,
                "mrn": "DZAJ2U5W1782738573",
                "name": "Mr. Cole Auer",
                "email": "1782738573dejuan.moen@example.com",
                "language": "en",
                "phone": "(469) 432-1689",
                "phone_country": "ME",
                "phone_verified_at": null,
                "address1": "816 Wiza Parkway",
                "address2": "North Katarinaton, ID 93666",
                "postal_code": "85260",
                "city": "Feeney Ltd",
                "country": "AT",
                "clinic_name": "North Mabel",
                "clinic_location": "2584 Reilly Valleys\nNew Edwinaberg, MO 61198-3759",
                "image": null,
                "mfa_enabled": 0,
                "mfa_method": null,
                "mfa_verified_to": null,
                "location_id": null,
                "created_by": null,
                "active": 1,
                "is_internal": 0,
                "notifications_timezone": null,
                "notifications_at": null,
                "created_at": "2026-06-29T13:09:33.000000Z",
                "updated_at": "2026-06-29T13:09:33.000000Z",
                "invitation_status": null,
                "acadle_invitation_status": null,
                "roles": []
            }
        }
    ]
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to access event logs",
    "code": "EVENT_LOGS:LIST:INSUFFICIENT_PERMISSION"
}
 

Request   

GET api/logs

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Query Parameters

search   string  optional  

Filter logs by related element data:

  • for users: search by name or email
  • for devices: search by serial or bluetooth_id
  • for P2P sessions: search by amputee_uuid or clinician_uuid
Example: `Test`
ip   string  optional  

Filter logs by IP address. Example: 200.200.100.5

user   integer  optional  

Filter logs by user. Example: 1

type   string  optional  

Filter logs by event type (available: user, device, p2p_session. Example: user

date_from   integer  optional  

Filter logs from date (timestamp). Example: 1642003200

date_to   integer  optional  

Filter logs to date (timestamp). Example: 1642003200

include_sessions   integer  optional  

Login and logout events are filtered out by default. Set this parameter to 1 to include these events. Example: 1

perpage   integer  optional  

Elements per page (Default: 20).

page   integer  optional  

Page number (Default: 1).

sortby   string  optional  

Sort by field (available: type, username, ip_address, date). Default: date, desc.

sortdir   string  optional  

Sort direction (available: asc, desc).

Body Parameters

date_from   string  optional  
date_to   string  optional  

Response

Response Fields

items   object   
id   integer   

Event log entry ID.

user_id   integer   

ID of the user who triggered the event.

event_name   string   

Event name.

element_type   string   

Type of the related element.

element_id   integer   

ID of the related element.

comments   string   

Additional event comments.

ip_address   string   

IP address of the request.

created_at   string   

Event timestamp.

updated_at   string   

Last update timestamp.

user   object   

User who triggered the event.

element   object   

Related element.

paginator   object   
total   integer   

Total number of items.

count   integer   

Number of items on current page.

perpage   integer   

Items per page.

current_page   integer   

Current page number.

last_page   integer   

Last page number.

Messages

API endpoints for message center

Get user messages list

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/messages" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"filter\": \"all\"
}"
const url = new URL(
    "http://localhost:8000/api/messages"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "filter": "all"
};

fetch(url, {
    method: "GET",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (200):


{
    "paginator": {
        "total": 2,
        "count": 2,
        "perpage": 20,
        "current_page": 1,
        "last_page": 1
    },
    "items": [
        {
            "id": 1,
            "user_id": null,
            "message_id": 1,
            "is_read": 0,
            "is_archived": 0,
            "is_deleted": 0,
            "message": {
                "id": 1,
                "sender_id": null,
                "title": "Eveniet temporibus sed accusamus harum voluptas blanditiis.",
                "content": "Quia perferendis consequuntur quae vitae non quo autem accusantium.",
                "created_at": "2026-06-29T13:08:30.000000Z",
                "updated_at": "2026-06-29T13:08:30.000000Z",
                "sender": null
            }
        },
        {
            "id": 2,
            "user_id": null,
            "message_id": 2,
            "is_read": 0,
            "is_archived": 0,
            "is_deleted": 0,
            "message": {
                "id": 2,
                "sender_id": null,
                "title": "Labore quod odio magnam sed consequuntur asperiores velit.",
                "content": "Et minus temporibus eum.",
                "created_at": "2026-06-29T13:08:30.000000Z",
                "updated_at": "2026-06-29T13:08:30.000000Z",
                "sender": null
            }
        }
    ]
}
 

Request   

GET api/messages

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Query Parameters

sortby   string  optional  

Sort by field (available: date). Default: date, desc.

sortdir   string  optional  

Sort direction (available: asc, desc).

Body Parameters

filter   string  optional  

Filter results by message status (available: archived, all). Defaults to non-archived only. Example: all

Response

Response Fields

items   object   
id   integer   

User message ID.

user_id   integer   

Recipient user ID.

message_id   integer   

Associated message ID.

is_read   boolean   

Whether the message has been read.

is_archived   boolean   

Whether the message is archived.

is_deleted   boolean   

Whether the message is deleted.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

message   object   

The message content.

paginator   object   
total   integer   

Total number of items.

count   integer   

Number of items on current page.

perpage   integer   

Items per page.

current_page   integer   

Current page number.

last_page   integer   

Last page number.

Send message to multiple users

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/message" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"title\": \"Reminder about your vaccination\",
    \"content\": \"Lorem ipsum dolor sit amet\",
    \"roles\": \"Clinician,Amputee\"
}"
const url = new URL(
    "http://localhost:8000/api/message"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "title": "Reminder about your vaccination",
    "content": "Lorem ipsum dolor sit amet",
    "roles": "Clinician,Amputee"
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (202, OK):


{
    "message": "Messages sent",
    "count": 3,
    "code": "MESSAGES:SEND:SENT"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to send messages",
    "code": "MESSAGES:SEND:INSUFFICIENT_PERMISSION"
}
 

Request   

POST api/message

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Body Parameters

title   string   

Message title. MINIMUM:STRING_LENGTH:3. Example: Reminder about your vaccination

content   string  optional  

Message content text. Example: Lorem ipsum dolor sit amet

roles   string  optional  

Filter recipients with given role (comma-separated). Example: Clinician,Amputee

Mark message as read

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/message/1/read" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"state\": true
}"
const url = new URL(
    "http://localhost:8000/api/message/1/read"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "state": true
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (202):


{
    "id": 3,
    "user_id": 147,
    "message_id": 3,
    "is_read": 0,
    "is_archived": 0,
    "is_deleted": 0
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to mark this message as read",
    "code": "MESSAGES:READ:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Message not found):


{
    "message": "Message not found",
    "code": "MESSAGES:READ:MESSAGE_NOT_FOUND"
}
 

Request   

POST api/message/{id}/read

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   integer   

User Message ID (id from messages list; do not confuse with message_id). Example: 1

Body Parameters

state   boolean  optional  

Explicit read state. Default: 1 (true). Example: true

Response

Response Fields

id   integer   

User message ID.

user_id   integer   

Recipient user ID.

message_id   integer   

Associated message ID.

is_read   boolean   

Whether the message has been read.

is_archived   boolean   

Whether the message is archived.

is_deleted   boolean   

Whether the message is deleted.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

message   object   

The message content.

Mark message as archived

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/message/1/archive" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"state\": true
}"
const url = new URL(
    "http://localhost:8000/api/message/1/archive"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "state": true
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (202):


{
    "id": 4,
    "user_id": 148,
    "message_id": 4,
    "is_read": 0,
    "is_archived": 0,
    "is_deleted": 0
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to mark this message as archived",
    "code": "MESSAGES:ARCHIVE:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Message not found):


{
    "message": "Message not found",
    "code": "MESSAGES:ARCHIVE:MESSAGE_NOT_FOUND"
}
 

Request   

POST api/message/{id}/archive

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   integer   

User Message ID (id from messages list; do not confuse with message_id). Example: 1

Body Parameters

state   boolean  optional  

Explicit archived state. Default: 1 (true). Example: true

Response

Response Fields

id   integer   

User message ID.

user_id   integer   

Recipient user ID.

message_id   integer   

Associated message ID.

is_read   boolean   

Whether the message has been read.

is_archived   boolean   

Whether the message is archived.

is_deleted   boolean   

Whether the message is deleted.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

message   object   

The message content.

List of messages and tickets

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/messages-and-tickets" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/messages-and-tickets"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200, OK):


{
    "paginator": {
        "total": 2,
        "count": 2,
        "perpage": 20,
        "current_page": 1,
        "last_page": 2
    },
    "items": [
        {
            "type": "UserMessage",
            "date": "2024-11-02T10:00:00.000000Z",
            "item": {
                "id": 1,
                "user_id": 1,
                "message_id": 1,
                "is_read": 0,
                "is_archived": 0,
                "is_deleted": 0,
                "message": {
                    "id": 1,
                    "sender_id": 1,
                    "title": "Message title",
                    "content": "Message content",
                    "created_at": "2024-11-02T10:00:00.000000Z",
                    "updated_at": "2024-11-02T10:00:00.000000Z",
                    "sender": {
                        "id": 1,
                        "mrn": "MRN",
                        "name": "User name",
                        "email": "user@domain.com",
                        "language": "en",
                        "phone": "",
                        "phone_verified_at": null,
                        "address1": "",
                        "address2": "",
                        "postal_code": "",
                        "city": "",
                        "clinic_name": "Test Company",
                        "clinic_location": "Test Company Location",
                        "image": null,
                        "mfa_enabled": 0,
                        "mfa_method": "email",
                        "mfa_verified_to": null,
                        "created_by": null,
                        "active": 1,
                        "notifications_timezone": "Europe/Warsaw",
                        "notifications_at": "08:00:00",
                        "created_at": "2024-09-01T15:00:00.000000Z",
                        "updated_at": "2024-10-10T10:30:00.000000Z",
                        "invitation_status": "accepted",
                        "roles": [
                            {
                                "id": 3,
                                "name": "Clinician",
                                "guard_name": "web",
                                "created_at": "2024-01-01T12:00:00.000000Z",
                                "updated_at": "2024-01-01T12:00:00.000000Z",
                                "pivot": {
                                    "model_id": 1,
                                    "role_id": 3,
                                    "model_type": "App\\Models\\User"
                                }
                            }
                        ]
                    }
                }
            }
        },
        {
            "type": "SupportTicket",
            "date": "2024-11-01T15:15:00.000000Z",
            "item": {
                "id": 1,
                "sender_id": 1,
                "recipient_id": 999,
                "device_id": null,
                "meeting_date": "2024-11-10T15:00:00.000000Z",
                "meeting_type": "none",
                "contact_email": null,
                "status": "new",
                "created_at": "2024-11-01T15:15:00.000000Z",
                "updated_at": "2024-11-01T15:15:00.000000Z",
                "sender": {
                    "id": 1,
                    "mrn": "MRN",
                    "name": "User name",
                    "email": "user@domain.com",
                    "language": "en",
                    "phone": "",
                    "phone_verified_at": null,
                    "address1": "",
                    "address2": "",
                    "postal_code": "",
                    "city": "",
                    "clinic_name": "Test Company",
                    "clinic_location": "Test Company Location",
                    "image": null,
                    "mfa_enabled": 0,
                    "mfa_method": "email",
                    "mfa_verified_to": null,
                    "created_by": null,
                    "active": 1,
                    "notifications_timezone": "Europe/Warsaw",
                    "notifications_at": "08:00:00",
                    "created_at": "2024-09-01T15:00:00.000000Z",
                    "updated_at": "2024-10-10T10:30:00.000000Z",
                    "invitation_status": "accepted",
                    "roles": [
                        {
                            "id": 3,
                            "name": "Clinician",
                            "guard_name": "web",
                            "created_at": "2024-01-01T12:00:00.000000Z",
                            "updated_at": "2024-01-01T12:00:00.000000Z",
                            "pivot": {
                                "model_id": 1,
                                "role_id": 3,
                                "model_type": "App\\Models\\User"
                            }
                        }
                    ]
                },
                "recipient": {
                    "id": 2,
                    "mrn": "MRN2",
                    "name": "Patient",
                    "email": "patient4@domain.com",
                    "language": "en",
                    "phone": "",
                    "phone_verified_at": null,
                    "address1": "",
                    "address2": "",
                    "postal_code": "",
                    "city": "",
                    "clinic_name": null,
                    "clinic_location": null,
                    "image": null,
                    "mfa_enabled": 0,
                    "mfa_method": null,
                    "mfa_verified_to": null,
                    "created_by": 1,
                    "active": 1,
                    "notifications_timezone": null,
                    "notifications_at": null,
                    "created_at": "2024-10-01T15:00:00.000000Z",
                    "updated_at": "2024-10-10T10:30:00.000000Z",
                    "invitation_status": null,
                    "roles": [
                        {
                            "id": 5,
                            "name": "Amputee",
                            "guard_name": "web",
                            "created_at": "2024-01-01T12:00:00.000000Z",
                            "updated_at": "2024-01-01T12:00:00.000000Z",
                            "pivot": {
                                "model_id": 2,
                                "role_id": 5,
                                "model_type": "App\\Models\\User"
                            }
                        }
                    ]
                },
                "device": null,
                "messages": [
                    {
                        "id": 1,
                        "ticket_id": 1,
                        "sender_id": 1,
                        "title": "Communication channel",
                        "content": "Welcome to the digital platform. Please use this channel for communicating with your clinician.",
                        "is_read": false,
                        "created_at": "2024-11-01T15:15:00.000000Z",
                        "updated_at": "2024-11-01T15:15:00.000000Z",
                        "attachments": [],
                        "sender": {
                            "id": 1,
                            "mrn": "MRN",
                            "name": "User name",
                            "email": "user@domain.com",
                            "language": "en",
                            "phone": "",
                            "phone_verified_at": null,
                            "address1": "",
                            "address2": "",
                            "postal_code": "",
                            "city": "",
                            "clinic_name": "Test Company",
                            "clinic_location": "Test Company Location",
                            "image": null,
                            "mfa_enabled": 0,
                            "mfa_method": "email",
                            "mfa_verified_to": null,
                            "created_by": null,
                            "active": 1,
                            "notifications_timezone": "Europe/Warsaw",
                            "notifications_at": "08:00:00",
                            "created_at": "2024-09-01T15:00:00.000000Z",
                            "updated_at": "2024-10-10T10:30:00.000000Z",
                            "invitation_status": "accepted",
                            "roles": [
                                {
                                    "id": 3,
                                    "name": "Clinician",
                                    "guard_name": "web",
                                    "created_at": "2024-01-01T12:00:00.000000Z",
                                    "updated_at": "2024-01-01T12:00:00.000000Z",
                                    "pivot": {
                                        "model_id": 1,
                                        "role_id": 3,
                                        "model_type": "App\\Models\\User"
                                    }
                                }
                            ]
                        }
                    }
                ]
            }
        }
    ]
}
 

Request   

GET api/messages-and-tickets

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Status of messages and tickets

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/messages-and-tickets/status" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/messages-and-tickets/status"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200, OK):


{
    "messages": 5,
    "tickets": 2
}
 

Request   

GET api/messages-and-tickets/status

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Mobile logs

API endpoints for managing mobile logs

Store log

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/mobile-logs" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: multipart/form-data" \
    --header "Accept: application/json" \
    --form "device_id=1"\
    --form "date_start=1977-08-24 16:55:35"\
    --form "date_end=1994-12-07 16:20:46"\
    --form "encrypt_key=quaerat"\
    --form "encrypt_iv=minus"\
    --form "file=@/tmp/phpuxH8Xc" 
const url = new URL(
    "http://localhost:8000/api/mobile-logs"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "multipart/form-data",
    "Accept": "application/json",
};

const body = new FormData();
body.append('device_id', '1');
body.append('date_start', '1977-08-24 16:55:35');
body.append('date_end', '1994-12-07 16:20:46');
body.append('encrypt_key', 'quaerat');
body.append('encrypt_iv', 'minus');
body.append('file', document.querySelector('input[name="file"]').files[0]);

fetch(url, {
    method: "POST",
    headers,
    body,
}).then(response => response.json());

Example response (202):


{
    "id": 1,
    "user_id": 285,
    "device_id": 139,
    "file": "/tmp/fakerJvxxvz",
    "date_start": "2010-11-07 06:54:51",
    "date_end": "2023-04-24 20:50:56",
    "created_at": "2026-06-29T13:09:34.000000Z",
    "updated_at": "2026-06-29T13:09:34.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to write mobile logs",
    "code": "MOBILE_LOGS:STORE:INSUFFICIENT_PERMISSION"
}
 

Request   

POST api/mobile-logs

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: multipart/form-data

Accept      

Example: application/json

Body Parameters

device_id   string  optional  

Device ID. The id of an existing record in the App\Models\Device table. Example: 1

file   file   

Log file. Must be a file. MAXIMUM:FILE_KB:102400. Example: /tmp/phpuxH8Xc

date_start   string   

Log start date. MUST_BE_DATE Must be a valid date in the format Y-m-d H:i:s. Example: 1977-08-24 16:55:35

date_end   string   

Log end date. MUST_BE_DATE Must be a valid date in the format Y-m-d H:i:s. MUST_BE_AFTER:date_start. Example: 1994-12-07 16:20:46

encrypt_key   string   

Encryption key. Example: quaerat

encrypt_iv   string   

Encryption IV (Initialization Vector). Example: minus

Response

Response Fields

id   integer   

Mobile log ID.

user_id   integer   

Associated user ID.

device_id   integer   

Associated device ID.

file   string   

Log file URL.

date_start   string   

Log start date.

date_end   string   

Log end date.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

Get logs

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/mobile-logs" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/mobile-logs"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


{
    "paginator": {
        "total": 2,
        "count": 2,
        "perpage": 20,
        "current_page": 1,
        "last_page": 1
    },
    "items": [
        {
            "id": 2,
            "user_id": 286,
            "device_id": 140,
            "file": "/tmp/fakernh3zHD",
            "date_start": "2011-12-21 05:21:11",
            "date_end": "2015-02-13 22:11:16",
            "created_at": "2026-06-29T13:09:35.000000Z",
            "updated_at": "2026-06-29T13:09:35.000000Z"
        },
        {
            "id": 3,
            "user_id": 287,
            "device_id": 141,
            "file": "/tmp/fakerhgWVlX",
            "date_start": "2011-02-17 17:25:53",
            "date_end": "2014-02-02 10:43:36",
            "created_at": "2026-06-29T13:09:35.000000Z",
            "updated_at": "2026-06-29T13:09:35.000000Z"
        }
    ]
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to view mobile logs",
    "code": "MOBILE_LOGS:GET:INSUFFICIENT_PERMISSION"
}
 

Request   

GET api/mobile-logs

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Query Parameters

perpage   integer  optional  

Elements per page (Default: 20).

page   integer  optional  

Page number (Default: 1).

extend   string  optional  

Comma-separated list of relation extensions (available: device).

sortby   string  optional  

Sort by field (available: date). Default: date, desc.

sortdir   string  optional  

Sort direction (available: asc, desc).

Response

Response Fields

items   object   
id   integer   

Mobile log ID.

user_id   integer   

Associated user ID.

device_id   integer   

Associated device ID.

file   string   

Log file URL.

date_start   string   

Log start date.

date_end   string   

Log end date.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

paginator   object   
total   integer   

Total number of items.

count   integer   

Number of items on current page.

perpage   integer   

Items per page.

current_page   integer   

Current page number.

last_page   integer   

Last page number.

Get logs by user

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/mobile-logs/user/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/mobile-logs/user/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


{
    "paginator": {
        "total": 2,
        "count": 2,
        "perpage": 20,
        "current_page": 1,
        "last_page": 1
    },
    "items": [
        {
            "id": 4,
            "user_id": 288,
            "device_id": 142,
            "file": "/tmp/faker0rv1Gq",
            "date_start": "1980-10-19 12:31:28",
            "date_end": "1984-04-28 14:11:28",
            "created_at": "2026-06-29T13:09:35.000000Z",
            "updated_at": "2026-06-29T13:09:35.000000Z"
        },
        {
            "id": 5,
            "user_id": 289,
            "device_id": 143,
            "file": "/tmp/fakerEfBEos",
            "date_start": "2012-01-19 22:10:43",
            "date_end": "2011-01-25 18:54:13",
            "created_at": "2026-06-29T13:09:36.000000Z",
            "updated_at": "2026-06-29T13:09:36.000000Z"
        }
    ]
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to view mobile logs",
    "code": "MOBILE_LOGS:GET_BY_USER:INSUFFICIENT_PERMISSION"
}
 

Request   

GET api/mobile-logs/user/{userId}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

userId   integer   

User ID. Example: 1

Query Parameters

perpage   integer  optional  

Elements per page (Default: 20).

page   integer  optional  

Page number (Default: 1).

extend   string  optional  

Comma-separated list of relation extensions (available: device).

sortby   string  optional  

Sort by field (available: date). Default: date, desc.

sortdir   string  optional  

Sort direction (available: asc, desc).

Response

Response Fields

items   object   
id   integer   

Mobile log ID.

user_id   integer   

Associated user ID.

device_id   integer   

Associated device ID.

file   string   

Log file URL.

date_start   string   

Log start date.

date_end   string   

Log end date.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

paginator   object   
total   integer   

Total number of items.

count   integer   

Number of items on current page.

perpage   integer   

Items per page.

current_page   integer   

Current page number.

last_page   integer   

Last page number.

Get logs by device

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/mobile-logs/device/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/mobile-logs/device/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


{
    "paginator": {
        "total": 2,
        "count": 2,
        "perpage": 20,
        "current_page": 1,
        "last_page": 1
    },
    "items": [
        {
            "id": 6,
            "user_id": 290,
            "device_id": 144,
            "file": "/tmp/fakeruhhAeY",
            "date_start": "1994-05-05 05:59:26",
            "date_end": "1980-04-27 13:52:52",
            "created_at": "2026-06-29T13:09:36.000000Z",
            "updated_at": "2026-06-29T13:09:36.000000Z"
        },
        {
            "id": 7,
            "user_id": 291,
            "device_id": 145,
            "file": "/tmp/fakerjHYrMh",
            "date_start": "1983-12-20 19:26:47",
            "date_end": "2014-09-14 17:27:15",
            "created_at": "2026-06-29T13:09:37.000000Z",
            "updated_at": "2026-06-29T13:09:37.000000Z"
        }
    ]
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to view mobile logs",
    "code": "MOBILE_LOGS:GET_BY_DEVICE:INSUFFICIENT_PERMISSION"
}
 

Request   

GET api/mobile-logs/device/{deviceId}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

deviceId   integer   

Device ID. Example: 1

Query Parameters

perpage   integer  optional  

Elements per page (Default: 20).

page   integer  optional  

Page number (Default: 1).

sortby   string  optional  

Sort by field (available: date). Default: date, desc.

sortdir   string  optional  

Sort direction (available: asc, desc).

Response

Response Fields

items   object   
id   integer   

Mobile log ID.

user_id   integer   

Associated user ID.

device_id   integer   

Associated device ID.

file   string   

Log file URL.

date_start   string   

Log start date.

date_end   string   

Log end date.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

paginator   object   
total   integer   

Total number of items.

count   integer   

Number of items on current page.

perpage   integer   

Items per page.

current_page   integer   

Current page number.

last_page   integer   

Last page number.

Old Configurator Statistics

Endpoints for old configurator statistics

Create old configurator statistic

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/old-configurator-statistics" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"entry_id\": \"labore\",
    \"comments\": \"et\"
}"
const url = new URL(
    "http://localhost:8000/api/old-configurator-statistics"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "entry_id": "labore",
    "comments": "et"
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (201):


{
    "id": 1,
    "entry_id": "af3649ce-a609-3e24-bab3-6d980f396939",
    "comments": "{\"key\":\"et\",\"value\":6021749}",
    "created_at": "2026-06-29T13:07:23.000000Z",
    "updated_at": "2026-06-29T13:07:23.000000Z"
}
 

Request   

POST api/old-configurator-statistics

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Body Parameters

entry_id   string   

Example: labore

comments   string  optional  

Example: et

List old configurator statistics

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/old-configurator-statistics" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/old-configurator-statistics"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


{
    "paginator": {
        "total": 2,
        "count": 2,
        "perpage": 20,
        "current_page": 1,
        "last_page": 1
    },
    "items": [
        {
            "id": 2,
            "entry_id": "3243d066-de41-3fa4-9d68-5cdea1d61339",
            "comments": "{\"key\":\"repellendus\",\"value\":19}",
            "created_at": "2026-06-29T13:09:59.000000Z",
            "updated_at": "2026-06-29T13:09:59.000000Z"
        },
        {
            "id": 3,
            "entry_id": "ebda0d6a-f2a4-37c0-bb28-71267feeaff4",
            "comments": "{\"key\":\"ut\",\"value\":525}",
            "created_at": "2026-06-29T13:09:59.000000Z",
            "updated_at": "2026-06-29T13:09:59.000000Z"
        }
    ]
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to view old configurator statistics",
    "code": "OLD_CONFIGURATOR_STATISTIC:LIST:INSUFFICIENT_PERMISSION"
}
 

Request   

GET api/old-configurator-statistics

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Query Parameters

perpage   integer  optional  

Elements per page (Default: 20).

page   integer  optional  

Page number (Default: 1).

P2P Sessions

API endpoints for managing P2P (peer-to-peer) sessions

Get active session data

requires authentication

Returns P2P sessions with status "waiting_for_decision" or "in_progress".

Example request:
curl --request GET \
    --get "http://localhost:8000/api/p2p/user/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/p2p/user/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


{
    "id": 1,
    "amputee_id": null,
    "device_id": null,
    "clinician_id": null,
    "amputee_uuid": "6b6914b6-7d37-386f-ad71-9a89ef0a1c77",
    "clinician_uuid": "9be5cbe5-6288-3289-85b4-03d42ee74bc6",
    "token": "P9VS3EF8WR3GH8FVLNKMH438LW6BN9MZNCU4GCHA5KYVQWWUJEDT3YSPLV952FLF",
    "status": "waiting_for_decision",
    "created_at": "2026-06-29T13:08:19.000000Z",
    "updated_at": "2026-06-29T13:08:19.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to view active P2P session",
    "code": "P2P_SESSIONS:GET_ACTIVE:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Session not found):


{
    "message": "P2P session not found",
    "code": "P2P_SESSIONS:GET_ACTIVE:SESSION_NOT_FOUND"
}
 

Request   

GET api/p2p/user/{userId}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

userId   integer   

User ID. Example: 1

Response

Response Fields

id   integer   

P2P session ID.

device_id   integer   

Associated device ID.

amputee_id   integer   

Patient (amputee) user ID.

clinician_id   integer   

Clinician user ID.

amputee_uuid   string   

Amputee WebRTC UUID.

clinician_uuid   string   

Clinician WebRTC UUID.

token   string   

Session token.

status   string   

Session status.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

amputee   object   

Patient user.

clinician   object   

Clinician user.

Get session data

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/p2p/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/p2p/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


{
    "id": 2,
    "amputee_id": null,
    "device_id": null,
    "clinician_id": null,
    "amputee_uuid": "2863dddc-6caa-391c-a343-06aaad4d3eaf",
    "clinician_uuid": "25431c41-5e85-3323-9f5a-0f5bc8b13db3",
    "token": "9BJJTSGTXSPSUKN8WG62YT2Y6NQGD4L855MP6T3YGUAWNH2F6XGRLQCTRVZADXNU",
    "status": "waiting_for_decision",
    "created_at": "2026-06-29T13:08:19.000000Z",
    "updated_at": "2026-06-29T13:08:19.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to view P2P session",
    "code": "P2P_SESSIONS:GET:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Session not found):


{
    "message": "P2P session not found",
    "code": "P2P_SESSIONS:GET:SESSION_NOT_FOUND"
}
 

Request   

GET api/p2p/{id}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   integer   

P2P session ID. Example: 1

Response

Response Fields

id   integer   

P2P session ID.

device_id   integer   

Associated device ID.

amputee_id   integer   

Patient (amputee) user ID.

clinician_id   integer   

Clinician user ID.

amputee_uuid   string   

Amputee WebRTC UUID.

clinician_uuid   string   

Clinician WebRTC UUID.

token   string   

Session token.

status   string   

Session status.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

amputee   object   

Patient user.

clinician   object   

Clinician user.

Create new P2P session

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/p2p/create" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"amputee_id\": 2,
    \"device_id\": 5,
    \"amputee_uuid\": \"6fe265b1-2134-399f-a7cb-66d701fea373\",
    \"clinician_uuid\": \"1a381c7b-e18c-313d-9f9e-8f55b5b54c5c\"
}"
const url = new URL(
    "http://localhost:8000/api/p2p/create"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "amputee_id": 2,
    "device_id": 5,
    "amputee_uuid": "6fe265b1-2134-399f-a7cb-66d701fea373",
    "clinician_uuid": "1a381c7b-e18c-313d-9f9e-8f55b5b54c5c"
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (201):


{
    "id": 3,
    "amputee_id": 122,
    "device_id": null,
    "clinician_id": 123,
    "amputee_uuid": "87178f70-7644-3d3e-b715-e58f15aeca4f",
    "clinician_uuid": "a1b9886d-19a4-3e87-8559-43da4a044cb8",
    "token": "7ULUBZPJNT39N6Y6B3TVPAUMCLN9KYPVM2RAA3H2Y23ZZAXPGQCDNTZ74GJT7MSW",
    "status": "waiting_for_decision",
    "created_at": "2026-06-29T13:08:20.000000Z",
    "updated_at": "2026-06-29T13:08:20.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to create P2P session",
    "code": "P2P_SESSIONS:CREATE:INSUFFICIENT_PERMISSION"
}
 

Example response (403, Device not assigned to patient):


{
    "message": "Device is not assigned to the patient",
    "code": "P2P_SESSIONS:CREATE:DEVICE_NOT_ASSIGNED"
}
 

Example response (404, User not found):


{
    "message": "User not found",
    "code": "P2P_SESSIONS:CREATE:USER_NOT_FOUND"
}
 

Request   

POST api/p2p/create

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Body Parameters

amputee_id   string   

Amputee ID. The id of an existing record in the App\Models\User table. Example: 2

device_id   string   

Device ID. The id of an existing record in the App\Models\Device table. Example: 5

amputee_uuid   string   

Amputee's UUID generated by integration platform. Example: 6fe265b1-2134-399f-a7cb-66d701fea373

clinician_uuid   string   

Clinician's UUID generated by integration platform. Example: 1a381c7b-e18c-313d-9f9e-8f55b5b54c5c

Response

Response Fields

id   integer   

P2P session ID.

device_id   integer   

Associated device ID.

amputee_id   integer   

Patient (amputee) user ID.

clinician_id   integer   

Clinician user ID.

amputee_uuid   string   

Amputee WebRTC UUID.

clinician_uuid   string   

Clinician WebRTC UUID.

token   string   

Session token.

status   string   

Session status.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

amputee   object   

Patient user.

clinician   object   

Clinician user.

Update P2P session

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/p2p/1/update" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"status\": \"closed\"
}"
const url = new URL(
    "http://localhost:8000/api/p2p/1/update"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "status": "closed"
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (202):


{
    "id": 4,
    "amputee_id": null,
    "device_id": null,
    "clinician_id": null,
    "amputee_uuid": "ed446738-3b4c-34b2-927f-f8dcd4e54ec3",
    "clinician_uuid": "993ebd0a-ade4-30d5-a2d7-03d9c52956af",
    "token": "TJYL9G44MRTCCU2JDKMW4GLVMD2EPKGVNUUY3TYL569X9JBLLS3ZP8MAKU7M7MNL",
    "status": "waiting_for_decision",
    "created_at": "2026-06-29T13:08:20.000000Z",
    "updated_at": "2026-06-29T13:08:20.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to update P2P session",
    "code": "P2P_SESSIONS:UPDATE:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Session not found):


{
    "message": "P2P session not found",
    "code": "P2P_SESSIONS:UPDATE:SESSION_NOT_FOUND"
}
 

Request   

POST api/p2p/{id}/update

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   integer   

P2P session ID. Example: 1

Body Parameters

status   string   

Session status. Example: closed

Must be one of:
  • waiting_for_decision
  • in_progress
  • closed

Response

Response Fields

id   integer   

P2P session ID.

device_id   integer   

Associated device ID.

amputee_id   integer   

Patient (amputee) user ID.

clinician_id   integer   

Clinician user ID.

amputee_uuid   string   

Amputee WebRTC UUID.

clinician_uuid   string   

Clinician WebRTC UUID.

token   string   

Session token.

status   string   

Session status.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

amputee   object   

Patient user.

clinician   object   

Clinician user.

Product features and toggles

API endpoints for product features and toggles management

Definitions:

List product features

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/product/features" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/product/features"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


[
    {
        "id": 1,
        "name": "black",
        "slug": "qui-reiciendis-magni-quos-nesciunt",
        "created_at": "2026-06-29T13:09:18.000000Z",
        "updated_at": "2026-06-29T13:09:18.000000Z"
    },
    {
        "id": 2,
        "name": "silver",
        "slug": "voluptatem-aut-veritatis-nemo-aspernatur-qui-sed-unde",
        "created_at": "2026-06-29T13:09:18.000000Z",
        "updated_at": "2026-06-29T13:09:18.000000Z"
    }
]
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to view product features and toggles",
    "code": "PRODUCT_FEATURES:LIST:INSUFFICIENT_PERMISSION"
}
 

Request   

GET api/product/features

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Response

Response Fields

id   integer   

Product feature ID.

name   string   

Feature name.

slug   string   

Feature slug (unique identifier).

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

Create product feature

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/product/features" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"name\": \"Remote config\",
    \"slug\": \"remote_config\"
}"
const url = new URL(
    "http://localhost:8000/api/product/features"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "name": "Remote config",
    "slug": "remote_config"
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (201):


{
    "id": 3,
    "name": "maroon",
    "slug": "est-iusto-nihil-cum-dolore-perferendis",
    "created_at": "2026-06-29T13:09:18.000000Z",
    "updated_at": "2026-06-29T13:09:18.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to manage product features and toggles",
    "code": "PRODUCT_FEATURES:CREATE:INSUFFICIENT_PERMISSION"
}
 

Request   

POST api/product/features

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Body Parameters

name   string   

Name of product feature. Example: Remote config

slug   string   

Simplified name of product feature without spaces (e.g. remote_config for Remote config name). Example: remote_config

Response

Response Fields

id   integer   

Product feature ID.

name   string   

Feature name.

slug   string   

Feature slug (unique identifier).

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

Update product feature

requires authentication

Example request:
curl --request PUT \
    "http://localhost:8000/api/product/features/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"name\": \"Remote config\",
    \"slug\": \"remote_config\"
}"
const url = new URL(
    "http://localhost:8000/api/product/features/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "name": "Remote config",
    "slug": "remote_config"
};

fetch(url, {
    method: "PUT",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (201):


{
    "id": 4,
    "name": "gray",
    "slug": "atque-ipsa-atque-corporis-eos-et-fuga-id",
    "created_at": "2026-06-29T13:09:18.000000Z",
    "updated_at": "2026-06-29T13:09:18.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to manage product features and toggles",
    "code": "PRODUCT_FEATURES:UPDATE:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Product feature not found):


{
    "message": "Product feature not found",
    "code": "PRODUCT_FEATURES:UPDATE:FEATURE_NOT_FOUND"
}
 

Request   

PUT api/product/features/{id}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   integer   

Product Feature ID. Example: 1

Body Parameters

name   string  optional  

Name of product feature. Example: Remote config

slug   string  optional  

Simplified name of product feature without spaces (e.g. remote_config for Remote config name). Example: remote_config

Response

Response Fields

id   integer   

Product feature ID.

name   string   

Feature name.

slug   string   

Feature slug (unique identifier).

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

Delete product feature

requires authentication

Example request:
curl --request DELETE \
    "http://localhost:8000/api/product/features/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/product/features/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "DELETE",
    headers,
}).then(response => response.json());

Example response (202, OK):


{
    "message": "Product feature deleted",
    "code": "PRODUCT_FEATURES:DELETE:DELETED"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to manage product features and toggles",
    "code": "PRODUCT_FEATURES:DELETE:INSUFFICIENT_PERMISSION"
}
 

Example response (403, Product feature belongs to compatibility entries):


{
    "message": "Cannot delete: product feature belongs to existing compatibility entries (1)",
    "code": "PRODUCT_FEATURES:DELETE:HAS_COMPATIBILITY_ENTRIES"
}
 

Example response (404, Product feature not found):


{
    "message": "Product feature not found",
    "code": "PRODUCT_FEATURES:DELETE:FEATURE_NOT_FOUND"
}
 

Request   

DELETE api/product/features/{id}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   integer   

Product Feature ID. Example: 1

List product toggles

requires authentication

This endpoint returns list of global toggles. For some users there could exist user toggle which overrides these settings.

Example request:
curl --request GET \
    --get "http://localhost:8000/api/product/toggles?global=1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/product/toggles"
);

const params = {
    "global": "1",
};
Object.keys(params)
    .forEach(key => url.searchParams.append(key, params[key]));

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


[
    {
        "id": 1,
        "name": "yellow",
        "slug": "esse-voluptas-consequatur-nobis-esse",
        "enabled": 1,
        "created_at": "2026-06-29T13:09:18.000000Z",
        "updated_at": "2026-06-29T13:09:18.000000Z"
    },
    {
        "id": 2,
        "name": "gray",
        "slug": "aliquam-et-ut-beatae-odio-qui",
        "enabled": 0,
        "created_at": "2026-06-29T13:09:18.000000Z",
        "updated_at": "2026-06-29T13:09:18.000000Z"
    }
]
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to view product features and toggles",
    "code": "PRODUCT_TOGGLES:LIST:INSUFFICIENT_PERMISSION"
}
 

Request   

GET api/product/toggles

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Query Parameters

global   integer  optional  

Pass value 1 to fetch list of global toggles without user overrides Example: 1

Response

Response Fields

id   integer   

Product toggle ID.

name   string   

Toggle name.

slug   string   

Toggle slug (unique identifier).

enabled   boolean   

Whether the toggle is enabled globally.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

Create product toggle

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/product/toggles" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"name\": \"Remote config\",
    \"slug\": \"remote_config\",
    \"enabled\": true
}"
const url = new URL(
    "http://localhost:8000/api/product/toggles"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "name": "Remote config",
    "slug": "remote_config",
    "enabled": true
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (201):


{
    "id": 3,
    "name": "yellow",
    "slug": "atque-laborum-quia-quasi-delectus-deleniti",
    "enabled": 1,
    "created_at": "2026-06-29T13:09:18.000000Z",
    "updated_at": "2026-06-29T13:09:18.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to manage product features and toggles",
    "code": "PRODUCT_TOGGLES:CREATE:INSUFFICIENT_PERMISSION"
}
 

Request   

POST api/product/toggles

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Body Parameters

name   string   

Name of product toggle. Example: Remote config

slug   string   

Simplified name of product toggle without spaces (e.g. remote_config for Remote config name). Example: remote_config

enabled   boolean   

Is toggle enabled on this environment?. Example: true

Response

Response Fields

id   integer   

Product toggle ID.

name   string   

Toggle name.

slug   string   

Toggle slug (unique identifier).

enabled   boolean   

Whether the toggle is enabled globally.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

Update product toggle

requires authentication

Example request:
curl --request PUT \
    "http://localhost:8000/api/product/toggles/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"name\": \"Remote config\",
    \"slug\": \"remote_config\",
    \"enabled\": true
}"
const url = new URL(
    "http://localhost:8000/api/product/toggles/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "name": "Remote config",
    "slug": "remote_config",
    "enabled": true
};

fetch(url, {
    method: "PUT",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (201):


{
    "id": 4,
    "name": "yellow",
    "slug": "excepturi-nihil-consequatur-quibusdam-ut",
    "enabled": 1,
    "created_at": "2026-06-29T13:09:18.000000Z",
    "updated_at": "2026-06-29T13:09:18.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to manage product features and toggles",
    "code": "PRODUCT_TOGGLES:UPDATE:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Product toggle not found):


{
    "message": "Product toggle not found",
    "code": "PRODUCT_TOGGLES:UPDATE:TOGGLE_NOT_FOUND"
}
 

Request   

PUT api/product/toggles/{id}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   integer   

Product Toggle ID. Example: 1

Body Parameters

name   string  optional  

Name of product toggle. Example: Remote config

slug   string  optional  

Simplified name of product toggle without spaces (e.g. remote_config for Remote config name). Example: remote_config

enabled   boolean  optional  

Is toggle enabled on this environment?. Example: true

Response

Response Fields

id   integer   

Product toggle ID.

name   string   

Toggle name.

slug   string   

Toggle slug (unique identifier).

enabled   boolean   

Whether the toggle is enabled globally.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

Delete product toggle

requires authentication

Example request:
curl --request DELETE \
    "http://localhost:8000/api/product/toggles/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/product/toggles/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "DELETE",
    headers,
}).then(response => response.json());

Example response (202, OK):


{
    "message": "Product toggle deleted",
    "code": "PRODUCT_TOGGLES:DELETE:DELETED"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to manage product features and toggles",
    "code": "PRODUCT_TOGGLES:DELETE:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Product toggle not found):


{
    "message": "Product toggle not found",
    "code": "PRODUCT_TOGGLES:DELETE:TOGGLE_NOT_FOUND"
}
 

Request   

DELETE api/product/toggles/{id}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   integer   

Product Toggle ID. Example: 1

List product FAQ

requires authentication

This endpoint returns list of product FAQ.

Example request:
curl --request GET \
    --get "http://localhost:8000/api/product/faq" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/product/faq"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


{
    "paginator": {
        "total": 2,
        "count": 2,
        "perpage": 20,
        "current_page": 1,
        "last_page": 1
    },
    "items": [
        {
            "id": 1,
            "question": "Est quas est et qui. Necessitatibus voluptatum aut enim at. Eveniet commodi et provident quaerat. Est ut esse cupiditate non qui adipisci ratione.",
            "answer": "Non et ut ipsum quasi ipsam. Magnam exercitationem illo omnis voluptatibus nam molestiae nulla. Sed quia blanditiis atque et fugit. Sapiente rerum voluptatem voluptas laudantium dicta voluptatum.",
            "created_at": "2026-06-29T13:09:18.000000Z",
            "updated_at": "2026-06-29T13:09:18.000000Z"
        },
        {
            "id": 2,
            "question": "Ad magnam dolore in laboriosam inventore amet fugit velit. Incidunt veniam dolorem soluta. Saepe dolorem voluptates amet illum modi perspiciatis velit saepe.",
            "answer": "Ut doloremque molestias rerum. Perspiciatis vero voluptas non occaecati voluptatem temporibus. Et perferendis ea tempore eos voluptatibus.",
            "created_at": "2026-06-29T13:09:18.000000Z",
            "updated_at": "2026-06-29T13:09:18.000000Z"
        }
    ]
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to view product features and toggles",
    "code": "FAQ:LIST:INSUFFICIENT_PERMISSION"
}
 

Request   

GET api/product/faq

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Query Parameters

perpage   integer  optional  

Elements per page (Default: 20).

page   integer  optional  

Page number (Default: 1).

Response

Response Fields

items   object   
id   integer   

FAQ entry ID.

question   string   

FAQ question.

answer   string   

FAQ answer.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

paginator   object   
total   integer   

Total number of items.

count   integer   

Number of items on current page.

perpage   integer   

Items per page.

current_page   integer   

Current page number.

last_page   integer   

Last page number.

List user toggles

requires authentication

This endpoint returns list of user toggles with their global toggles.

Example request:
curl --request GET \
    --get "http://localhost:8000/api/user/1/toggles" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/user/1/toggles"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


[
    {
        "id": 1,
        "toggle_id": 6,
        "user_id": 255,
        "enabled": 1,
        "created_at": "2026-06-29T13:09:18.000000Z",
        "updated_at": "2026-06-29T13:09:18.000000Z",
        "toggle": {
            "id": 6,
            "name": "black",
            "slug": "et-commodi-reprehenderit-expedita-et",
            "enabled": 0,
            "created_at": "2026-06-29T13:09:18.000000Z",
            "updated_at": "2026-06-29T13:09:18.000000Z"
        }
    },
    {
        "id": 2,
        "toggle_id": 8,
        "user_id": 256,
        "enabled": 1,
        "created_at": "2026-06-29T13:09:19.000000Z",
        "updated_at": "2026-06-29T13:09:19.000000Z",
        "toggle": {
            "id": 8,
            "name": "navy",
            "slug": "quas-officiis-ipsa-iusto-distinctio-ut",
            "enabled": 1,
            "created_at": "2026-06-29T13:09:19.000000Z",
            "updated_at": "2026-06-29T13:09:19.000000Z"
        }
    }
]
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to view product features and toggles",
    "code": "USER_TOGGLES:LIST:INSUFFICIENT_PERMISSION"
}
 

Example response (404, User not found):


{
    "message": "User not found",
    "code": "USER_TOGGLES:LIST:USER_NOT_FOUND"
}
 

Request   

GET api/user/{userId}/toggles

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

userId   integer   

User ID. Example: 1

Response

Response Fields

id   integer   

User product toggle ID.

toggle_id   integer   

Associated product toggle ID.

user_id   integer   

Associated user ID.

enabled   boolean   

Whether the toggle is enabled for this user.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

toggle   object   

Associated product toggle.

Create user toggle

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/user/1/toggles" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"toggle_id\": 1,
    \"enabled\": true
}"
const url = new URL(
    "http://localhost:8000/api/user/1/toggles"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "toggle_id": 1,
    "enabled": true
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (201):


{
    "id": 3,
    "toggle_id": 9,
    "user_id": 257,
    "enabled": 0,
    "created_at": "2026-06-29T13:09:19.000000Z",
    "updated_at": "2026-06-29T13:09:19.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to manage product features and toggles",
    "code": "USER_TOGGLES:CREATE:INSUFFICIENT_PERMISSION"
}
 

Example response (403, Cannot create user toggles for SuperAdmin):


{
    "message": "Cannot create user toggles for SuperAdmin",
    "code": "USER_TOGGLES:CREATE:CANNOT_CREATE_FOR_SUPER_ADMIN"
}
 

Example response (404, User not found):


{
    "message": "User not found",
    "code": "USER_TOGGLES:CREATE:USER_NOT_FOUND"
}
 

Request   

POST api/user/{userId}/toggles

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

userId   integer   

User ID. Example: 1

Body Parameters

toggle_id   integer   

Product toggle ID. The id of an existing record in the App\Models\ProductToggle table. Example: 1

enabled   boolean   

Is user toggle enabled on this environment?. Example: true

Response

Response Fields

id   integer   

User product toggle ID.

toggle_id   integer   

Associated product toggle ID.

user_id   integer   

Associated user ID.

enabled   boolean   

Whether the toggle is enabled for this user.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

toggle   object   

Associated product toggle.

Update user toggle

requires authentication

Example request:
curl --request PUT \
    "http://localhost:8000/api/user/1/toggles/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"enabled\": true
}"
const url = new URL(
    "http://localhost:8000/api/user/1/toggles/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "enabled": true
};

fetch(url, {
    method: "PUT",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (201):


{
    "id": 4,
    "toggle_id": 10,
    "user_id": 258,
    "enabled": 1,
    "created_at": "2026-06-29T13:09:20.000000Z",
    "updated_at": "2026-06-29T13:09:20.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to manage product features and toggles",
    "code": "USER_TOGGLES:UPDATE:INSUFFICIENT_PERMISSION"
}
 

Example response (404, User not found):


{
    "message": "User not found",
    "code": "USER_TOGGLES:UPDATE:USER_NOT_FOUND"
}
 

Example response (404, User toggle not found):


{
    "message": "User toggle not found",
    "code": "USER_TOGGLES:UPDATE:TOGGLE_NOT_FOUND"
}
 

Request   

PUT api/user/{userId}/toggles/{toggleId}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

userId   integer   

User ID. Example: 1

toggleId   integer   

User Toggle ID. Example: 1

Body Parameters

enabled   boolean  optional  

Is user toggle enabled on this environment?. Example: true

Response

Response Fields

id   integer   

User product toggle ID.

toggle_id   integer   

Associated product toggle ID.

user_id   integer   

Associated user ID.

enabled   boolean   

Whether the toggle is enabled for this user.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

toggle   object   

Associated product toggle.

Delete user toggle

requires authentication

Example request:
curl --request DELETE \
    "http://localhost:8000/api/user/1/toggles/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/user/1/toggles/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "DELETE",
    headers,
}).then(response => response.json());

Example response (202, OK):


{
    "message": "User toggle deleted",
    "code": "USER_TOGGLES:DELETE:DELETED"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to manage product features and toggles",
    "code": "USER_TOGGLES:DELETE:INSUFFICIENT_PERMISSION"
}
 

Example response (404, User not found):


{
    "message": "User not found",
    "code": "USER_TOGGLES:DELETE:USER_NOT_FOUND"
}
 

Example response (404, User toggle not found):


{
    "message": "User toggle not found",
    "code": "USER_TOGGLES:DELETE:TOGGLE_NOT_FOUND"
}
 

Request   

DELETE api/user/{userId}/toggles/{toggleId}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

userId   integer   

User ID. Example: 1

toggleId   integer   

User Toggle ID. Example: 1

Releases

API endpoints for releases management

List releases

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/releases" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/releases"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


{
    "paginator": {
        "total": 2,
        "count": 2,
        "perpage": 20,
        "current_page": 1,
        "last_page": 1
    },
    "items": [
        {
            "id": 1,
            "version_type": "App\\Models\\SoftwareVersion",
            "version_id": 14,
            "description": "Quo iure porro consequuntur ut. Quis qui voluptatem odio quidem magni dolorem. Non similique qui libero porro minus. Quo repudiandae rerum doloremque qui.",
            "created_at": "2026-06-29T13:09:21.000000Z",
            "updated_at": "2026-06-29T13:09:21.000000Z",
            "version": {
                "id": 14,
                "name": "4.15.34",
                "created_at": "2026-06-29T13:09:21.000000Z",
                "updated_at": "2026-06-29T13:09:21.000000Z"
            }
        },
        {
            "id": 2,
            "version_type": "App\\Models\\SoftwareVersion",
            "version_id": 15,
            "description": "Harum maiores facilis sunt architecto. Nihil vitae ut sed laboriosam. Deleniti dolorum itaque quam nemo sit vero repellendus. Ipsum labore et eos expedita quisquam.",
            "created_at": "2026-06-29T13:09:21.000000Z",
            "updated_at": "2026-06-29T13:09:21.000000Z",
            "version": {
                "id": 15,
                "name": "4.62.97",
                "created_at": "2026-06-29T13:09:21.000000Z",
                "updated_at": "2026-06-29T13:09:21.000000Z"
            }
        }
    ]
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to list releases",
    "code": "RELEASES:LIST:INSUFFICIENT_PERMISSION"
}
 

Request   

GET api/releases

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Query Parameters

perpage   integer  optional  

Elements per page (Default: 20).

page   integer  optional  

Page number (Default: 1).

Response

Response Fields

items   object   
id   integer   

Release ID.

version_type   string   

Version model type (morph class name).

version_id   integer   

Version model ID.

description   string   

Release notes.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

version   object   

Associated version (software, firmware or PCB).

paginator   object   
total   integer   

Total number of items.

count   integer   

Number of items on current page.

perpage   integer   

Items per page.

current_page   integer   

Current page number.

last_page   integer   

Last page number.

Get release

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/releases/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/releases/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


{
    "id": 3,
    "version_type": "App\\Models\\SoftwareVersion",
    "version_id": 16,
    "description": "Repudiandae atque ipsum fugiat voluptate cumque qui sit. Rerum et rerum omnis totam ut sequi eveniet explicabo. Nobis omnis itaque et sit. Minima placeat autem molestiae natus.",
    "created_at": "2026-06-29T13:09:21.000000Z",
    "updated_at": "2026-06-29T13:09:21.000000Z",
    "version": {
        "id": 16,
        "name": "1.46.76",
        "created_at": "2026-06-29T13:09:21.000000Z",
        "updated_at": "2026-06-29T13:09:21.000000Z"
    }
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to view release",
    "code": "RELEASES:GET:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Release not found):


{
    "message": "Release not found",
    "code": "RELEASES:GET:RELEASE_NOT_FOUND"
}
 

Request   

GET api/releases/{id}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   integer   

Release ID. Example: 1

Response

Response Fields

id   integer   

Release ID.

version_type   string   

Version model type (morph class name).

version_id   integer   

Version model ID.

description   string   

Release notes.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

version   object   

Associated version (software, firmware or PCB).

Create release

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/releases" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"version_type\": \"SoftwareVersion\",
    \"version_id\": 1,
    \"description\": \"This version fixes minor bugs.\"
}"
const url = new URL(
    "http://localhost:8000/api/releases"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "version_type": "SoftwareVersion",
    "version_id": 1,
    "description": "This version fixes minor bugs."
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (201):


{
    "id": 4,
    "version_type": "App\\Models\\SoftwareVersion",
    "version_id": 17,
    "description": "Sint error illo sunt. Ut non corrupti aut dolores quasi magni laudantium. Voluptates quaerat mollitia error animi voluptates temporibus.",
    "created_at": "2026-06-29T13:09:21.000000Z",
    "updated_at": "2026-06-29T13:09:21.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to create release",
    "code": "RELEASES:CREATE:INSUFFICIENT_PERMISSION"
}
 

Request   

POST api/releases

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Body Parameters

version_type   string   

Version type. Example: SoftwareVersion

Must be one of:
  • DeviceModel
  • SoftwareVersion
  • FirmwareVersion
  • PCBVersion
version_id   integer   

Version ID. Example: 1

description   string  optional  

Release description. Example: This version fixes minor bugs.

Response

Response Fields

id   integer   

Release ID.

version_type   string   

Version model type (morph class name).

version_id   integer   

Version model ID.

description   string   

Release notes.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

version   object   

Associated version (software, firmware or PCB).

Update release

requires authentication

Example request:
curl --request PUT \
    "http://localhost:8000/api/releases/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"version_type\": \"SoftwareVersion\",
    \"version_id\": 1,
    \"description\": \"This version fixes minor bugs.\"
}"
const url = new URL(
    "http://localhost:8000/api/releases/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "version_type": "SoftwareVersion",
    "version_id": 1,
    "description": "This version fixes minor bugs."
};

fetch(url, {
    method: "PUT",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (202):


{
    "id": 5,
    "version_type": "App\\Models\\SoftwareVersion",
    "version_id": 18,
    "description": "Voluptatem est cumque voluptatum excepturi eos dolore quod. Consectetur quis nihil neque. A voluptas nostrum amet natus.",
    "created_at": "2026-06-29T13:09:21.000000Z",
    "updated_at": "2026-06-29T13:09:21.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to update release",
    "code": "RELEASES:UPDATE:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Release not found):


{
    "message": "Release not found",
    "code": "RELEASES:UPDATE:RELEASE_NOT_FOUND"
}
 

Request   

PUT api/releases/{id}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   integer   

Release ID. Example: 1

Body Parameters

version_type   string  optional  

Version type. Example: SoftwareVersion

Must be one of:
  • DeviceModel
  • SoftwareVersion
  • FirmwareVersion
  • PCBVersion
version_id   integer  optional  

Version ID. Example: 1

description   string  optional  

Release description. Example: This version fixes minor bugs.

Response

Response Fields

id   integer   

Release ID.

version_type   string   

Version model type (morph class name).

version_id   integer   

Version model ID.

description   string   

Release notes.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

version   object   

Associated version (software, firmware or PCB).

Delete release

requires authentication

Example request:
curl --request DELETE \
    "http://localhost:8000/api/releases/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/releases/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "DELETE",
    headers,
}).then(response => response.json());

Example response (202, OK):


{
    "message": "Version deleted",
    "code": "RELEASES:DELETE:DELETED"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to delete release",
    "code": "RELEASES:DELETE:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Release not found):


{
    "message": "Release not found",
    "code": "RELEASES:DELETE:RELEASE_NOT_FOUND"
}
 

Request   

DELETE api/releases/{id}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   integer   

Release ID. Example: 1

Search

API endpoints for search

requires authentication

Searches in:
  • users (by name and email)
  • devices (by serial number)

Returned collection contains entries of type User or Device.

If the device has a patient assigned, this patient is included in the results as an entry of type User. If the device has no patient, the device is included in the results.

Users included in the results, but not found directly have "devices" relation filled in with the devices that match the search query.

Example request:
curl --request GET \
    --get "http://localhost:8000/api/search?query=Tom" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"query\": \"nhfrkstbtalcubzekymabqxcyvixrzxkeifm\"
}"
const url = new URL(
    "http://localhost:8000/api/search"
);

const params = {
    "query": "Tom",
};
Object.keys(params)
    .forEach(key => url.searchParams.append(key, params[key]));

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "query": "nhfrkstbtalcubzekymabqxcyvixrzxkeifm"
};

fetch(url, {
    method: "GET",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (200, OK):


{
    "paginator": {
        "total": 2,
        "count": 2,
        "perpage": 20,
        "current_page": 1,
        "last_page": 1
    },
    "items": [
        {
            "type": "User",
            "item": {
                "id": 1,
                "mrn": "MRN",
                "name": "User name",
                "email": "user@domain.com",
                "language": "en",
                "phone": "",
                "phone_verified_at": null,
                "address1": "",
                "address2": "",
                "postal_code": "",
                "city": "",
                "clinic_name": "Test Company",
                "clinic_location": "Test Company Location",
                "image": null,
                "mfa_enabled": 0,
                "mfa_method": "email",
                "mfa_verified_to": null,
                "created_by": null,
                "active": 1,
                "notifications_timezone": "Europe/Warsaw",
                "notifications_at": "08:00:00",
                "created_at": "2024-09-01T15:00:00.000000Z",
                "updated_at": "2024-10-10T10:30:00.000000Z",
                "invitation_status": "accepted",
                "pivot": {
                    "assigned_user_id": 2,
                    "user_id": 1
                },
                "devices": [],
                "roles": [
                    {
                        "id": 5,
                        "name": "Amputee",
                        "guard_name": "web",
                        "created_at": "2024-01-01T12:00:00.000000Z",
                        "updated_at": "2024-01-01T12:00:00.000000Z",
                        "pivot": {
                            "model_id": 1,
                            "role_id": 5,
                            "model_type": "App\\Models\\User"
                        }
                    }
                ]
            }
        },
        {
            "type": "Device",
            "item": {
                "id": 1,
                "serial": "SERIAL-NUMBER",
                "bluetooth_id": "BLUETOOTH_ID",
                "model_id": 1,
                "amputee_id": 1,
                "firmware_version_id": 1,
                "pcb_version_id": 1,
                "active": 1,
                "last_activity_at": "2024-11-11 12:00:00",
                "created_at": "2024-08-30T15:00:00.000000Z",
                "updated_at": "2024-09-01T16:00:00.000000Z",
                "pivot": {
                    "user_id": 2,
                    "device_id": 1
                }
            }
        }
    ]
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to search",
    "code": "SEARCH:SEARCH:INSUFFICIENT_PERMISSION"
}
 

Servicing

API endpoints for servicing

List of parts

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/servicing/parts" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/servicing/parts"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


{
    "paginator": {
        "total": 2,
        "count": 2,
        "perpage": 20,
        "current_page": 1,
        "last_page": 1
    },
    "items": [
        {
            "id": 1,
            "device_model": null,
            "name": "JCB",
            "created_at": "2026-06-29T13:08:27.000000Z",
            "updated_at": "2026-06-29T13:08:27.000000Z"
        },
        {
            "id": 2,
            "device_model": null,
            "name": "JCB",
            "created_at": "2026-06-29T13:08:27.000000Z",
            "updated_at": "2026-06-29T13:08:27.000000Z"
        }
    ]
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to list service parts",
    "code": "SERVICING:LIST_PARTS:INSUFFICIENT_PERMISSION"
}
 

Request   

GET api/servicing/parts

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Query Parameters

perpage   integer  optional  

Elements per page (Default: 20).

page   integer  optional  

Page number (Default: 1).

Response

Response Fields

items   object   
id   integer   

Service part ID.

device_model   integer   

Associated device model ID.

name   string   

Part name.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

paginator   object   
total   integer   

Total number of items.

count   integer   

Number of items on current page.

perpage   integer   

Items per page.

current_page   integer   

Current page number.

last_page   integer   

Last page number.

Report service repair

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/servicing/repair" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: multipart/form-data" \
    --header "Accept: application/json" \
    --form "user_id=1"\
    --form "device_id=1"\
    --form "parts[][part_id]=1"\
    --form "parts[][reason]=Mechanical issue"\
    --form "files[]=@/tmp/phpFikV72" 
const url = new URL(
    "http://localhost:8000/api/servicing/repair"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "multipart/form-data",
    "Accept": "application/json",
};

const body = new FormData();
body.append('user_id', '1');
body.append('device_id', '1');
body.append('parts[][part_id]', '1');
body.append('parts[][reason]', 'Mechanical issue');
body.append('files[]', document.querySelector('input[name="files[]"]').files[0]);

fetch(url, {
    method: "POST",
    headers,
    body,
}).then(response => response.json());

Example response (201):


{
    "id": 1,
    "user_id": 140,
    "device_id": 120,
    "created_at": "2026-06-29T13:08:27.000000Z",
    "updated_at": "2026-06-29T13:08:27.000000Z",
    "parts": [
        {
            "id": 1,
            "repair_id": 1,
            "part_id": 3,
            "reason": "Deleniti quidem assumenda nisi veritatis. In sunt animi ut eius voluptates et eum. Explicabo ut eos ad aut. Iure excepturi voluptatem velit veritatis ipsum sit.",
            "created_at": "2026-06-29T13:08:27.000000Z",
            "updated_at": "2026-06-29T13:08:27.000000Z",
            "part": {
                "id": 3,
                "device_model": null,
                "name": "Visa",
                "created_at": "2026-06-29T13:08:27.000000Z",
                "updated_at": "2026-06-29T13:08:27.000000Z"
            }
        },
        {
            "id": 2,
            "repair_id": 1,
            "part_id": 4,
            "reason": "Voluptas est laborum ullam tempore nam culpa. Et hic eligendi consequatur sed. In sequi quaerat praesentium voluptas ut dolores minima.",
            "created_at": "2026-06-29T13:08:29.000000Z",
            "updated_at": "2026-06-29T13:08:29.000000Z",
            "part": {
                "id": 4,
                "device_model": null,
                "name": "American Express",
                "created_at": "2026-06-29T13:08:28.000000Z",
                "updated_at": "2026-06-29T13:08:28.000000Z"
            }
        },
        {
            "id": 3,
            "repair_id": 1,
            "part_id": 5,
            "reason": "Veniam aut molestiae voluptatem eum. Tempore recusandae hic quia enim quia aut.",
            "created_at": "2026-06-29T13:08:29.000000Z",
            "updated_at": "2026-06-29T13:08:29.000000Z",
            "part": {
                "id": 5,
                "device_model": null,
                "name": "Visa",
                "created_at": "2026-06-29T13:08:29.000000Z",
                "updated_at": "2026-06-29T13:08:29.000000Z"
            }
        }
    ],
    "attachments": [
        {
            "id": 1,
            "repair_id": 1,
            "file": "/tmp/fakerq7YrlE",
            "created_at": "2026-06-29T13:08:28.000000Z",
            "updated_at": "2026-06-29T13:08:28.000000Z"
        },
        {
            "id": 2,
            "repair_id": 1,
            "file": "/tmp/fakerjtct0D",
            "created_at": "2026-06-29T13:08:30.000000Z",
            "updated_at": "2026-06-29T13:08:30.000000Z"
        },
        {
            "id": 3,
            "repair_id": 1,
            "file": "/tmp/fakerTM680v",
            "created_at": "2026-06-29T13:08:30.000000Z",
            "updated_at": "2026-06-29T13:08:30.000000Z"
        }
    ]
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to report service repair",
    "code": "SERVICING:REPORT_REPAIR:INSUFFICIENT_PERMISSION"
}
 

Request   

POST api/servicing/repair

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: multipart/form-data

Accept      

Example: application/json

Body Parameters

user_id   integer   

User ID. Example: 1

device_id   integer   

Device ID. Example: 1

files   file[]  optional  

Array of attachment files.

parts   object[]  optional  

Array of replaced parts.

part_id   integer  optional  

Service part ID. Example: 1

reason   string  optional  

Reason of part replacement. Example: Mechanical issue

Response

Response Fields

id   integer   

Service repair ID.

user_id   integer   

Associated user ID.

device_id   integer   

Associated device ID.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

parts   object[]   

Service parts included in the repair.

attachments   object[]   

Repair attachments.

Settings

API endpoints for app settings

Get app version

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/settings/app-version" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/settings/app-version"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200, OK):


{
    "version": "1.6.0"
}
 

Request   

GET api/settings/app-version

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Get silent push timeout

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/settings/silent-push" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/settings/silent-push"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200, OK):


{
    "timeout": "15"
}
 

Request   

GET api/settings/silent-push

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Get available languages

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/settings/languages" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/settings/languages"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200, OK):


{
    "languages": [
        "de",
        "en",
        "es",
        "it",
        "pl",
        "ru",
        "uk"
    ]
}
 

Request   

GET api/settings/languages

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Get mobile stores versions

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/mobile/versions" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/mobile/versions"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200, OK):


{
    "ios": "1.0",
    "android": "1.0"
}
 

Request   

GET api/mobile/versions

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Update app version

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/settings/app-version" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"version\": \"1.6.0\"
}"
const url = new URL(
    "http://localhost:8000/api/settings/app-version"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "version": "1.6.0"
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (200, OK):


{
    "version": "1.6.0"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to update settings",
    "code": "SETTINGS:UPDATE_APP_VERSION:INSUFFICIENT_PERMISSION"
}
 

Request   

POST api/settings/app-version

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Body Parameters

version   string  optional  

App version. Example: 1.6.0

Update silent push timeout

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/settings/silent-push" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"timeout\": 15
}"
const url = new URL(
    "http://localhost:8000/api/settings/silent-push"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "timeout": 15
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (200, OK):


{
    "timeout": "15"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to update settings",
    "code": "SETTINGS:UPDATE_SILENT_PUSH:INSUFFICIENT_PERMISSION"
}
 

Request   

POST api/settings/silent-push

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Body Parameters

timeout   integer  optional  

Silent push timeout in minutes. Minimum value is 1 minute (15 for production environment), maximum is 60 minutes. MINIMUM:NUMBER:1 MAXIMUM:NUMBER:60. Example: 15

Update mobile stores versions

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/mobile/versions" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"ios\": \"1.1\",
    \"android\": \"1.1\"
}"
const url = new URL(
    "http://localhost:8000/api/mobile/versions"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "ios": "1.1",
    "android": "1.1"
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (200, OK):


{
    "ios": "1.0",
    "android": "1.0"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to update settings",
    "code": "SETTINGS:UPDATE_MOBILE_STORES_VERSION:INSUFFICIENT_PERMISSION"
}
 

Request   

POST api/mobile/versions

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Body Parameters

ios   string  optional  

Apple AppStore current version. Example: 1.1

android   string  optional  

Google Play current version. Example: 1.1

Support Ticket

API endpoints for managing support tickets

Get tickets list

requires authentication

Possible extend options:

Example request:
curl --request GET \
    --get "http://localhost:8000/api/tickets?status=new&sender=1&recipient=1&device=1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/tickets"
);

const params = {
    "status": "new",
    "sender": "1",
    "recipient": "1",
    "device": "1",
};
Object.keys(params)
    .forEach(key => url.searchParams.append(key, params[key]));

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


{
    "paginator": {
        "total": 2,
        "count": 2,
        "perpage": 20,
        "current_page": 1,
        "last_page": 1
    },
    "items": [
        {
            "id": 27,
            "sender_id": 149,
            "recipient_id": 150,
            "device_id": 127,
            "meeting_date": "2026-06-29 13:08:31",
            "meeting_type": "online_meeting",
            "contact_email": "hgrady@collier.net",
            "status": "new",
            "created_at": "2026-06-29T13:08:31.000000Z",
            "updated_at": "2026-06-29T13:08:31.000000Z",
            "sender": {
                "id": 149,
                "mrn": "LUW7X9H91782738511",
                "name": "Rose Rempel",
                "email": "1782738511kessler.einar@example.net",
                "language": "en",
                "phone": "703.388.7437",
                "phone_country": "SR",
                "phone_verified_at": null,
                "address1": "653 Mitchell Wells",
                "address2": "East Ursulafurt, PA 78355-5702",
                "postal_code": "73120",
                "city": "Carter, Gorczany and Haley",
                "country": "BE",
                "clinic_name": "Arachester",
                "clinic_location": "744 Yasmine Expressway Apt. 566\nLake Osbaldomouth, NE 17457-9795",
                "image": null,
                "mfa_enabled": 0,
                "mfa_method": null,
                "mfa_verified_to": null,
                "location_id": null,
                "created_by": null,
                "active": 1,
                "is_internal": 0,
                "notifications_timezone": null,
                "notifications_at": null,
                "created_at": "2026-06-29T13:08:31.000000Z",
                "updated_at": "2026-06-29T13:08:31.000000Z",
                "invitation_status": null,
                "acadle_invitation_status": null,
                "roles": []
            },
            "recipient": {
                "id": 150,
                "mrn": "F79F4PPY1782738511",
                "name": "Aditya McGlynn",
                "email": "1782738511cassin.dannie@example.com",
                "language": "en",
                "phone": "+14242466521",
                "phone_country": "LI",
                "phone_verified_at": null,
                "address1": "7944 Schulist Stravenue Suite 465",
                "address2": "Jakubowskiburgh, AL 53015",
                "postal_code": "19640",
                "city": "Gutkowski, Greenholt and Effertz",
                "country": "LT",
                "clinic_name": "East Virgie",
                "clinic_location": "7441 Ezra Tunnel Suite 948\nWinfieldton, NC 33924",
                "image": null,
                "mfa_enabled": 0,
                "mfa_method": null,
                "mfa_verified_to": null,
                "location_id": null,
                "created_by": null,
                "active": 1,
                "is_internal": 0,
                "notifications_timezone": null,
                "notifications_at": null,
                "created_at": "2026-06-29T13:08:31.000000Z",
                "updated_at": "2026-06-29T13:08:31.000000Z",
                "invitation_status": null,
                "acadle_invitation_status": null,
                "roles": []
            },
            "device": {
                "id": 127,
                "serial": "a9cc55c8-33ce-37af-9bdd-4b15ab7cb18d",
                "bluetooth_id": "f71df295-ea43-3fcc-b596-a0e250c580cf",
                "company_id": null,
                "model_id": null,
                "amputee_id": null,
                "clinician_id": null,
                "firmware_version_id": null,
                "pcb_version_id": null,
                "reverse_magnets": 0,
                "is_electrode": 0,
                "active": 1,
                "last_activity_at": "0000-00-00 00:00:00",
                "created_at": "2026-06-29T13:08:31.000000Z",
                "updated_at": "2026-06-29T13:08:31.000000Z"
            },
            "messages": [
                {
                    "id": 15,
                    "ticket_id": 27,
                    "sender_id": 151,
                    "title": "Ms.",
                    "content": "Alias corrupti ipsam ab mollitia tempore cum.",
                    "is_read": false,
                    "created_at": "2026-06-29T13:08:33.000000Z",
                    "updated_at": "2026-06-29T13:08:33.000000Z"
                }
            ]
        },
        {
            "id": 35,
            "sender_id": 163,
            "recipient_id": 164,
            "device_id": 128,
            "meeting_date": "2026-06-29 13:08:38",
            "meeting_type": "online_meeting",
            "contact_email": "cronin.jimmie@kshlerin.biz",
            "status": "new",
            "created_at": "2026-06-29T13:08:38.000000Z",
            "updated_at": "2026-06-29T13:08:38.000000Z",
            "sender": {
                "id": 163,
                "mrn": "WXT28TRD1782738517",
                "name": "Brenna Nienow",
                "email": "1782738517rbahringer@example.net",
                "language": "en",
                "phone": "678.502.2653",
                "phone_country": "ML",
                "phone_verified_at": null,
                "address1": "913 Tyrell Drives Suite 535",
                "address2": "Greenhaven, KS 46206",
                "postal_code": "87207",
                "city": "Stamm, Kris and Predovic",
                "country": "SI",
                "clinic_name": "Heathcotechester",
                "clinic_location": "24150 Homenick Radial Apt. 658\nAlfonsoberg, OK 73229-9153",
                "image": null,
                "mfa_enabled": 0,
                "mfa_method": null,
                "mfa_verified_to": null,
                "location_id": null,
                "created_by": null,
                "active": 1,
                "is_internal": 0,
                "notifications_timezone": null,
                "notifications_at": null,
                "created_at": "2026-06-29T13:08:37.000000Z",
                "updated_at": "2026-06-29T13:08:37.000000Z",
                "invitation_status": null,
                "acadle_invitation_status": null,
                "roles": []
            },
            "recipient": {
                "id": 164,
                "mrn": "CDQUTBA61782738518",
                "name": "Prof. Benny Johnston",
                "email": "1782738518pat72@example.net",
                "language": "en",
                "phone": "1-214-910-6897",
                "phone_country": "CM",
                "phone_verified_at": null,
                "address1": "55854 Ben Street Suite 769",
                "address2": "Fatimaville, IN 61676",
                "postal_code": "04509-4757",
                "city": "Boehm, Robel and Ledner",
                "country": "DE",
                "clinic_name": "Pacochaberg",
                "clinic_location": "2892 Oma Road\nHeathcoteburgh, IL 17874",
                "image": null,
                "mfa_enabled": 0,
                "mfa_method": null,
                "mfa_verified_to": null,
                "location_id": null,
                "created_by": null,
                "active": 1,
                "is_internal": 0,
                "notifications_timezone": null,
                "notifications_at": null,
                "created_at": "2026-06-29T13:08:38.000000Z",
                "updated_at": "2026-06-29T13:08:38.000000Z",
                "invitation_status": null,
                "acadle_invitation_status": null,
                "roles": []
            },
            "device": {
                "id": 128,
                "serial": "b166d4bc-fac8-3022-811f-589a03ba1f80",
                "bluetooth_id": "c76ba07b-c601-309d-9cc1-9ee660d652bd",
                "company_id": null,
                "model_id": null,
                "amputee_id": null,
                "clinician_id": null,
                "firmware_version_id": null,
                "pcb_version_id": null,
                "reverse_magnets": 0,
                "is_electrode": 0,
                "active": 1,
                "last_activity_at": "0000-00-00 00:00:00",
                "created_at": "2026-06-29T13:08:38.000000Z",
                "updated_at": "2026-06-29T13:08:38.000000Z"
            },
            "messages": [
                {
                    "id": 19,
                    "ticket_id": 35,
                    "sender_id": 165,
                    "title": "Mr.",
                    "content": "Qui architecto culpa vero et.",
                    "is_read": false,
                    "created_at": "2026-06-29T13:08:39.000000Z",
                    "updated_at": "2026-06-29T13:08:39.000000Z"
                }
            ]
        }
    ]
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to list support tickets",
    "code": "TICKETS:LIST:INSUFFICIENT_PERMISSION"
}
 

Request   

GET api/tickets

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Query Parameters

status   string  optional  

Filter tickets by status (available: new, in_progress, closed, reopened. Example: new

sender   integer  optional  

Filter tickets by sender. Example: 1

recipient   integer  optional  

Filter tickets by recipient. Example: 1

device   string  optional  

Filter tickets by devices. Provide single ID (device=1), array of IDs (device[]=1&device[]=2) or comma-separated list of IDs (device=1,2). Pass value 0 to get tickets without device. Note: tickets without a device are also included when filtering by specific device IDs. Example: 1

perpage   integer  optional  

Elements per page (Default: 20).

page   integer  optional  

Page number (Default: 1).

extend   string  optional  

Comma-separated list of relation extensions (available: sender, recipient, device, messages, messages.attachments).

sortby   string  optional  

Sort by field (available: sender_name, recipient_name, date, last_message). Default: last_message, desc.

sortdir   string  optional  

Sort direction (available: asc, desc).

Response

Response Fields

items   object   
id   integer   

Support ticket ID.

sender_id   integer   

ID of the user who created the ticket.

recipient_id   integer   

ID of the recipient user.

device_id   integer   

Associated device ID.

meeting_date   string   

Scheduled meeting date.

meeting_type   string   

Meeting type.

Must be one of:
  • online
  • in-person
contact_email   string   

Contact email address.

status   string   

Ticket status.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

sender   object   

User who created the ticket.

recipient   object   

Recipient user.

device   object   

Associated device.

messages   object[]   

Ticket messages.

paginator   object   
total   integer   

Total number of items.

count   integer   

Number of items on current page.

perpage   integer   

Items per page.

current_page   integer   

Current page number.

last_page   integer   

Last page number.

Get tickets status

requires authentication

Counts tickets by their status

Example request:
curl --request GET \
    --get "http://localhost:8000/api/tickets/status" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/tickets/status"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200, OK):


{
    "unread": 1
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to list support tickets",
    "code": "TICKETS:STATUS:INSUFFICIENT_PERMISSION"
}
 

Request   

GET api/tickets/status

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Get support ticket

requires authentication

Returns single support ticket in the response.

Example request:
curl --request GET \
    --get "http://localhost:8000/api/ticket/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/ticket/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


{
    "id": 43,
    "sender_id": 177,
    "recipient_id": 178,
    "device_id": 129,
    "meeting_date": "2026-06-29 13:08:44",
    "meeting_type": "online_meeting",
    "contact_email": "qbrakus@gmail.com",
    "status": "new",
    "created_at": "2026-06-29T13:08:44.000000Z",
    "updated_at": "2026-06-29T13:08:44.000000Z",
    "sender": {
        "id": 177,
        "mrn": "A7SPN3HD1782738523",
        "name": "Lonie Heller",
        "email": "1782738523laury.cummings@example.net",
        "language": "en",
        "phone": "484-353-5000",
        "phone_country": "PE",
        "phone_verified_at": null,
        "address1": "7834 Hoeger Cliff Suite 573",
        "address2": "Volkmanfort, NJ 52110-8975",
        "postal_code": "10861",
        "city": "Lubowitz-Ferry",
        "country": "SE",
        "clinic_name": "North Myrtice",
        "clinic_location": "3002 Mitchell Highway Suite 011\nEast Alanchester, OR 42210",
        "image": null,
        "mfa_enabled": 0,
        "mfa_method": null,
        "mfa_verified_to": null,
        "location_id": null,
        "created_by": null,
        "active": 1,
        "is_internal": 0,
        "notifications_timezone": null,
        "notifications_at": null,
        "created_at": "2026-06-29T13:08:43.000000Z",
        "updated_at": "2026-06-29T13:08:43.000000Z",
        "invitation_status": null,
        "acadle_invitation_status": null,
        "roles": []
    },
    "recipient": {
        "id": 178,
        "mrn": "88MU2EKR1782738524",
        "name": "Arno Durgan V",
        "email": "1782738524aniyah27@example.net",
        "language": "en",
        "phone": "+1-979-594-4738",
        "phone_country": "CM",
        "phone_verified_at": null,
        "address1": "220 Hubert Mews Suite 942",
        "address2": "Port Rosashire, MS 03601-6618",
        "postal_code": "07698",
        "city": "Bednar, Runolfsson and Kutch",
        "country": "IN",
        "clinic_name": "Davisborough",
        "clinic_location": "469 Walton Light Suite 964\nWest Jadaburgh, IL 18043",
        "image": null,
        "mfa_enabled": 0,
        "mfa_method": null,
        "mfa_verified_to": null,
        "location_id": null,
        "created_by": null,
        "active": 1,
        "is_internal": 0,
        "notifications_timezone": null,
        "notifications_at": null,
        "created_at": "2026-06-29T13:08:44.000000Z",
        "updated_at": "2026-06-29T13:08:44.000000Z",
        "invitation_status": null,
        "acadle_invitation_status": null,
        "roles": []
    },
    "device": {
        "id": 129,
        "serial": "e399a0d4-9ce8-3aaf-b436-685afcc85eea",
        "bluetooth_id": "1e37191d-09fc-31c5-bdb2-1bbb3b38e10c",
        "company_id": null,
        "model_id": null,
        "amputee_id": null,
        "clinician_id": null,
        "firmware_version_id": null,
        "pcb_version_id": null,
        "reverse_magnets": 0,
        "is_electrode": 0,
        "active": 1,
        "last_activity_at": "0000-00-00 00:00:00",
        "created_at": "2026-06-29T13:08:44.000000Z",
        "updated_at": "2026-06-29T13:08:44.000000Z"
    },
    "messages": [
        {
            "id": 23,
            "ticket_id": 43,
            "sender_id": 179,
            "title": "Ms.",
            "content": "Magni voluptatem mollitia ea ad et eius quasi.",
            "is_read": false,
            "created_at": "2026-06-29T13:08:45.000000Z",
            "updated_at": "2026-06-29T13:08:45.000000Z"
        }
    ]
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to view support ticket",
    "code": "TICKETS:GET:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Support ticket not found):


{
    "message": "Support ticket not found",
    "code": "TICKETS:GET:TICKET_NOT_FOUND"
}
 

Request   

GET api/ticket/{id}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   integer   

Support ticket ID. Example: 1

Query Parameters

extend   string  optional  

Comma-separated list of relation extensions (available: sender, recipient, device, messages, messages.attachments, messages.sender).

Response

Response Fields

id   integer   

Support ticket ID.

sender_id   integer   

ID of the user who created the ticket.

recipient_id   integer   

ID of the recipient user.

device_id   integer   

Associated device ID.

meeting_date   string   

Scheduled meeting date.

meeting_type   string   

Meeting type.

Must be one of:
  • online
  • in-person
contact_email   string   

Contact email address.

status   string   

Ticket status.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

sender   object   

User who created the ticket.

recipient   object   

Recipient user.

device   object   

Associated device.

messages   object[]   

Ticket messages.

Get support ticket history

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/ticket/1/history" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/ticket/1/history"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


{
    "paginator": {
        "total": 2,
        "count": 2,
        "perpage": 20,
        "current_page": 1,
        "last_page": 1
    },
    "items": [
        {
            "id": 1,
            "ticket_id": 51,
            "author_id": 192,
            "action": "voluptatum",
            "reason": "Dicta autem tempore neque necessitatibus quae vero.",
            "created_at": "2026-06-29T13:08:51.000000Z",
            "updated_at": "2026-06-29T13:08:51.000000Z"
        },
        {
            "id": 2,
            "ticket_id": 52,
            "author_id": 194,
            "action": "iusto",
            "reason": "Sint sed odio mollitia reprehenderit neque rerum laboriosam.",
            "created_at": "2026-06-29T13:08:52.000000Z",
            "updated_at": "2026-06-29T13:08:52.000000Z"
        }
    ]
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to view support ticket",
    "code": "TICKETS:HISTORY:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Support ticket not found):


{
    "message": "Support ticket not found",
    "code": "TICKETS:HISTORY:TICKET_NOT_FOUND"
}
 

Request   

GET api/ticket/{id}/history

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   integer   

Support ticket ID. Example: 1

Query Parameters

perpage   integer  optional  

Elements per page (Default: 20).

page   integer  optional  

Page number (Default: 1).

sortby   string  optional  

Sort by field (available: date). Default: date, desc.

sortdir   string  optional  

Sort direction (available: asc, desc).

Response

Response Fields

items   object   
id   integer   

History entry ID.

ticket_id   integer   

Associated support ticket ID.

author_id   integer   

ID of the user who made this change.

action   string   

Action performed.

reason   string   

Reason for the action.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

author   object   

User who made this change.

paginator   object   
total   integer   

Total number of items.

count   integer   

Number of items on current page.

perpage   integer   

Items per page.

current_page   integer   

Current page number.

last_page   integer   

Last page number.

Get support ticket available filters

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/tickets/available-filters" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/tickets/available-filters"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200, OK):


{
    "clinicians": [
        {
            "id": 95,
            "mrn": null,
            "name": "Name",
            "email": "email",
            "region": "us",
            "language": "pl",
            "phone": "+48-555555555",
            "phone_verified_at": null,
            "address1": "Address",
            "address2": "Address 2",
            "postal_code": "",
            "city": "",
            "clinic_name": "Name",
            "clinic_location": "Name",
            "image": "https://aether-dev-bucket.s3.amazonaws.com/users/LDueuv1uG218G7owaiLAaWRkpaGxjB0jEFwzZsT1.png",
            "mfa_enabled": 0,
            "mfa_method": "sms",
            "mfa_verified_to": null,
            "location_id": 2,
            "created_by": 1,
            "active": 1,
            "notifications_timezone": "America/Adak",
            "notifications_at": null,
            "created_at": "2022-07-19T14:43:37.000000Z",
            "updated_at": "2024-09-27T05:52:51.000000Z",
            "invitation_status": "expired",
            "roles": [
                {
                    "id": 2,
                    "name": "Clinician",
                    "guard_name": "web",
                    "created_at": "2022-03-21T17:15:47.000000Z",
                    "updated_at": "2022-03-21T17:15:47.000000Z",
                    "pivot": {
                        "model_id": 95,
                        "role_id": 2,
                        "model_type": "App\\Models\\User"
                    }
                }
            ]
        }
    ]
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to create support ticket",
    "code": "TICKETS:AVAILABLE_FILTERS:INSUFFICIENT_PERMISSION"
}
 

Request   

GET api/tickets/available-filters

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Create new support ticket

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/tickets" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: multipart/form-data" \
    --header "Accept: application/json" \
    --form "recipient=1"\
    --form "device=1"\
    --form "meeting_type=online_meeting"\
    --form "meeting_date=2026-06-29 13:08:52"\
    --form "contact_email=johns.royal@wuckert.info"\
    --form "message[content]=Aliquid consectetur rerum et voluptatem sunt est."\
    --form "message[title]=Voluptates autem nesciunt."\
    --form "message[attachments][]=@/tmp/php3oFpmA" 
const url = new URL(
    "http://localhost:8000/api/tickets"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "multipart/form-data",
    "Accept": "application/json",
};

const body = new FormData();
body.append('recipient', '1');
body.append('device', '1');
body.append('meeting_type', 'online_meeting');
body.append('meeting_date', '2026-06-29 13:08:52');
body.append('contact_email', 'johns.royal@wuckert.info');
body.append('message[content]', 'Aliquid consectetur rerum et voluptatem sunt est.');
body.append('message[title]', 'Voluptates autem nesciunt.');
body.append('message[attachments][]', document.querySelector('input[name="message[attachments][]"]').files[0]);

fetch(url, {
    method: "POST",
    headers,
    body,
}).then(response => response.json());

Example response (201):


{
    "id": 53,
    "sender_id": 195,
    "recipient_id": 196,
    "device_id": 130,
    "meeting_date": "2026-06-29 13:08:52",
    "meeting_type": "online_meeting",
    "contact_email": "rickie.harber@yahoo.com",
    "status": "new",
    "created_at": "2026-06-29T13:08:53.000000Z",
    "updated_at": "2026-06-29T13:08:53.000000Z",
    "sender": {
        "id": 195,
        "mrn": "FSQT7B3T1782738532",
        "name": "Jadon Medhurst",
        "email": "1782738532sipes.zena@example.com",
        "language": "en",
        "phone": "(786) 696-4545",
        "phone_country": "EC",
        "phone_verified_at": null,
        "address1": "946 Reynold Neck",
        "address2": "East Magnolia, WV 90464",
        "postal_code": "99274",
        "city": "Batz and Sons",
        "country": "RO",
        "clinic_name": "Celestinoside",
        "clinic_location": "5161 Haylie Overpass\nSouth Isaiah, CT 18466-2763",
        "image": null,
        "mfa_enabled": 0,
        "mfa_method": null,
        "mfa_verified_to": null,
        "location_id": null,
        "created_by": null,
        "active": 1,
        "is_internal": 0,
        "notifications_timezone": null,
        "notifications_at": null,
        "created_at": "2026-06-29T13:08:52.000000Z",
        "updated_at": "2026-06-29T13:08:52.000000Z",
        "invitation_status": null,
        "acadle_invitation_status": null,
        "roles": []
    },
    "recipient": {
        "id": 196,
        "mrn": "FU65NNMJ1782738532",
        "name": "Ismael Lynch",
        "email": "1782738532bernhard.christina@example.com",
        "language": "en",
        "phone": "443.924.2835",
        "phone_country": "ME",
        "phone_verified_at": null,
        "address1": "7443 Bahringer Ranch",
        "address2": "South Bulahfort, AZ 71878",
        "postal_code": "81925",
        "city": "Schumm-Treutel",
        "country": "UA",
        "clinic_name": "Ronchester",
        "clinic_location": "9129 Bahringer Forks Suite 495\nPort Reina, NE 69340",
        "image": null,
        "mfa_enabled": 0,
        "mfa_method": null,
        "mfa_verified_to": null,
        "location_id": null,
        "created_by": null,
        "active": 1,
        "is_internal": 0,
        "notifications_timezone": null,
        "notifications_at": null,
        "created_at": "2026-06-29T13:08:52.000000Z",
        "updated_at": "2026-06-29T13:08:52.000000Z",
        "invitation_status": null,
        "acadle_invitation_status": null,
        "roles": []
    },
    "device": {
        "id": 130,
        "serial": "2b23e25e-5ce6-3720-a6f3-4c76734aae43",
        "bluetooth_id": "96fae77c-17cb-3a7e-89be-361ce3b1c69c",
        "company_id": null,
        "model_id": null,
        "amputee_id": null,
        "clinician_id": null,
        "firmware_version_id": null,
        "pcb_version_id": null,
        "reverse_magnets": 0,
        "is_electrode": 0,
        "active": 1,
        "last_activity_at": "0000-00-00 00:00:00",
        "created_at": "2026-06-29T13:08:53.000000Z",
        "updated_at": "2026-06-29T13:08:53.000000Z"
    },
    "messages": [
        {
            "id": 27,
            "ticket_id": 53,
            "sender_id": 197,
            "title": "Mrs.",
            "content": "Debitis et et est qui fugiat quisquam deleniti.",
            "is_read": false,
            "created_at": "2026-06-29T13:08:54.000000Z",
            "updated_at": "2026-06-29T13:08:54.000000Z"
        }
    ]
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to create support ticket",
    "code": "TICKETS:CREATE:INSUFFICIENT_PERMISSION"
}
 

Request   

POST api/tickets

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: multipart/form-data

Accept      

Example: application/json

Body Parameters

recipient   integer   

User the support ticket is assigned to. For Amputee role main clinician will be automatically assigned instead. The id of an existing record in the App\Models\User table. Example: 1

device   integer  optional  

Device the support ticket is assigned to. The id of an existing record in the App\Models\Device table. Example: 1

meeting_type   string   

Type of support meeting. Example: online_meeting

Must be one of:
  • online_meeting
  • phone_call
  • personally
  • none
meeting_date   string   

Date of support meeting. MUST_BE_DATE. Example: 2026-06-29 13:08:52

contact_email   string  optional  

Email address for later contact. MUST_BE_EMAIL. Example: johns.royal@wuckert.info

message   object  optional  
content   string  optional  

Content of message. Example: Aliquid consectetur rerum et voluptatem sunt est.

title   string  optional  

Message title. Example: Voluptates autem nesciunt.

attachments   file[]  optional  

Must be a file.

Response

Response Fields

id   integer   

Support ticket ID.

sender_id   integer   

ID of the user who created the ticket.

recipient_id   integer   

ID of the recipient user.

device_id   integer   

Associated device ID.

meeting_date   string   

Scheduled meeting date.

meeting_type   string   

Meeting type.

Must be one of:
  • online
  • in-person
contact_email   string   

Contact email address.

status   string   

Ticket status.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

sender   object   

User who created the ticket.

recipient   object   

Recipient user.

device   object   

Associated device.

messages   object[]   

Ticket messages.

Close support ticket

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/ticket/1/close" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/ticket/1/close"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "POST",
    headers,
}).then(response => response.json());

Example response (202):


{
    "id": 61,
    "sender_id": 209,
    "recipient_id": 210,
    "device_id": 131,
    "meeting_date": "2026-06-29 13:08:58",
    "meeting_type": "online_meeting",
    "contact_email": "elinor95@hotmail.com",
    "status": "new",
    "created_at": "2026-06-29T13:08:59.000000Z",
    "updated_at": "2026-06-29T13:08:59.000000Z",
    "sender": {
        "id": 209,
        "mrn": "Y5UMPSQF1782738538",
        "name": "Breana Mosciski II",
        "email": "1782738538kimberly18@example.com",
        "language": "en",
        "phone": "209-601-1814",
        "phone_country": "GB",
        "phone_verified_at": null,
        "address1": "422 Williamson Wells",
        "address2": "Marlenbury, AZ 82395",
        "postal_code": "20195",
        "city": "Adams Ltd",
        "country": "IN",
        "clinic_name": "Tabithastad",
        "clinic_location": "43322 Erwin Forest\nNaderton, NJ 02870",
        "image": null,
        "mfa_enabled": 0,
        "mfa_method": null,
        "mfa_verified_to": null,
        "location_id": null,
        "created_by": null,
        "active": 1,
        "is_internal": 0,
        "notifications_timezone": null,
        "notifications_at": null,
        "created_at": "2026-06-29T13:08:58.000000Z",
        "updated_at": "2026-06-29T13:08:58.000000Z",
        "invitation_status": null,
        "acadle_invitation_status": null,
        "roles": []
    },
    "recipient": {
        "id": 210,
        "mrn": "7LYNGB6P1782738538",
        "name": "Timmy Adams",
        "email": "1782738538leffler.mathilde@example.com",
        "language": "en",
        "phone": "+1 (858) 299-7385",
        "phone_country": "MA",
        "phone_verified_at": null,
        "address1": "11509 William Turnpike Apt. 972",
        "address2": "Lavonneport, NY 11560",
        "postal_code": "45930",
        "city": "Marquardt PLC",
        "country": "RO",
        "clinic_name": "South Chetmouth",
        "clinic_location": "1426 Hackett Ports\nEast Leonie, DC 69359-8406",
        "image": null,
        "mfa_enabled": 0,
        "mfa_method": null,
        "mfa_verified_to": null,
        "location_id": null,
        "created_by": null,
        "active": 1,
        "is_internal": 0,
        "notifications_timezone": null,
        "notifications_at": null,
        "created_at": "2026-06-29T13:08:58.000000Z",
        "updated_at": "2026-06-29T13:08:58.000000Z",
        "invitation_status": null,
        "acadle_invitation_status": null,
        "roles": []
    },
    "device": {
        "id": 131,
        "serial": "c6325ca3-9ba0-390c-af5e-58fd80502222",
        "bluetooth_id": "28a61c30-32eb-3d9d-ad07-6f424e22c22d",
        "company_id": null,
        "model_id": null,
        "amputee_id": null,
        "clinician_id": null,
        "firmware_version_id": null,
        "pcb_version_id": null,
        "reverse_magnets": 0,
        "is_electrode": 0,
        "active": 1,
        "last_activity_at": "0000-00-00 00:00:00",
        "created_at": "2026-06-29T13:08:59.000000Z",
        "updated_at": "2026-06-29T13:08:59.000000Z"
    },
    "messages": []
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to close support ticket",
    "code": "TICKETS:CLOSE:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Support ticket not found):


{
    "message": "Support ticket not found",
    "code": "TICKETS:CLOSE:TICKET_NOT_FOUND"
}
 

Request   

POST api/ticket/{id}/close

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   integer   

Support ticket ID. Example: 1

Response

Response Fields

id   integer   

Support ticket ID.

sender_id   integer   

ID of the user who created the ticket.

recipient_id   integer   

ID of the recipient user.

device_id   integer   

Associated device ID.

meeting_date   string   

Scheduled meeting date.

meeting_type   string   

Meeting type.

Must be one of:
  • online
  • in-person
contact_email   string   

Contact email address.

status   string   

Ticket status.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

sender   object   

User who created the ticket.

recipient   object   

Recipient user.

device   object   

Associated device.

messages   object[]   

Ticket messages.

Reopen support ticket

requires authentication

Patient (Amputee) role can reopen only non-config tickets. For config tickets patients will get "Insufficient permission" response. For patients role reason field is required.

Example request:
curl --request POST \
    "http://localhost:8000/api/ticket/1/reopen" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"reason\": \"Something is still not working\"
}"
const url = new URL(
    "http://localhost:8000/api/ticket/1/reopen"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "reason": "Something is still not working"
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (202):


{
    "id": 3,
    "ticket_id": 62,
    "author_id": 212,
    "action": "tempora",
    "reason": "Aliquid hic nam saepe nobis deserunt velit.",
    "created_at": "2026-06-29T13:09:00.000000Z",
    "updated_at": "2026-06-29T13:09:00.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to reopen support ticket",
    "code": "TICKETS:REOPEN:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Support ticket not found):


{
    "message": "Support ticket not found",
    "code": "TICKETS:REOPEN:TICKET_NOT_FOUND"
}
 

Request   

POST api/ticket/{id}/reopen

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   integer   

Support ticket ID. Example: 1

Body Parameters

reason   string  optional  

Reason for reopen action. Example: Something is still not working

Response

Response Fields

id   integer   

History entry ID.

ticket_id   integer   

Associated support ticket ID.

author_id   integer   

ID of the user who made this change.

action   string   

Action performed.

reason   string   

Reason for the action.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

author   object   

User who made this change.

Create new support ticket message

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/ticket/1/messages" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: multipart/form-data" \
    --header "Accept: application/json" \
    --form "title=Et asperiores odio voluptate."\
    --form "content=Ex quia quibusdam ducimus deleniti soluta aut."\
    --form "attachments[]=@/tmp/php0G1Xh1" 
const url = new URL(
    "http://localhost:8000/api/ticket/1/messages"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "multipart/form-data",
    "Accept": "application/json",
};

const body = new FormData();
body.append('title', 'Et asperiores odio voluptate.');
body.append('content', 'Ex quia quibusdam ducimus deleniti soluta aut.');
body.append('attachments[]', document.querySelector('input[name="attachments[]"]').files[0]);

fetch(url, {
    method: "POST",
    headers,
    body,
}).then(response => response.json());

Example response (201):


{
    "id": 63,
    "sender_id": 213,
    "recipient_id": 214,
    "device_id": 132,
    "meeting_date": "2026-06-29 13:09:00",
    "meeting_type": "online_meeting",
    "contact_email": "hayden.ryan@schroeder.com",
    "status": "new",
    "created_at": "2026-06-29T13:09:01.000000Z",
    "updated_at": "2026-06-29T13:09:01.000000Z",
    "sender": {
        "id": 213,
        "mrn": "WF2JBZW81782738540",
        "name": "Burley Parisian",
        "email": "1782738540darien.lemke@example.com",
        "language": "en",
        "phone": "(612) 452-1255",
        "phone_country": "AF",
        "phone_verified_at": null,
        "address1": "52533 Cristopher Place Suite 460",
        "address2": "West Kyler, SD 71617-6521",
        "postal_code": "54285",
        "city": "Cormier, Sawayn and Carroll",
        "country": "BE",
        "clinic_name": "East Katelinfurt",
        "clinic_location": "31192 Konopelski Rest Apt. 538\nNew Theochester, HI 99423-6298",
        "image": null,
        "mfa_enabled": 0,
        "mfa_method": null,
        "mfa_verified_to": null,
        "location_id": null,
        "created_by": null,
        "active": 1,
        "is_internal": 0,
        "notifications_timezone": null,
        "notifications_at": null,
        "created_at": "2026-06-29T13:09:00.000000Z",
        "updated_at": "2026-06-29T13:09:00.000000Z",
        "invitation_status": null,
        "acadle_invitation_status": null,
        "roles": []
    },
    "recipient": {
        "id": 214,
        "mrn": "FW8C9XMD1782738540",
        "name": "Keagan Torp",
        "email": "1782738540nitzsche.willis@example.com",
        "language": "en",
        "phone": "(689) 554-2208",
        "phone_country": "UM",
        "phone_verified_at": null,
        "address1": "496 Stoltenberg Prairie Suite 968",
        "address2": "West Larryville, NV 56473-5807",
        "postal_code": "71321-8304",
        "city": "Cremin-Bernhard",
        "country": "PT",
        "clinic_name": "Pacochaland",
        "clinic_location": "54675 Hermiston Viaduct Suite 669\nWest Pattie, OR 96569-5103",
        "image": null,
        "mfa_enabled": 0,
        "mfa_method": null,
        "mfa_verified_to": null,
        "location_id": null,
        "created_by": null,
        "active": 1,
        "is_internal": 0,
        "notifications_timezone": null,
        "notifications_at": null,
        "created_at": "2026-06-29T13:09:00.000000Z",
        "updated_at": "2026-06-29T13:09:00.000000Z",
        "invitation_status": null,
        "acadle_invitation_status": null,
        "roles": []
    },
    "device": {
        "id": 132,
        "serial": "8c794e9c-138e-3222-b4d9-f700a78cb23c",
        "bluetooth_id": "f217f31d-f48f-30fe-82b3-c44be8384cee",
        "company_id": null,
        "model_id": null,
        "amputee_id": null,
        "clinician_id": null,
        "firmware_version_id": null,
        "pcb_version_id": null,
        "reverse_magnets": 0,
        "is_electrode": 0,
        "active": 1,
        "last_activity_at": "0000-00-00 00:00:00",
        "created_at": "2026-06-29T13:09:01.000000Z",
        "updated_at": "2026-06-29T13:09:01.000000Z"
    },
    "messages": [
        {
            "id": 31,
            "ticket_id": 63,
            "sender_id": 215,
            "title": "Ms.",
            "content": "Rerum repellendus fugit tenetur.",
            "is_read": false,
            "created_at": "2026-06-29T13:09:02.000000Z",
            "updated_at": "2026-06-29T13:09:02.000000Z"
        }
    ]
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to create support ticket",
    "code": "TICKETS:CREATE_MESSAGE:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Support ticket not found):


{
    "message": "Support ticket not found",
    "code": "TICKETS:CREATE_MESSAGE:TICKET_NOT_FOUND"
}
 

Request   

POST api/ticket/{id}/messages

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: multipart/form-data

Accept      

Example: application/json

URL Parameters

id   integer   

Support ticket ID. Example: 1

Body Parameters

title   string  optional  

Message title. Example: Et asperiores odio voluptate.

content   string  optional  

Content of message. Example: Ex quia quibusdam ducimus deleniti soluta aut.

attachments   file[]  optional  

Must be a file.

Response

Response Fields

id   integer   

Support ticket ID.

sender_id   integer   

ID of the user who created the ticket.

recipient_id   integer   

ID of the recipient user.

device_id   integer   

Associated device ID.

meeting_date   string   

Scheduled meeting date.

meeting_type   string   

Meeting type.

Must be one of:
  • online
  • in-person
contact_email   string   

Contact email address.

status   string   

Ticket status.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

sender   object   

User who created the ticket.

recipient   object   

Recipient user.

device   object   

Associated device.

messages   object[]   

Ticket messages.

Mark all messages as read

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/ticket/1/read" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/ticket/1/read"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "POST",
    headers,
}).then(response => response.json());

Example response (202):


{
    "id": 71,
    "sender_id": 227,
    "recipient_id": 228,
    "device_id": 133,
    "meeting_date": "2026-06-29 13:09:06",
    "meeting_type": "online_meeting",
    "contact_email": "tyree.hayes@konopelski.com",
    "status": "new",
    "created_at": "2026-06-29T13:09:06.000000Z",
    "updated_at": "2026-06-29T13:09:06.000000Z",
    "sender": {
        "id": 227,
        "mrn": "B4BAZD9R1782738545",
        "name": "Colleen DuBuque",
        "email": "1782738545jbeahan@example.net",
        "language": "en",
        "phone": "1-469-269-7674",
        "phone_country": "TK",
        "phone_verified_at": null,
        "address1": "446 Lucinda Meadow Suite 820",
        "address2": "West Wellingtonland, OK 48870-6076",
        "postal_code": "26720",
        "city": "Dicki, Leuschke and Carroll",
        "country": "LT",
        "clinic_name": "Lake Mark",
        "clinic_location": "20784 Audra Motorway\nEast Marlon, SC 67856",
        "image": null,
        "mfa_enabled": 0,
        "mfa_method": null,
        "mfa_verified_to": null,
        "location_id": null,
        "created_by": null,
        "active": 1,
        "is_internal": 0,
        "notifications_timezone": null,
        "notifications_at": null,
        "created_at": "2026-06-29T13:09:05.000000Z",
        "updated_at": "2026-06-29T13:09:05.000000Z",
        "invitation_status": null,
        "acadle_invitation_status": null,
        "roles": []
    },
    "recipient": {
        "id": 228,
        "mrn": "8JFLKECQ1782738546",
        "name": "Marjorie Lang Jr.",
        "email": "1782738546ramiro36@example.net",
        "language": "en",
        "phone": "+1-283-234-0144",
        "phone_country": "MQ",
        "phone_verified_at": null,
        "address1": "90999 Alfreda Springs Apt. 675",
        "address2": "West Lester, VT 53104",
        "postal_code": "55274-9822",
        "city": "Gutkowski LLC",
        "country": "IE",
        "clinic_name": "West Tiara",
        "clinic_location": "1186 Seth Rue Suite 911\nMadisonview, RI 69501",
        "image": null,
        "mfa_enabled": 0,
        "mfa_method": null,
        "mfa_verified_to": null,
        "location_id": null,
        "created_by": null,
        "active": 1,
        "is_internal": 0,
        "notifications_timezone": null,
        "notifications_at": null,
        "created_at": "2026-06-29T13:09:06.000000Z",
        "updated_at": "2026-06-29T13:09:06.000000Z",
        "invitation_status": null,
        "acadle_invitation_status": null,
        "roles": []
    },
    "device": {
        "id": 133,
        "serial": "b07d21ea-ae2c-3d5d-b9ba-dcf4628fc214",
        "bluetooth_id": "05375268-1d96-396a-a88c-85e6a141e833",
        "company_id": null,
        "model_id": null,
        "amputee_id": null,
        "clinician_id": null,
        "firmware_version_id": null,
        "pcb_version_id": null,
        "reverse_magnets": 0,
        "is_electrode": 0,
        "active": 1,
        "last_activity_at": "0000-00-00 00:00:00",
        "created_at": "2026-06-29T13:09:06.000000Z",
        "updated_at": "2026-06-29T13:09:06.000000Z"
    },
    "messages": [
        {
            "id": 35,
            "ticket_id": 71,
            "sender_id": 229,
            "title": "Ms.",
            "content": "Dolorem consequuntur ipsam dolor dolores qui inventore.",
            "is_read": false,
            "created_at": "2026-06-29T13:09:07.000000Z",
            "updated_at": "2026-06-29T13:09:07.000000Z"
        }
    ]
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to read message",
    "code": "TICKETS:READ_ALL:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Support ticket not found):


{
    "message": "Support ticket not found",
    "code": "TICKETS:READ_ALL:TICKET_NOT_FOUND"
}
 

Request   

POST api/ticket/{id}/read

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   integer   

Support ticket ID (id from ticket list; do not confuse with messages.id). Example: 1

Response

Response Fields

id   integer   

Support ticket ID.

sender_id   integer   

ID of the user who created the ticket.

recipient_id   integer   

ID of the recipient user.

device_id   integer   

Associated device ID.

meeting_date   string   

Scheduled meeting date.

meeting_type   string   

Meeting type.

Must be one of:
  • online
  • in-person
contact_email   string   

Contact email address.

status   string   

Ticket status.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

sender   object   

User who created the ticket.

recipient   object   

Recipient user.

device   object   

Associated device.

messages   object[]   

Ticket messages.

Mark single message as read

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/ticket/1/read/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/ticket/1/read/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "POST",
    headers,
}).then(response => response.json());

Example response (202):


{
    "id": 79,
    "sender_id": 241,
    "recipient_id": 242,
    "device_id": 134,
    "meeting_date": "2026-06-29 13:09:12",
    "meeting_type": "online_meeting",
    "contact_email": "ymaggio@senger.com",
    "status": "new",
    "created_at": "2026-06-29T13:09:12.000000Z",
    "updated_at": "2026-06-29T13:09:12.000000Z",
    "sender": {
        "id": 241,
        "mrn": "A38MH2871782738551",
        "name": "Gideon Batz",
        "email": "1782738551mann.naomi@example.com",
        "language": "en",
        "phone": "856-676-3667",
        "phone_country": "GS",
        "phone_verified_at": null,
        "address1": "67782 Dimitri Bridge Apt. 269",
        "address2": "Hermanfort, CA 23465",
        "postal_code": "20641-6170",
        "city": "Schmeler, West and Runolfsdottir",
        "country": "PT",
        "clinic_name": "Cummerataville",
        "clinic_location": "717 Sarina Row Suite 991\nRogahnchester, PA 66380-0638",
        "image": null,
        "mfa_enabled": 0,
        "mfa_method": null,
        "mfa_verified_to": null,
        "location_id": null,
        "created_by": null,
        "active": 1,
        "is_internal": 0,
        "notifications_timezone": null,
        "notifications_at": null,
        "created_at": "2026-06-29T13:09:11.000000Z",
        "updated_at": "2026-06-29T13:09:11.000000Z",
        "invitation_status": null,
        "acadle_invitation_status": null,
        "roles": []
    },
    "recipient": {
        "id": 242,
        "mrn": "RUEF55T31782738552",
        "name": "Pierre O'Reilly",
        "email": "1782738552mckenzie.virginie@example.com",
        "language": "en",
        "phone": "947-396-9805",
        "phone_country": "GE",
        "phone_verified_at": null,
        "address1": "89120 Yundt Corners",
        "address2": "Bernierstad, IL 68272",
        "postal_code": "07563",
        "city": "Gaylord, Aufderhar and Glover",
        "country": "IN",
        "clinic_name": "Otiliamouth",
        "clinic_location": "9356 Kunze Ferry Suite 202\nMossiestad, TX 91725",
        "image": null,
        "mfa_enabled": 0,
        "mfa_method": null,
        "mfa_verified_to": null,
        "location_id": null,
        "created_by": null,
        "active": 1,
        "is_internal": 0,
        "notifications_timezone": null,
        "notifications_at": null,
        "created_at": "2026-06-29T13:09:12.000000Z",
        "updated_at": "2026-06-29T13:09:12.000000Z",
        "invitation_status": null,
        "acadle_invitation_status": null,
        "roles": []
    },
    "device": {
        "id": 134,
        "serial": "c2efc4ea-27f9-3a34-b447-92476fd518b4",
        "bluetooth_id": "cf7179b2-8a4a-3369-96c3-2f8d6dc1af2c",
        "company_id": null,
        "model_id": null,
        "amputee_id": null,
        "clinician_id": null,
        "firmware_version_id": null,
        "pcb_version_id": null,
        "reverse_magnets": 0,
        "is_electrode": 0,
        "active": 1,
        "last_activity_at": "0000-00-00 00:00:00",
        "created_at": "2026-06-29T13:09:12.000000Z",
        "updated_at": "2026-06-29T13:09:12.000000Z"
    },
    "messages": [
        {
            "id": 39,
            "ticket_id": 79,
            "sender_id": 243,
            "title": "Mr.",
            "content": "Qui odio libero voluptates deleniti.",
            "is_read": false,
            "created_at": "2026-06-29T13:09:14.000000Z",
            "updated_at": "2026-06-29T13:09:14.000000Z"
        }
    ]
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to read message",
    "code": "TICKETS:READ_MESSAGE:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Message not found):


{
    "message": "Message not found",
    "code": "TICKETS:READ_MESSAGE:MESSAGE_NOT_FOUND"
}
 

Request   

POST api/ticket/{id}/read/{messageId}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   integer   

Support ticket ID (id from ticket list; do not confuse with messages.id). Example: 1

messageId   integer   

Message ID. Example: 1

Response

Response Fields

id   integer   

Support ticket ID.

sender_id   integer   

ID of the user who created the ticket.

recipient_id   integer   

ID of the recipient user.

device_id   integer   

Associated device ID.

meeting_date   string   

Scheduled meeting date.

meeting_type   string   

Meeting type.

Must be one of:
  • online
  • in-person
contact_email   string   

Contact email address.

status   string   

Ticket status.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

sender   object   

User who created the ticket.

recipient   object   

Recipient user.

device   object   

Associated device.

messages   object[]   

Ticket messages.

Tooltips

API endpoints for managing tooltips

List tooltips

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/tooltips" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/tooltips"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


{
    "paginator": {
        "total": 2,
        "count": 2,
        "perpage": 20,
        "current_page": 1,
        "last_page": 1
    },
    "items": [
        {
            "id": 1,
            "name": "Stephany Simonis",
            "type": "image",
            "language": "la",
            "file": "0",
            "created_by": 305,
            "created_at": "2026-06-29T13:09:47.000000Z",
            "updated_at": "2026-06-29T13:09:47.000000Z",
            "deleted_at": null
        },
        {
            "id": 2,
            "name": "Lane Rath II",
            "type": "video",
            "language": "nd",
            "file": "0",
            "created_by": 306,
            "created_at": "2026-06-29T13:09:47.000000Z",
            "updated_at": "2026-06-29T13:09:47.000000Z",
            "deleted_at": null
        }
    ]
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to list tooltips",
    "code": "TOOLTIPS:LIST:INSUFFICIENT_PERMISSION"
}
 

Request   

GET api/tooltips

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Query Parameters

perpage   integer  optional  

Elements per page (Default: 20).

page   integer  optional  

Page number (Default: 1).

Response

Response Fields

items   object   
id   integer   

Tooltip ID.

name   string   

Tooltip identifier name.

type   string   

Media type.

Must be one of:
  • image
  • video
language   string   

Language code (ISO 639-1).

file   string   

File path or URL.

created_by   integer   

ID of the user who created the tooltip.

deleted_at   string   

Soft delete timestamp.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

paginator   object   
total   integer   

Total number of items.

count   integer   

Number of items on current page.

perpage   integer   

Items per page.

current_page   integer   

Current page number.

last_page   integer   

Last page number.

List archived tooltips

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/tooltips/archive" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/tooltips/archive"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


{
    "paginator": {
        "total": 2,
        "count": 2,
        "perpage": 20,
        "current_page": 1,
        "last_page": 1
    },
    "items": [
        {
            "id": 3,
            "name": "Jordane Kshlerin",
            "type": "video",
            "language": "et",
            "file": "0",
            "created_by": 307,
            "created_at": "2026-06-29T13:09:48.000000Z",
            "updated_at": "2026-06-29T13:09:48.000000Z",
            "deleted_at": null
        },
        {
            "id": 4,
            "name": "Delilah Heidenreich",
            "type": "video",
            "language": "su",
            "file": "0",
            "created_by": 308,
            "created_at": "2026-06-29T13:09:48.000000Z",
            "updated_at": "2026-06-29T13:09:48.000000Z",
            "deleted_at": null
        }
    ]
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to manage tooltips",
    "code": "TOOLTIPS:LIST_ARCHIVE:INSUFFICIENT_PERMISSION"
}
 

Request   

GET api/tooltips/archive

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Query Parameters

perpage   integer  optional  

Elements per page (Default: 20).

page   integer  optional  

Page number (Default: 1).

Response

Response Fields

items   object   
id   integer   

Tooltip ID.

name   string   

Tooltip identifier name.

type   string   

Media type.

Must be one of:
  • image
  • video
language   string   

Language code (ISO 639-1).

file   string   

File path or URL.

created_by   integer   

ID of the user who created the tooltip.

deleted_at   string   

Soft delete timestamp.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

paginator   object   
total   integer   

Total number of items.

count   integer   

Number of items on current page.

perpage   integer   

Items per page.

current_page   integer   

Current page number.

last_page   integer   

Last page number.

Create new tooltip

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/tooltips" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: multipart/form-data" \
    --header "Accept: application/json" \
    --form "name=Conn Ways"\
    --form "type=video"\
    --form "language=ee"\
    --form "file=@/tmp/phpmfJ6kW" 
const url = new URL(
    "http://localhost:8000/api/tooltips"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "multipart/form-data",
    "Accept": "application/json",
};

const body = new FormData();
body.append('name', 'Conn Ways');
body.append('type', 'video');
body.append('language', 'ee');
body.append('file', document.querySelector('input[name="file"]').files[0]);

fetch(url, {
    method: "POST",
    headers,
    body,
}).then(response => response.json());

Example response (201):


{
    "id": 5,
    "name": "Dr. Cade Reinger",
    "type": "image",
    "language": "ng",
    "file": "0",
    "created_by": 309,
    "created_at": "2026-06-29T13:09:49.000000Z",
    "updated_at": "2026-06-29T13:09:49.000000Z",
    "deleted_at": null
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to manage tooltips",
    "code": "TOOLTIPS:CREATE:INSUFFICIENT_PERMISSION"
}
 

Example response (500, Server error):


{
    "message": "Server error: tooltip not created",
    "code": "TOOLTIPS:CREATE:SERVER_ERROR"
}
 

Request   

POST api/tooltips

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: multipart/form-data

Accept      

Example: application/json

Body Parameters

name   string   

Tooltip name. Example: Conn Ways

type   string   

Tooltip content type. Example: video

Must be one of:
  • image
  • video
language   string   

Tooltip content language. Example: ee

file   file   

Tooltip content file. Must have one of the following MIME types: webp, png, jpg, jpeg, mp4. Must be a file. MAXIMUM:FILE_KB:102400. Example: /tmp/phpmfJ6kW

Response

Response Fields

id   integer   

Tooltip ID.

name   string   

Tooltip identifier name.

type   string   

Media type.

Must be one of:
  • image
  • video
language   string   

Language code (ISO 639-1).

file   string   

File path or URL.

created_by   integer   

ID of the user who created the tooltip.

deleted_at   string   

Soft delete timestamp.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

Archive tooltip

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/tooltips/1/archive" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/tooltips/1/archive"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "POST",
    headers,
}).then(response => response.json());

Example response (202, OK):


{
    "message": "Tooltip archived",
    "code": "TOOLTIPS:ARCHIVE:ARCHIVED"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to manage tooltips",
    "code": "TOOLTIPS:ARCHIVE:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Tooltip not found):


{
    "message": "Tooltip not found",
    "code": "TOOLTIPS:ARCHIVE:TOOLTIP_NOT_FOUND"
}
 

Request   

POST api/tooltips/{id}/archive

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   integer   

Tooltip ID. Example: 1

Restore archived tooltip

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/tooltips/1/restore" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/tooltips/1/restore"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "POST",
    headers,
}).then(response => response.json());

Example response (202, OK):


{
    "message": "Tooltip restored",
    "code": "TOOLTIPS:RESTORE:RESTORED"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to manage tooltips",
    "code": "TOOLTIPS:RESTORE:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Tooltip not found):


{
    "message": "Tooltip not found",
    "code": "TOOLTIPS:RESTORE:TOOLTIP_NOT_FOUND"
}
 

Example response (404, Tooltip is not archived):


{
    "message": "Tooltip is not archived",
    "code": "TOOLTIPS:RESTORE:TOOLTIP_NOT_ARCHIVED"
}
 

Request   

POST api/tooltips/{id}/restore

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   integer   

Tooltip ID. Example: 1

Trainings

API endpoints for trainings

Get user trainings

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/trainings" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/trainings"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


[
    {
        "id": 1,
        "user_id": 313,
        "training_id": 2,
        "notifications_enabled": 1,
        "created_at": "2026-06-29T13:09:51.000000Z",
        "updated_at": "2026-06-29T13:09:51.000000Z",
        "training": {
            "id": 2,
            "name": "beatae adipisci",
            "created_at": "2026-06-29T13:09:51.000000Z",
            "updated_at": "2026-06-29T13:09:51.000000Z"
        }
    },
    {
        "id": 2,
        "user_id": 314,
        "training_id": 4,
        "notifications_enabled": 1,
        "created_at": "2026-06-29T13:09:51.000000Z",
        "updated_at": "2026-06-29T13:09:51.000000Z",
        "training": {
            "id": 4,
            "name": "soluta sunt",
            "created_at": "2026-06-29T13:09:51.000000Z",
            "updated_at": "2026-06-29T13:09:51.000000Z"
        }
    }
]
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to manage user trainings",
    "code": "TRAININGS:LIST:INSUFFICIENT_PERMISSION"
}
 

Request   

GET api/trainings

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Response

Response Fields

id   integer   

User training ID.

user_id   integer   

Associated user ID.

training_id   integer   

Associated training ID.

notifications_enabled   boolean   

Whether notifications are enabled for this training.

streak   integer   

Current training streak (days).

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

training   object   

Training details.

Get trainings for specific user (clinician access)

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/trainings/user/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/trainings/user/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


[
    {
        "id": 3,
        "user_id": 315,
        "training_id": 6,
        "notifications_enabled": 1,
        "created_at": "2026-06-29T13:09:52.000000Z",
        "updated_at": "2026-06-29T13:09:52.000000Z",
        "training": {
            "id": 6,
            "name": "culpa illo",
            "created_at": "2026-06-29T13:09:52.000000Z",
            "updated_at": "2026-06-29T13:09:52.000000Z"
        }
    },
    {
        "id": 4,
        "user_id": 316,
        "training_id": 8,
        "notifications_enabled": 1,
        "created_at": "2026-06-29T13:09:52.000000Z",
        "updated_at": "2026-06-29T13:09:52.000000Z",
        "training": {
            "id": 8,
            "name": "ut ullam",
            "created_at": "2026-06-29T13:09:52.000000Z",
            "updated_at": "2026-06-29T13:09:52.000000Z"
        }
    }
]
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to access patient training",
    "code": "TRAININGS:LIST:INSUFFICIENT_PERMISSION"
}
 

Example response (404, User not found):


{
    "message": "User not found",
    "code": "TRAININGS:LIST:USER_NOT_FOUND"
}
 

Request   

GET api/trainings/user/{userId}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

userId   integer   

User ID Example: 1

Response

Response Fields

id   integer   

User training ID.

user_id   integer   

Associated user ID.

training_id   integer   

Associated training ID.

notifications_enabled   boolean   

Whether notifications are enabled for this training.

streak   integer   

Current training streak (days).

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

training   object   

Training details.

Get user badges

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/trainings/1/user-badges" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/trainings/1/user-badges"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


[
    {
        "id": 1,
        "user_id": 317,
        "badge_id": 1,
        "created_at": "2026-06-29T13:09:53.000000Z",
        "updated_at": "2026-06-29T13:09:53.000000Z"
    },
    {
        "id": 2,
        "user_id": 318,
        "badge_id": 2,
        "created_at": "2026-06-29T13:09:53.000000Z",
        "updated_at": "2026-06-29T13:09:53.000000Z"
    }
]
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to manage user trainings",
    "code": "TRAININGS:BADGES:INSUFFICIENT_PERMISSION"
}
 

Example response (403, User has no training started):


{
    "message": "User has no training started",
    "code": "TRAININGS:BADGES:NO_USER_TRAINING"
}
 

Example response (404, Training not found):


{
    "message": "Training not found",
    "code": "TRAININGS:BADGES:TRAINING_NOT_FOUND"
}
 

Request   

GET api/trainings/{trainingId}/user-badges

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

trainingId   integer   

Training ID. Example: 1

Response

Response Fields

id   integer   

User badge record ID.

user_id   integer   

Associated user ID.

badge_id   integer   

Associated badge ID.

created_at   string   

Awarded timestamp.

updated_at   string   

Last update timestamp.

Start user training

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/trainings/start/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/trainings/start/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "POST",
    headers,
}).then(response => response.json());

Example response (201):


{
    "id": 5,
    "user_id": 319,
    "training_id": 9,
    "notifications_enabled": 1,
    "created_at": "2026-06-29T13:09:54.000000Z",
    "updated_at": "2026-06-29T13:09:54.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to manage user trainings",
    "code": "TRAININGS:START:INSUFFICIENT_PERMISSION"
}
 

Example response (403, User training already started):


{
    "message": "Cannot start: training already started",
    "code": "TRAININGS:START:ALREADY_STARTED"
}
 

Example response (404, Training not found):


{
    "message": "Training not found",
    "code": "TRAININGS:START:TRAINING_NOT_FOUND"
}
 

Request   

POST api/trainings/start/{trainingId}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

trainingId   integer   

Training ID. Example: 1

Response

Response Fields

id   integer   

User training ID.

user_id   integer   

Associated user ID.

training_id   integer   

Associated training ID.

notifications_enabled   boolean   

Whether notifications are enabled for this training.

streak   integer   

Current training streak (days).

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

training   object   

Training details.

Update training

requires authentication

Example request:
curl --request PUT \
    "http://localhost:8000/api/trainings/update/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"notifications_enabled\": false
}"
const url = new URL(
    "http://localhost:8000/api/trainings/update/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "notifications_enabled": false
};

fetch(url, {
    method: "PUT",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (200):


{
    "id": 6,
    "user_id": 320,
    "training_id": 10,
    "notifications_enabled": 1,
    "created_at": "2026-06-29T13:09:54.000000Z",
    "updated_at": "2026-06-29T13:09:54.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to manage user trainings",
    "code": "TRAININGS:UPDATE:INSUFFICIENT_PERMISSION"
}
 

Example response (403, User has no training started):


{
    "message": "User has no training started",
    "code": "TRAININGS:UPDATE:NO_USER_TRAINING"
}
 

Example response (404, Training not found):


{
    "message": "Training not found",
    "code": "TRAININGS:UPDATE:TRAINING_NOT_FOUND"
}
 

Request   

PUT api/trainings/update/{trainingId}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

trainingId   integer   

Training ID. Example: 1

Body Parameters

notifications_enabled   boolean  optional  

Notifications (reminders) status. Example: false

Response

Response Fields

id   integer   

User training ID.

user_id   integer   

Associated user ID.

training_id   integer   

Associated training ID.

notifications_enabled   boolean   

Whether notifications are enabled for this training.

streak   integer   

Current training streak (days).

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

training   object   

Training details.

Get training progress

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/trainings/progress/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/trainings/progress/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


{
    "id": 7,
    "user_id": 321,
    "training_id": 11,
    "notifications_enabled": 1,
    "created_at": "2026-06-29T13:09:55.000000Z",
    "updated_at": "2026-06-29T13:09:55.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to manage user trainings",
    "code": "TRAININGS:PROGRESS:INSUFFICIENT_PERMISSION"
}
 

Example response (403, User has no training started):


{
    "message": "User has no training started",
    "code": "TRAININGS:PROGRESS:NO_USER_TRAINING"
}
 

Example response (404, Training not found):


{
    "message": "Training not found",
    "code": "TRAININGS:PROGRESS:TRAINING_NOT_FOUND"
}
 

Request   

GET api/trainings/progress/{trainingId}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

trainingId   integer   

Training ID. Example: 1

Response

Response Fields

id   integer   

User training ID.

user_id   integer   

Associated user ID.

training_id   integer   

Associated training ID.

notifications_enabled   boolean   

Whether notifications are enabled for this training.

streak   integer   

Current training streak (days).

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

training   object   

Training details.

Mark training task done

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/trainings/1/day/2/task/3" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/trainings/1/day/2/task/3"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "POST",
    headers,
}).then(response => response.json());

Example response (200):


{
    "id": 8,
    "user_id": 322,
    "training_id": 12,
    "notifications_enabled": 1,
    "created_at": "2026-06-29T13:09:55.000000Z",
    "updated_at": "2026-06-29T13:09:55.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to manage user trainings",
    "code": "TRAININGS:MARK_DONE:INSUFFICIENT_PERMISSION"
}
 

Example response (403, User has no training started):


{
    "message": "User has no training started",
    "code": "TRAININGS:MARK_DONE:NO_USER_TRAINING"
}
 

Example response (404, Training not found):


{
    "message": "Training not found",
    "code": "TRAININGS:MARK_DONE:TRAINING_NOT_FOUND"
}
 

Example response (404, Training day not found):


{
    "message": "Training day not found",
    "code": "TRAININGS:MARK_DONE:TRAINING_DAY_NOT_FOUND"
}
 

Example response (404, Training task not found):


{
    "message": "Training task not found",
    "code": "TRAININGS:MARK_DONE:TRAINING_TASK_NOT_FOUND"
}
 

Request   

POST api/trainings/{trainingId}/day/{trainingDayId}/task/{trainingTaskId}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

trainingId   integer   

Training ID. Example: 1

trainingDayId   integer   

Training Day ID. Example: 2

trainingTaskId   integer   

Training Task ID. Example: 3

Response

Response Fields

id   integer   

User training ID.

user_id   integer   

Associated user ID.

training_id   integer   

Associated training ID.

notifications_enabled   boolean   

Whether notifications are enabled for this training.

streak   integer   

Current training streak (days).

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

training   object   

Training details.

Save training exercises attempts

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/trainings/1/day/2/task/3/attempts" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: multipart/form-data" \
    --header "Accept: application/json" \
    --form "exercises[][date_start]=1997-01-06 12:08:40"\
    --form "exercises[][date_end]=1987-04-14 08:36:32"\
    --form "exercises[][end_reason]=ticketCreated"\
    --form "exercises[][config][common][fingerStrength][]=1"\
    --form "exercises[][config][common][gripPositions][_]=0"\
    --form "exercises[][config][common][gripPositions][0][initial][]=55"\
    --form "exercises[][config][common][gripPositions][0][limit][]=85"\
    --form "exercises[][config][common][gripPositions][1][initial][]=28"\
    --form "exercises[][config][common][gripPositions][1][limit][]=68"\
    --form "exercises[][config][common][gripPositions][2][initial][]=2"\
    --form "exercises[][config][common][gripPositions][2][limit][]=54"\
    --form "exercises[][config][common][gripPositions][3][initial][]=57"\
    --form "exercises[][config][common][gripPositions][3][limit][]=61"\
    --form "exercises[][config][common][gripPositions][4][initial][]=1"\
    --form "exercises[][config][common][gripPositions][4][limit][]=60"\
    --form "exercises[][config][common][gripPositions][5][initial][]=13"\
    --form "exercises[][config][common][gripPositions][5][limit][]=75"\
    --form "exercises[][config][common][gripPositions][6][initial][]=56"\
    --form "exercises[][config][common][gripPositions][6][limit][]=81"\
    --form "exercises[][config][common][gripPositions][7][initial][]=23"\
    --form "exercises[][config][common][gripPositions][7][limit][]=23"\
    --form "exercises[][config][common][gripPositions][8][initial][]=36"\
    --form "exercises[][config][common][gripPositions][8][limit][]=95"\
    --form "exercises[][config][common][gripPositions][9][initial][]=66"\
    --form "exercises[][config][common][gripPositions][9][limit][]=71"\
    --form "exercises[][config][common][gripPositions][10][initial][]=7"\
    --form "exercises[][config][common][gripPositions][10][limit][]=33"\
    --form "exercises[][config][common][gripPositions][11][initial][]=57"\
    --form "exercises[][config][common][gripPositions][11][limit][]=64"\
    --form "exercises[][config][common][gripPositions][12][initial][]=10"\
    --form "exercises[][config][common][gripPositions][12][limit][]=15"\
    --form "exercises[][config][common][gripPositions][13][initial][]=19"\
    --form "exercises[][config][common][gripPositions][13][limit][]=20"\
    --form "exercises[][config][common][inputSite][]=0"\
    --form "exercises[][config][modes][][id]=83"\
    --form "exercises[][config][modes][][name]=Non dolorum ipsam ut officia voluptatibus molestias."\
    --form "exercises[][config][modes][][slot]=0"\
    --form "exercises[][config][modes][][config][autoGrasp][]=1"\
    --form "exercises[][config][modes][][config][coContractionTimings][]=300"\
    --form "exercises[][config][modes][][config][controlMode][]=0"\
    --form "exercises[][config][modes][][config][emgGains][]=100"\
    --form "exercises[][config][modes][][config][emgSpike][]=1"\
    --form "exercises[][config][modes][][config][emgThresholds][]=70"\
    --form "exercises[][config][modes][][config][gripPairsConfig][]=10"\
    --form "exercises[][config][modes][][config][gripSequentialConfig][]=10"\
    --form "exercises[][config][modes][][config][gripSwitchingMode][]=3"\
    --form "exercises[][config][modes][][config][holdOpen][]=2000"\
    --form "exercises[][config][modes][][config][pulseTimings][]=720"\
    --form "exercises[][config][modes][][config][softGrip][]=0"\
    --form "exercises[][config][modes][][config][speedControlStrategy][]=0"\
    --form "exercises[][firmware_id]=4354"\
    --form "exercises[][app_version]=8.30.72"\
    --form "exercises[][attempts][][date_start]=2006-07-17 10:14:48"\
    --form "exercises[][attempts][][date_end]=1982-04-14 17:43:43"\
    --form "exercises[][attempts][][result]=success"\
    --form "exercises[][emg_file]=@/tmp/phpNeUL77" 
const url = new URL(
    "http://localhost:8000/api/trainings/1/day/2/task/3/attempts"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "multipart/form-data",
    "Accept": "application/json",
};

const body = new FormData();
body.append('exercises[][date_start]', '1997-01-06 12:08:40');
body.append('exercises[][date_end]', '1987-04-14 08:36:32');
body.append('exercises[][end_reason]', 'ticketCreated');
body.append('exercises[][config][common][fingerStrength][]', '1');
body.append('exercises[][config][common][gripPositions][_]', '0');
body.append('exercises[][config][common][gripPositions][0][initial][]', '55');
body.append('exercises[][config][common][gripPositions][0][limit][]', '85');
body.append('exercises[][config][common][gripPositions][1][initial][]', '28');
body.append('exercises[][config][common][gripPositions][1][limit][]', '68');
body.append('exercises[][config][common][gripPositions][2][initial][]', '2');
body.append('exercises[][config][common][gripPositions][2][limit][]', '54');
body.append('exercises[][config][common][gripPositions][3][initial][]', '57');
body.append('exercises[][config][common][gripPositions][3][limit][]', '61');
body.append('exercises[][config][common][gripPositions][4][initial][]', '1');
body.append('exercises[][config][common][gripPositions][4][limit][]', '60');
body.append('exercises[][config][common][gripPositions][5][initial][]', '13');
body.append('exercises[][config][common][gripPositions][5][limit][]', '75');
body.append('exercises[][config][common][gripPositions][6][initial][]', '56');
body.append('exercises[][config][common][gripPositions][6][limit][]', '81');
body.append('exercises[][config][common][gripPositions][7][initial][]', '23');
body.append('exercises[][config][common][gripPositions][7][limit][]', '23');
body.append('exercises[][config][common][gripPositions][8][initial][]', '36');
body.append('exercises[][config][common][gripPositions][8][limit][]', '95');
body.append('exercises[][config][common][gripPositions][9][initial][]', '66');
body.append('exercises[][config][common][gripPositions][9][limit][]', '71');
body.append('exercises[][config][common][gripPositions][10][initial][]', '7');
body.append('exercises[][config][common][gripPositions][10][limit][]', '33');
body.append('exercises[][config][common][gripPositions][11][initial][]', '57');
body.append('exercises[][config][common][gripPositions][11][limit][]', '64');
body.append('exercises[][config][common][gripPositions][12][initial][]', '10');
body.append('exercises[][config][common][gripPositions][12][limit][]', '15');
body.append('exercises[][config][common][gripPositions][13][initial][]', '19');
body.append('exercises[][config][common][gripPositions][13][limit][]', '20');
body.append('exercises[][config][common][inputSite][]', '0');
body.append('exercises[][config][modes][][id]', '83');
body.append('exercises[][config][modes][][name]', 'Non dolorum ipsam ut officia voluptatibus molestias.');
body.append('exercises[][config][modes][][slot]', '0');
body.append('exercises[][config][modes][][config][autoGrasp][]', '1');
body.append('exercises[][config][modes][][config][coContractionTimings][]', '300');
body.append('exercises[][config][modes][][config][controlMode][]', '0');
body.append('exercises[][config][modes][][config][emgGains][]', '100');
body.append('exercises[][config][modes][][config][emgSpike][]', '1');
body.append('exercises[][config][modes][][config][emgThresholds][]', '70');
body.append('exercises[][config][modes][][config][gripPairsConfig][]', '10');
body.append('exercises[][config][modes][][config][gripSequentialConfig][]', '10');
body.append('exercises[][config][modes][][config][gripSwitchingMode][]', '3');
body.append('exercises[][config][modes][][config][holdOpen][]', '2000');
body.append('exercises[][config][modes][][config][pulseTimings][]', '720');
body.append('exercises[][config][modes][][config][softGrip][]', '0');
body.append('exercises[][config][modes][][config][speedControlStrategy][]', '0');
body.append('exercises[][firmware_id]', '4354');
body.append('exercises[][app_version]', '8.30.72');
body.append('exercises[][attempts][][date_start]', '2006-07-17 10:14:48');
body.append('exercises[][attempts][][date_end]', '1982-04-14 17:43:43');
body.append('exercises[][attempts][][result]', 'success');
body.append('exercises[][emg_file]', document.querySelector('input[name="exercises[][emg_file]"]').files[0]);

fetch(url, {
    method: "POST",
    headers,
    body,
}).then(response => response.json());

Example response (200):


[
    {
        "id": 1,
        "user_id": 323,
        "training_task_id": 1,
        "date_start": "1992-10-07 12:50:06",
        "date_end": "1975-08-05 04:34:06",
        "end_reason": "fail",
        "config": "{\"common\":{\"fingerStrength\":[1,400],\"gripPositions\":{\"_\":0,\"0\":{\"initial\":[48,62,67,11,72],\"limit\":[65,94,90,43,80]},\"1\":{\"initial\":[31,71,1,9,1],\"limit\":[77,86,32,18,76]},\"2\":{\"initial\":[37,1,28,13,36],\"limit\":[42,20,41,18,85]},\"3\":{\"initial\":[10,42,58,2,53],\"limit\":[52,53,89,14,95]},\"4\":{\"initial\":[14,11,82,84,29],\"limit\":[42,59,84,86,65]},\"5\":{\"initial\":[17,6,8,19,62],\"limit\":[28,88,19,45,68]},\"6\":{\"initial\":[58,29,36,7,21],\"limit\":[90,53,40,19,51]},\"7\":{\"initial\":[18,39,1,48,15],\"limit\":[85,76,85,70,58]},\"8\":{\"initial\":[50,71,36,8,23],\"limit\":[82,92,84,77,49]},\"9\":{\"initial\":[13,4,11,59,49],\"limit\":[58,84,87,83,89]},\"10\":{\"initial\":[8,64,35,3,78],\"limit\":[61,76,90,85,92]},\"11\":{\"initial\":[40,41,19,51,60],\"limit\":[44,79,94,94,78]},\"12\":{\"initial\":[36,33,37,40,83],\"limit\":[55,61,38,84,94]},\"13\":{\"initial\":[3,9,14,37,65],\"limit\":[57,12,89,72,81]}},\"inputSite\":[1]},\"modes\":[{\"id\":86,\"name\":\"Excepturi provident laboriosam molestiae ut ea et delectus.\",\"slot\":0,\"config\":{\"autoGrasp\":[1,100],\"coContractionTimings\":[400,100],\"controlMode\":[0],\"emgGains\":[100,100],\"emgSpike\":[0,300],\"emgThresholds\":[100,20,10,70,90,80,10,30,10,0],\"gripPairsConfig\":[2,8,4,10,5,11,1,7],\"gripSequentialConfig\":[7,9,1,255,255,12,255,13,255,3,6,255],\"gripSwitchingMode\":[2],\"holdOpen\":[2000,2500],\"pulseTimings\":[670,160,470,870],\"softGrip\":[0],\"speedControlStrategy\":[1]}},{\"id\":87,\"name\":\"Adipisci facere deleniti corporis iure ut quia.\",\"slot\":1,\"config\":{\"autoGrasp\":[1,0],\"coContractionTimings\":[400,300],\"controlMode\":[1],\"emgGains\":[100,100],\"emgSpike\":[0,300],\"emgThresholds\":[0,20,80,70,40,90,30,20,60,70],\"gripPairsConfig\":[7,4,1,2,9,13,10,5],\"gripSequentialConfig\":[10,9,2,255,1,12,7,255,8,6,13,11],\"gripSwitchingMode\":[1],\"holdOpen\":[1500,2500],\"pulseTimings\":[170,100,580,140],\"softGrip\":[1],\"speedControlStrategy\":[1]}},{\"id\":88,\"name\":\"Nisi libero id quisquam necessitatibus nobis.\",\"slot\":2,\"config\":{\"autoGrasp\":[0,100],\"coContractionTimings\":[200,100],\"controlMode\":[1],\"emgGains\":[100,100],\"emgSpike\":[1,300],\"emgThresholds\":[40,90,50,60,50,80,40,40,50,40],\"gripPairsConfig\":[11,10,4,9,8,6,5,1],\"gripSequentialConfig\":[255,4,13,8,12,6,3,2,7,10,1,11],\"gripSwitchingMode\":[1],\"holdOpen\":[1500,2000],\"pulseTimings\":[860,250,660,310],\"softGrip\":[0],\"speedControlStrategy\":[0]}}]}",
        "firmware_id": 24,
        "app_version": "6.37.91",
        "emg_file": "/tmp/fakerbax5kF",
        "created_at": "2026-06-29T13:09:56.000000Z",
        "updated_at": "2026-06-29T13:09:56.000000Z",
        "attempts": [
            {
                "id": 1,
                "training_log_id": 1,
                "date_start": "2005-09-14 21:46:24",
                "date_end": "1983-05-18 21:46:01",
                "result": "failure",
                "created_at": "2026-06-29T13:09:56.000000Z",
                "updated_at": "2026-06-29T13:09:56.000000Z"
            }
        ]
    },
    {
        "id": 3,
        "user_id": 325,
        "training_task_id": 3,
        "date_start": "2021-05-19 18:23:29",
        "date_end": "2008-06-16 05:11:24",
        "end_reason": "ticketCreated",
        "config": "{\"common\":{\"fingerStrength\":[1,400],\"gripPositions\":{\"_\":0,\"0\":{\"initial\":[42,73,35,7,22],\"limit\":[91,82,58,95,56]},\"1\":{\"initial\":[62,51,53,14,34],\"limit\":[70,86,62,51,66]},\"2\":{\"initial\":[64,19,4,27,61],\"limit\":[87,36,31,59,71]},\"3\":{\"initial\":[42,30,23,23,51],\"limit\":[69,87,29,39,71]},\"4\":{\"initial\":[60,35,73,64,46],\"limit\":[93,90,81,72,87]},\"5\":{\"initial\":[37,4,62,12,18],\"limit\":[87,7,63,49,50]},\"6\":{\"initial\":[46,2,26,48,16],\"limit\":[82,14,87,61,86]},\"7\":{\"initial\":[60,8,57,65,24],\"limit\":[61,69,78,72,55]},\"8\":{\"initial\":[42,17,20,10,83],\"limit\":[70,62,76,16,86]},\"9\":{\"initial\":[77,55,75,29,42],\"limit\":[90,67,77,40,61]},\"10\":{\"initial\":[76,15,32,30,50],\"limit\":[84,31,83,66,51]},\"11\":{\"initial\":[51,9,23,6,53],\"limit\":[86,49,68,25,64]},\"12\":{\"initial\":[4,12,84,58,50],\"limit\":[72,89,87,89,74]},\"13\":{\"initial\":[70,19,6,16,2],\"limit\":[87,88,63,30,61]}},\"inputSite\":[0]},\"modes\":[{\"id\":92,\"name\":\"Et voluptatibus a culpa officia voluptates numquam.\",\"slot\":0,\"config\":{\"autoGrasp\":[0,0],\"coContractionTimings\":[200,100],\"controlMode\":[0],\"emgGains\":[100,100],\"emgSpike\":[1,300],\"emgThresholds\":[20,80,80,90,40,30,60,60,30,50],\"gripPairsConfig\":[13,4,12,1,2,8,9,11],\"gripSequentialConfig\":[2,12,7,1,10,255,8,255,6,255,255,5],\"gripSwitchingMode\":[3],\"holdOpen\":[1500,2500],\"pulseTimings\":[960,170,90,280],\"softGrip\":[1],\"speedControlStrategy\":[0]}},{\"id\":93,\"name\":\"Vel corrupti nam pariatur necessitatibus mollitia voluptas velit.\",\"slot\":1,\"config\":{\"autoGrasp\":[0,0],\"coContractionTimings\":[500,500],\"controlMode\":[1],\"emgGains\":[100,100],\"emgSpike\":[0,300],\"emgThresholds\":[80,60,90,80,100,60,30,20,90,30],\"gripPairsConfig\":[8,13,2,11,3,4,6,10],\"gripSequentialConfig\":[255,5,8,255,255,255,12,11,10,9,3,6],\"gripSwitchingMode\":[1],\"holdOpen\":[1500,2000],\"pulseTimings\":[70,190,200,190],\"softGrip\":[0],\"speedControlStrategy\":[0]}},{\"id\":94,\"name\":\"Iure dolore impedit maiores adipisci sint.\",\"slot\":2,\"config\":{\"autoGrasp\":[0,100],\"coContractionTimings\":[400,200],\"controlMode\":[1],\"emgGains\":[100,100],\"emgSpike\":[1,300],\"emgThresholds\":[0,10,70,70,20,10,30,10,90,10],\"gripPairsConfig\":[3,13,1,4,2,9,12,6],\"gripSequentialConfig\":[10,255,4,255,7,3,2,9,255,5,255,255],\"gripSwitchingMode\":[1],\"holdOpen\":[1500,2000],\"pulseTimings\":[640,740,970,580],\"softGrip\":[1],\"speedControlStrategy\":[0]}}]}",
        "firmware_id": 26,
        "app_version": "0.18.79",
        "emg_file": "/tmp/faker2jfiGJ",
        "created_at": "2026-06-29T13:09:57.000000Z",
        "updated_at": "2026-06-29T13:09:57.000000Z",
        "attempts": [
            {
                "id": 2,
                "training_log_id": 3,
                "date_start": "2009-02-10 01:45:44",
                "date_end": "1983-09-16 20:55:17",
                "result": "failure",
                "created_at": "2026-06-29T13:09:57.000000Z",
                "updated_at": "2026-06-29T13:09:57.000000Z"
            }
        ]
    }
]
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to manage user trainings",
    "code": "TRAININGS:SAVE_ATTEMPTS:INSUFFICIENT_PERMISSION"
}
 

Example response (403, User has no training started):


{
    "message": "User has no training started",
    "code": "TRAININGS:SAVE_ATTEMPTS:NO_USER_TRAINING"
}
 

Example response (404, Training not found):


{
    "message": "Training not found",
    "code": "TRAININGS:SAVE_ATTEMPTS:TRAINING_NOT_FOUND"
}
 

Example response (404, Training day not found):


{
    "message": "Training day not found",
    "code": "TRAININGS:SAVE_ATTEMPTS:TRAINING_DAY_NOT_FOUND"
}
 

Example response (404, Training task not found):


{
    "message": "Training task not found",
    "code": "TRAININGS:SAVE_ATTEMPTS:TRAINING_TASK_NOT_FOUND"
}
 

Request   

POST api/trainings/{trainingId}/day/{trainingDayId}/task/{trainingTaskId}/attempts

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: multipart/form-data

Accept      

Example: application/json

URL Parameters

trainingId   integer   

Training ID. Example: 1

trainingDayId   integer   

Training Day ID. Example: 2

trainingTaskId   integer   

Training Task ID. Example: 3

Body Parameters

exercises   object[]  optional  
date_start   string   

Exercise start date. MUST_BE_DATE. Example: 1997-01-06 12:08:40

date_end   string  optional  

Exercise end date. MUST_BE_DATE. Example: 1987-04-14 08:36:32

end_reason   string  optional  

Exercise end reason. Example: ticketCreated

Must be one of:
  • success
  • back
  • ticketCreated
  • fail
  • null
config   string   

Device config during exercise.

firmware_id   integer   

Device Firmware Version ID during exercise. The id of an existing record in the App\Models\FirmwareVersion table. Example: 4354

app_version   string   

Mobile app version during exercise. Example: 8.30.72

emg_file   file  optional  

EMG file created during exercise. Must be a file. MAXIMUM:FILE_KB:102400. Example: /tmp/phpNeUL77

attempts   object[]  optional  
date_start   string   

Exercise attempt start date. MUST_BE_DATE. Example: 2006-07-17 10:14:48

date_end   string   

Exercise attempt end date. MUST_BE_DATE. Example: 1982-04-14 17:43:43

result   string   

Exercise attempt result. Example: success

Must be one of:
  • success
  • failure

Response

Response Fields

id   integer   

Training log entry ID.

user_id   integer   

Associated user ID.

training_task_id   integer   

Associated training task ID.

date_start   string   

Session start datetime.

date_end   string   

Session end datetime.

end_reason   string   

Reason the session ended.

config   string   

Device config snapshot at time of session.

firmware_id   integer   

Firmware version ID used during session.

app_version   string   

App version used during session.

emg_file   string   

EMG data file URL.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

attempts   object[]   

Training log attempts.

Get reward status

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/trainings/1/reward" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/trainings/1/reward"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200, Reward status):


{
    "status": true
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to manage user trainings",
    "code": "TRAININGS:REWARD_STATUS:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Training not found):


{
    "message": "Training not found",
    "code": "TRAININGS:REWARD_STATUS:TRAINING_NOT_FOUND"
}
 

Request   

GET api/trainings/{trainingId}/reward

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

trainingId   integer   

Training ID. Example: 1

Save reward details

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/trainings/1/reward" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"type\": \"digital\",
    \"country\": \"FI\",
    \"delivery\": \"pl_inpost_parcel_locker\",
    \"email\": \"klindgren@rodriguez.net\",
    \"phone\": \"316-264-8124\",
    \"full_name\": \"Alicia Lubowitz\",
    \"address1\": \"515 Walter Squares\",
    \"address2\": \"Suite 306\",
    \"city\": \"East Elinore\",
    \"postal_code\": \"24591\",
    \"state\": \"DOLORES\",
    \"parcel_locker_code\": \"RQEVT6U7\",
    \"pin_code\": \"434842\"
}"
const url = new URL(
    "http://localhost:8000/api/trainings/1/reward"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "type": "digital",
    "country": "FI",
    "delivery": "pl_inpost_parcel_locker",
    "email": "klindgren@rodriguez.net",
    "phone": "316-264-8124",
    "full_name": "Alicia Lubowitz",
    "address1": "515 Walter Squares",
    "address2": "Suite 306",
    "city": "East Elinore",
    "postal_code": "24591",
    "state": "DOLORES",
    "parcel_locker_code": "RQEVT6U7",
    "pin_code": "434842"
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (200):


{
    "id": 1,
    "user_id": 327,
    "training_id": 21,
    "type": "physical",
    "country": "PT",
    "delivery": "pl_inpost_parcel_locker",
    "email": "imelda14@ferry.org",
    "phone": "(463) 949-1921",
    "full_name": "Mr. Alberto O'Kon",
    "address1": "7401 Maritza Extension",
    "address2": "29259 Dicki Mills Suite 456\nStantonburgh, OH 61005-6840",
    "city": "West Amber",
    "postal_code": "93417-7371",
    "state": "ET",
    "parcel_locker_code": "R7F52KS6",
    "pin_code": "877809",
    "created_at": "2026-06-29T13:09:58.000000Z",
    "updated_at": "2026-06-29T13:09:58.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to manage user trainings",
    "code": "TRAININGS:REWARD_SAVE:INSUFFICIENT_PERMISSION"
}
 

Example response (403, Reward details already exists):


{
    "message": "Reward details already exists",
    "code": "TRAININGS:REWARD_SAVE:ALREADY_EXISTS"
}
 

Example response (404, Training not found):


{
    "message": "Training not found",
    "code": "TRAININGS:REWARD_SAVE:TRAINING_NOT_FOUND"
}
 

Request   

POST api/trainings/{trainingId}/reward

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

trainingId   integer   

Training ID. Example: 1

Body Parameters

type   string   

Reward type. Example: digital

Must be one of:
  • digital
  • physical
country   string   

Country code. SIZE:STRING_LENGTH:2. Example: FI

Must be one of:
  • AF
  • AX
  • AL
  • DZ
  • AS
  • AD
  • AO
  • AI
  • AQ
  • AG
  • AR
  • AM
  • AW
  • AU
  • AT
  • AZ
  • BS
  • BH
  • BD
  • BB
  • BY
  • BE
  • BZ
  • BJ
  • BM
  • BT
  • BO
  • BQ
  • BA
  • BW
  • BV
  • BR
  • IO
  • BN
  • BG
  • BF
  • BI
  • CV
  • KH
  • CM
  • CA
  • KY
  • CF
  • TD
  • CL
  • CN
  • CX
  • CC
  • CO
  • KM
  • CD
  • CG
  • CK
  • CR
  • CI
  • HR
  • CU
  • CW
  • CY
  • CZ
  • DK
  • DJ
  • DM
  • DO
  • EC
  • EG
  • SV
  • GQ
  • ER
  • EE
  • SZ
  • ET
  • FK
  • FO
  • FJ
  • FI
  • FR
  • GF
  • PF
  • TF
  • GA
  • GM
  • GE
  • DE
  • GH
  • GI
  • GR
  • GL
  • GD
  • GP
  • GU
  • GT
  • GG
  • GN
  • GW
  • GY
  • HT
  • HM
  • VA
  • HN
  • HK
  • HU
  • IS
  • IN
  • ID
  • IR
  • IQ
  • IE
  • IM
  • IL
  • IT
  • JM
  • JP
  • JE
  • JO
  • KZ
  • KE
  • KI
  • KP
  • KR
  • KW
  • KG
  • LA
  • LV
  • LB
  • LS
  • LR
  • LY
  • LI
  • LT
  • LU
  • MO
  • MG
  • MW
  • MY
  • MV
  • ML
  • MT
  • MH
  • MQ
  • MR
  • MU
  • YT
  • MX
  • FM
  • MD
  • MC
  • MN
  • ME
  • MS
  • MA
  • MZ
  • MM
  • NA
  • NR
  • NP
  • NL
  • NC
  • NZ
  • NI
  • NE
  • NG
  • NU
  • NF
  • MK
  • MP
  • NO
  • OM
  • PK
  • PW
  • PS
  • PA
  • PG
  • PY
  • PE
  • PH
  • PN
  • PL
  • PT
  • PR
  • QA
  • RE
  • RO
  • RU
  • RW
  • BL
  • SH
  • KN
  • LC
  • MF
  • PM
  • VC
  • WS
  • SM
  • ST
  • SA
  • SN
  • RS
  • SC
  • SL
  • SG
  • SX
  • SK
  • SI
  • SB
  • SO
  • ZA
  • GS
  • SS
  • ES
  • LK
  • SD
  • SR
  • SJ
  • SE
  • CH
  • SY
  • TW
  • TJ
  • TZ
  • TH
  • TL
  • TG
  • TK
  • TO
  • TT
  • TN
  • TR
  • TM
  • TC
  • TV
  • UG
  • UA
  • AE
  • GB
  • UM
  • US
  • UY
  • UZ
  • VU
  • VE
  • VN
  • VG
  • VI
  • WF
  • EH
  • YE
  • ZM
  • ZW
delivery   string  optional  

Delivery method. Default: home_delivery. Example: pl_inpost_parcel_locker

Must be one of:
  • home_delivery
  • pl_inpost_parcel_locker
  • ua_nova_poshta_branch_pickup
  • ua_nova_poshta_parcel_locker
email   string   

Contact email. MUST_BE_EMAIL. Example: klindgren@rodriguez.net

phone   string   

Contact phone. Example: 316-264-8124

full_name   string   

Full name. Example: Alicia Lubowitz

address1   string  optional  

Address line 1. Example: 515 Walter Squares

address2   string  optional  

Address line 2. Example: Suite 306

city   string  optional  

City. Example: East Elinore

postal_code   string  optional  

Postal code/ZIP code/Postcode. Example: 24591

state   string  optional  

State/Province. Example: DOLORES

parcel_locker_code   string  optional  

Parcel locker code/Branch pickup number (for: InPost parcel locker, Nova Poshta branch pickup, Nova Poshta parcel locker). Example: RQEVT6U7

pin_code   string  optional  

PIN code (India delivery). Example: 434842

Response

Response Fields

id   integer   

User reward ID.

user_id   integer   

Associated user ID.

training_id   integer   

Associated training ID.

type   string   

Reward type.

Must be one of:
  • digital
  • physical
country   string   

Delivery country code.

delivery   string   

Delivery method.

Must be one of:
  • home_delivery
  • parcel_locker
email   string   

Recipient email.

phone   string   

Recipient phone.

full_name   string   

Recipient full name.

address1   string   

Delivery address line 1.

address2   string   

Delivery address line 2.

city   string   

Delivery city.

postal_code   string   

Delivery postal code.

state   string   

Delivery state.

parcel_locker_code   string   

Parcel locker code.

pin_code   string   

PIN code for delivery.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

Get user progress (clinician view)

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/trainings/progress/ut/user/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/trainings/progress/ut/user/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200, OK):


[
    {
        "number": 1,
        "key": "openClose",
        "status": "completed",
        "status_updated_at": "2026-02-04 11:00:00"
    },
    {
        "number": 2,
        "key": "holdOpen",
        "status": "in_progress",
        "status_updated_at": "2026-02-05 09:00:00"
    },
    {
        "number": 3,
        "key": "changeSignal",
        "status": "not_started",
        "status_updated_at": null
    },
    {
        "number": 4,
        "key": "thumbPositioning",
        "status": "not_started",
        "status_updated_at": null
    },
    {
        "number": 5,
        "key": "sequentialAndPairingMode",
        "status": "not_started",
        "status_updated_at": null
    },
    {
        "number": 6,
        "key": "fingerSpeedTraining",
        "status": "not_started",
        "status_updated_at": null
    },
    {
        "number": 7,
        "key": "freezeMode",
        "status": "not_started",
        "status_updated_at": null
    },
    {
        "number": 8,
        "key": "coreSkillsTest",
        "status": "not_started",
        "status_updated_at": null
    },
    {
        "number": 9,
        "key": "powerSoftGrip",
        "status": "not_started",
        "status_updated_at": null
    },
    {
        "number": 10,
        "key": "precisionGrip",
        "status": "not_started",
        "status_updated_at": null
    },
    {
        "number": 11,
        "key": "tripodGrip",
        "status": "not_started",
        "status_updated_at": null
    },
    {
        "number": 12,
        "key": "keyGrip",
        "status": "not_started",
        "status_updated_at": null
    },
    {
        "number": 13,
        "key": "gripSelection",
        "status": "not_started",
        "status_updated_at": null
    },
    {
        "number": 14,
        "key": "finalGripAndControlTest",
        "status": "not_started",
        "status_updated_at": null
    }
]
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to access patient training",
    "code": "TRAININGS:PROGRESS_CLINICIAN:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Training not found):


{
    "message": "Training not found",
    "code": "TRAININGS:PROGRESS_CLINICIAN:TRAINING_NOT_FOUND"
}
 

Example response (404, User not found):


{
    "message": "User not found",
    "code": "TRAININGS:PROGRESS_CLINICIAN:USER_NOT_FOUND"
}
 

Request   

GET api/trainings/progress/{trainingId}/user/{userId}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

trainingId   string   

Example: ut

userId   integer   

User ID. Example: 1

User preferences

API endpoints for user preferences

List user preferences

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/preferences" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/preferences"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200, OK):


{
    "preference1": "value1",
    "preference2": null,
    "preference3": 1
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to manage user preferences",
    "code": "USERS_PREFERENCES:LIST:INSUFFICIENT_PERMISSION"
}
 

Request   

GET api/preferences

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Get user preference

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/preferences/sidebar_enabled" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/preferences/sidebar_enabled"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


{
    "id": 1,
    "user_id": 328,
    "name": "MediumSlateBlue",
    "value": "1",
    "created_at": "2026-06-29T13:09:58.000000Z",
    "updated_at": "2026-06-29T13:09:58.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to manage user preferences",
    "code": "USERS_PREFERENCES:GET:INSUFFICIENT_PERMISSION"
}
 

Example response (404, User preference not found):


{
    "message": "User preference not found",
    "code": "USERS_PREFERENCES:GET:NOT_FOUND"
}
 

Request   

GET api/preferences/{name}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

name   string   

Preference name. Example: sidebar_enabled

Set user preference

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/preferences" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"name\": \"sidebar_enabled\",
    \"value\": \"1\"
}"
const url = new URL(
    "http://localhost:8000/api/preferences"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "name": "sidebar_enabled",
    "value": "1"
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (202):


{
    "id": 2,
    "user_id": 329,
    "name": "Green",
    "value": "0",
    "created_at": "2026-06-29T13:09:59.000000Z",
    "updated_at": "2026-06-29T13:09:59.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to manage user preferences",
    "code": "USERS_PREFERENCES:SET:INSUFFICIENT_PERMISSION"
}
 

Request   

POST api/preferences

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Body Parameters

name   string   

Preference name. Example: sidebar_enabled

value   string   

Preference value. Example: 1

Users

API endpoints for user management

Get users list

requires authentication

Possible extend options:

Example request:
curl --request GET \
    --get "http://localhost:8000/api/users?search=Tom&active=-1&clinician[]=12&roles=Clinician%2CAmputee&has_devices=1&user_toggles=goals%2Ctrainings" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/users"
);

const params = {
    "search": "Tom",
    "active": "-1",
    "clinician[0]": "12",
    "roles": "Clinician,Amputee",
    "has_devices": "1",
    "user_toggles": "goals,trainings",
};
Object.keys(params)
    .forEach(key => url.searchParams.append(key, params[key]));

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


{
    "paginator": {
        "total": 2,
        "count": 2,
        "perpage": 20,
        "current_page": 1,
        "last_page": 1
    },
    "items": [
        {
            "id": 7,
            "mrn": "UT5CDT851782738443",
            "name": "Reyes Witting",
            "email": "1782738443ruthie82@example.org",
            "language": "en",
            "phone": "1-380-281-4124",
            "phone_country": "UZ",
            "phone_verified_at": null,
            "address1": "5687 Ocie Drives Apt. 619",
            "address2": "Gradyport, WA 37030",
            "postal_code": "18793-1346",
            "city": "Williamson, Shields and Skiles",
            "country": "RO",
            "clinic_name": "Lake Pansy",
            "clinic_location": "751 Destin Vista Suite 804\nDonavonfurt, MN 89381",
            "image": null,
            "mfa_enabled": 0,
            "mfa_method": null,
            "mfa_verified_to": null,
            "location_id": null,
            "created_by": null,
            "active": 1,
            "is_internal": 0,
            "notifications_timezone": null,
            "notifications_at": null,
            "created_at": "2026-06-29T13:07:23.000000Z",
            "updated_at": "2026-06-29T13:07:23.000000Z",
            "invitation_status": null,
            "acadle_invitation_status": null,
            "clinicians": [
                {
                    "id": 8,
                    "mrn": "WFFGBYGC1782738444",
                    "name": "Meagan Kuhn",
                    "email": "1782738444chaya60@example.net",
                    "language": "en",
                    "phone": "+1.832.737.0045",
                    "phone_country": "NA",
                    "phone_verified_at": null,
                    "address1": "764 Hyatt Falls",
                    "address2": "North Laurieshire, SD 33981-8469",
                    "postal_code": "10305",
                    "city": "Klein-Cormier",
                    "country": "EE",
                    "clinic_name": "Delphineland",
                    "clinic_location": "25612 Cassandra Hills Suite 896\nWilkinsonbury, SC 58459",
                    "image": null,
                    "mfa_enabled": 0,
                    "mfa_method": null,
                    "mfa_verified_to": null,
                    "location_id": null,
                    "created_by": null,
                    "active": 1,
                    "is_internal": 0,
                    "notifications_timezone": null,
                    "notifications_at": null,
                    "created_at": "2026-06-29T13:07:24.000000Z",
                    "updated_at": "2026-06-29T13:07:24.000000Z",
                    "invitation_status": null,
                    "acadle_invitation_status": null,
                    "pivot": {
                        "user_id": 7,
                        "assigned_user_id": 8
                    },
                    "roles": []
                }
            ],
            "devices": [
                {
                    "id": 1,
                    "serial": "01f7b43c-eeba-357d-9e26-426fd39f2662",
                    "bluetooth_id": "874afdb7-7b8f-301d-b20b-fb8bb70ef138",
                    "company_id": null,
                    "model_id": null,
                    "amputee_id": 7,
                    "clinician_id": null,
                    "firmware_version_id": null,
                    "pcb_version_id": null,
                    "reverse_magnets": 0,
                    "is_electrode": 0,
                    "active": 1,
                    "last_activity_at": "0000-00-00 00:00:00",
                    "created_at": "2026-06-29T13:07:24.000000Z",
                    "updated_at": "2026-06-29T13:07:24.000000Z"
                }
            ],
            "roles": [
                {
                    "id": 1,
                    "name": "SuperAdmin"
                }
            ]
        },
        {
            "id": 9,
            "mrn": "HAMJB2UM1782738444",
            "name": "Barney Gislason",
            "email": "1782738444denesik.agnes@example.net",
            "language": "en",
            "phone": "+1.575.755.9771",
            "phone_country": "UA",
            "phone_verified_at": null,
            "address1": "19412 Jessie Ports Apt. 178",
            "address2": "Martinaberg, ID 05928",
            "postal_code": "83645",
            "city": "Streich Group",
            "country": "NO",
            "clinic_name": "Larsonville",
            "clinic_location": "2706 Isobel Extension\nSouth Nolanstad, DE 75330-7863",
            "image": null,
            "mfa_enabled": 0,
            "mfa_method": null,
            "mfa_verified_to": null,
            "location_id": null,
            "created_by": null,
            "active": 1,
            "is_internal": 0,
            "notifications_timezone": null,
            "notifications_at": null,
            "created_at": "2026-06-29T13:07:24.000000Z",
            "updated_at": "2026-06-29T13:07:24.000000Z",
            "invitation_status": "accepted",
            "acadle_invitation_status": null,
            "clinicians": [
                {
                    "id": 10,
                    "mrn": "KKS89BZ31782738445",
                    "name": "Brayan Beer",
                    "email": "1782738445grady.nora@example.org",
                    "language": "en",
                    "phone": "+1-774-698-4071",
                    "phone_country": "HK",
                    "phone_verified_at": null,
                    "address1": "749 Aletha Dale Suite 975",
                    "address2": "South Joan, SD 58594",
                    "postal_code": "62096-7254",
                    "city": "Muller-Schowalter",
                    "country": "GB",
                    "clinic_name": "Lisetteville",
                    "clinic_location": "5058 Goodwin Valleys\nKiehnton, AL 59532-5471",
                    "image": null,
                    "mfa_enabled": 0,
                    "mfa_method": null,
                    "mfa_verified_to": null,
                    "location_id": null,
                    "created_by": null,
                    "active": 1,
                    "is_internal": 0,
                    "notifications_timezone": null,
                    "notifications_at": null,
                    "created_at": "2026-06-29T13:07:25.000000Z",
                    "updated_at": "2026-06-29T13:07:25.000000Z",
                    "invitation_status": null,
                    "acadle_invitation_status": null,
                    "pivot": {
                        "user_id": 9,
                        "assigned_user_id": 10
                    },
                    "roles": []
                }
            ],
            "devices": [
                {
                    "id": 2,
                    "serial": "71f4a750-c920-371a-b7db-1995176f45f3",
                    "bluetooth_id": "adf0ca8d-dda3-3729-914e-baa4bbe35dca",
                    "company_id": null,
                    "model_id": null,
                    "amputee_id": 9,
                    "clinician_id": null,
                    "firmware_version_id": null,
                    "pcb_version_id": null,
                    "reverse_magnets": 0,
                    "is_electrode": 0,
                    "active": 1,
                    "last_activity_at": "0000-00-00 00:00:00",
                    "created_at": "2026-06-29T13:07:25.000000Z",
                    "updated_at": "2026-06-29T13:07:25.000000Z"
                }
            ],
            "roles": [
                {
                    "id": 5,
                    "name": "ClinicianSupport"
                }
            ]
        }
    ]
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to view user list",
    "code": "USERS:LIST:INSUFFICIENT_PERMISSION"
}
 

Request   

GET api/users

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Query Parameters

search   string  optional  

Filter users by name. For SuperAdmin role it filters by UUID. Example: Tom

active   integer  optional  

Filter users by active status (available: 0 - only inactive, 1 - only active, -1 - all users). Default: 1. Example: -1

clinician   integer[]  optional  

Filter users by clinician. Provide single ID (clinician=1), array of IDs (clinician[]=1&clinician[]=2) or comma-separated list of IDs (clinician=1,2).

roles   string  optional  

Filter users by roles (comma-separated). Example: Clinician,Amputee

has_devices   integer  optional  

Filter users who has at least one device assigned. Example: 1

user_toggles   string  optional  

Filter users by their user-specific product toggles (comma-separated). Example: goals,trainings

perpage   integer  optional  

Elements per page (Default: 20).

page   integer  optional  

Page number (Default: 1).

extend   string  optional  

Comma-separated list of relation extensions (available: clinicians, patients, devices, devices.model, devicesAsClinician, devicesAsClinician.model, roles, permissions, userToggles).

sortby   string  optional  

Sort by field (available: user_mrn, user_name, role_name, date). Default: date, desc.

sortdir   string  optional  

Sort direction (available: asc, desc).

Response

Response Fields

items   object   
id   integer   

User ID.

mrn   string   

Medical Record Number.

name   string   

User full name.

email   string   

User email address.

language   string   

User preferred language.

phone   string   

User phone number.

phone_country   string   

Phone country code.

phone_verified_at   string   

Phone verification date.

address1   string   

Address line 1.

address2   string   

Address line 2.

postal_code   string   

Postal code.

city   string   

City.

country   string   

Country code (ISO 3166 Alpha-2).

clinic_name   string   

Clinic name.

clinic_location   string   

Clinic location.

image   string   

User profile image URL.

mfa_enabled   boolean   

Whether MFA is enabled.

mfa_method   string   

Preferred MFA method.

mfa_verified_to   string   

MFA session verified until.

location_id   integer   

Location ID.

created_by   integer   

ID of the user who created this account.

active   boolean   

Whether the user account is active.

is_internal   boolean   

Whether the user is an internal user.

notifications_timezone   string   

Timezone for notifications.

notifications_at   string   

Preferred notification time.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

invitation_status   string   

User invitation status.

acadle_invitation_status   string   

Acadle invitation status.

roles   object[]   

User roles.

id   integer   

Role ID.

name   string   

Role name.

permissions   object[]   

User permissions.

clinicians   object[]   

Assigned clinicians.

devices   object[]   

Assigned devices.

patients   object[]   

Assigned patients.

invitations   object[]   

User invitations.

paginator   object   
total   integer   

Total number of items.

count   integer   

Number of items on current page.

perpage   integer   

Items per page.

current_page   integer   

Current page number.

last_page   integer   

Last page number.

Get current user data

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/me" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/me"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


{
    "id": 11,
    "mrn": "6PSDE2K61782738445",
    "name": "Murl Cormier DVM",
    "email": "1782738445cschultz@example.org",
    "language": "en",
    "phone": "+15852602477",
    "phone_country": "NI",
    "phone_verified_at": null,
    "address1": "46977 Xavier Canyon",
    "address2": "West Scotty, KY 35201",
    "postal_code": "49731",
    "city": "Weissnat, Klocko and Jacobs",
    "country": "MT",
    "clinic_name": "Elseside",
    "clinic_location": "8265 Kozey Circles Apt. 910\nSouth Gunnar, DC 12441",
    "image": null,
    "mfa_enabled": 0,
    "mfa_method": null,
    "mfa_verified_to": null,
    "location_id": null,
    "created_by": null,
    "active": 1,
    "is_internal": 0,
    "notifications_timezone": null,
    "notifications_at": null,
    "created_at": "2026-06-29T13:07:25.000000Z",
    "updated_at": "2026-06-29T13:07:25.000000Z",
    "invitation_status": "accepted",
    "acadle_invitation_status": null,
    "roles": [
        {
            "id": 5,
            "name": "ClinicianSupport"
        }
    ]
}
 

Request   

GET api/me

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Query Parameters

extend   string  optional  

Comma-separated list of relation extensions (available: clinicians, patients, devices, devicesAsClinician, roles, permissions).

Response

Response Fields

id   integer   

User ID.

mrn   string   

Medical Record Number.

name   string   

User full name.

email   string   

User email address.

language   string   

User preferred language.

phone   string   

User phone number.

phone_country   string   

Phone country code.

phone_verified_at   string   

Phone verification date.

address1   string   

Address line 1.

address2   string   

Address line 2.

postal_code   string   

Postal code.

city   string   

City.

country   string   

Country code (ISO 3166 Alpha-2).

clinic_name   string   

Clinic name.

clinic_location   string   

Clinic location.

image   string   

User profile image URL.

mfa_enabled   boolean   

Whether MFA is enabled.

mfa_method   string   

Preferred MFA method.

mfa_verified_to   string   

MFA session verified until.

location_id   integer   

Location ID.

created_by   integer   

ID of the user who created this account.

active   boolean   

Whether the user account is active.

is_internal   boolean   

Whether the user is an internal user.

notifications_timezone   string   

Timezone for notifications.

notifications_at   string   

Preferred notification time.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

invitation_status   string   

User invitation status.

acadle_invitation_status   string   

Acadle invitation status.

roles   object[]   

User roles.

id   integer   

Role ID.

name   string   

Role name.

permissions   object[]   

User permissions.

clinicians   object[]   

Assigned clinicians.

devices   object[]   

Assigned devices.

patients   object[]   

Assigned patients.

invitations   object[]   

User invitations.

Get other user data

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/user/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/user/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


{
    "id": 12,
    "mrn": "7JFAVDSL1782738446",
    "name": "Ali Pollich",
    "email": "1782738446heller.cortney@example.com",
    "language": "en",
    "phone": "+1.772.658.3641",
    "phone_country": "LY",
    "phone_verified_at": null,
    "address1": "8698 Spencer Harbors Apt. 090",
    "address2": "Wiltonberg, NC 87319",
    "postal_code": "98798-5888",
    "city": "Pacocha Group",
    "country": "LV",
    "clinic_name": "Ullrichville",
    "clinic_location": "24786 Gladys Plains Suite 904\nJuliushaven, OK 57293-0404",
    "image": null,
    "mfa_enabled": 0,
    "mfa_method": null,
    "mfa_verified_to": null,
    "location_id": null,
    "created_by": null,
    "active": 1,
    "is_internal": 0,
    "notifications_timezone": null,
    "notifications_at": null,
    "created_at": "2026-06-29T13:07:26.000000Z",
    "updated_at": "2026-06-29T13:07:26.000000Z",
    "invitation_status": "accepted",
    "acadle_invitation_status": null,
    "roles": [
        {
            "id": 4,
            "name": "Clinician"
        }
    ]
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to view user data",
    "code": "USERS:GET:INSUFFICIENT_PERMISSION"
}
 

Example response (404, User not found):


{
    "message": "User not found",
    "code": "USERS:GET:USER_NOT_FOUND"
}
 

Request   

GET api/user/{id}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   integer   

User ID. Example: 1

Query Parameters

extend   string  optional  

Comma-separated list of relation extensions (available: clinicians, patients, devices, devicesAsClinician, roles, permissions).

Response

Response Fields

id   integer   

User ID.

mrn   string   

Medical Record Number.

name   string   

User full name.

email   string   

User email address.

language   string   

User preferred language.

phone   string   

User phone number.

phone_country   string   

Phone country code.

phone_verified_at   string   

Phone verification date.

address1   string   

Address line 1.

address2   string   

Address line 2.

postal_code   string   

Postal code.

city   string   

City.

country   string   

Country code (ISO 3166 Alpha-2).

clinic_name   string   

Clinic name.

clinic_location   string   

Clinic location.

image   string   

User profile image URL.

mfa_enabled   boolean   

Whether MFA is enabled.

mfa_method   string   

Preferred MFA method.

mfa_verified_to   string   

MFA session verified until.

location_id   integer   

Location ID.

created_by   integer   

ID of the user who created this account.

active   boolean   

Whether the user account is active.

is_internal   boolean   

Whether the user is an internal user.

notifications_timezone   string   

Timezone for notifications.

notifications_at   string   

Preferred notification time.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

invitation_status   string   

User invitation status.

acadle_invitation_status   string   

Acadle invitation status.

roles   object[]   

User roles.

id   integer   

Role ID.

name   string   

Role name.

permissions   object[]   

User permissions.

clinicians   object[]   

Assigned clinicians.

devices   object[]   

Assigned devices.

patients   object[]   

Assigned patients.

invitations   object[]   

User invitations.

Create new user account

requires authentication

Predefined permissions:

Example request:
curl --request POST \
    "http://localhost:8000/api/user" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: multipart/form-data" \
    --header "Accept: application/json" \
    --form "mrn=MRN12345678"\
    --form "name=Tom Smith"\
    --form "email=test@example.com"\
    --form "language=en"\
    --form "address1=53193 Orn Inlet"\
    --form "address2=West Mariettaton, VA 47665-1015"\
    --form "postal_code=53898-5844"\
    --form "city=Port Jeanne"\
    --form "country=EE"\
    --form "clinic_name=Aether"\
    --form "clinic_location=53193 Orn Inlet"\
    --form "mfa_enabled=1"\
    --form "mfa_method=email"\
    --form "is_internal="\
    --form "clinicians[]=2"\
    --form "notifications_timezone=Europe/Warsaw"\
    --form "notifications_at=8:00"\
    --form "role=Amputee"\
    --form "image=@/tmp/php7MzSJU" 
const url = new URL(
    "http://localhost:8000/api/user"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "multipart/form-data",
    "Accept": "application/json",
};

const body = new FormData();
body.append('mrn', 'MRN12345678');
body.append('name', 'Tom Smith');
body.append('email', 'test@example.com');
body.append('language', 'en');
body.append('address1', '53193 Orn Inlet');
body.append('address2', 'West Mariettaton, VA 47665-1015');
body.append('postal_code', '53898-5844');
body.append('city', 'Port Jeanne');
body.append('country', 'EE');
body.append('clinic_name', 'Aether');
body.append('clinic_location', '53193 Orn Inlet');
body.append('mfa_enabled', '1');
body.append('mfa_method', 'email');
body.append('is_internal', '');
body.append('clinicians[]', '2');
body.append('notifications_timezone', 'Europe/Warsaw');
body.append('notifications_at', '8:00');
body.append('role', 'Amputee');
body.append('image', document.querySelector('input[name="image"]').files[0]);

fetch(url, {
    method: "POST",
    headers,
    body,
}).then(response => response.json());

Example response (201):


{
    "id": 13,
    "mrn": "FWYCPJ4Z1782738446",
    "name": "Dedrick Nikolaus",
    "email": "1782738446franco.durgan@example.com",
    "language": "en",
    "phone": "(815) 317-4252",
    "phone_country": "KM",
    "phone_verified_at": null,
    "address1": "68206 Hintz Manor",
    "address2": "Torpside, IL 27114-1238",
    "postal_code": "92621-5217",
    "city": "Fritsch-Morissette",
    "country": "LT",
    "clinic_name": "Port Krystina",
    "clinic_location": "413 Abbott Highway Apt. 215\nNew Sarai, NH 63563",
    "image": null,
    "mfa_enabled": 0,
    "mfa_method": null,
    "mfa_verified_to": null,
    "location_id": null,
    "created_by": null,
    "active": 1,
    "is_internal": 0,
    "notifications_timezone": null,
    "notifications_at": null,
    "created_at": "2026-06-29T13:07:26.000000Z",
    "updated_at": "2026-06-29T13:07:26.000000Z",
    "invitation_status": null,
    "acadle_invitation_status": null,
    "roles": [
        {
            "id": 2,
            "name": "CommunityAdmin"
        }
    ]
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to create user with given role",
    "code": "USERS:CREATE:INSUFFICIENT_PERMISSION"
}
 

Example response (403, E-mail in use (in another region)):


{
    "message": "E-mail address already in use (in another region)",
    "code": "USERS:CREATE:EMAIL_IN_USE"
}
 

Request   

POST api/user

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: multipart/form-data

Accept      

Example: application/json

Body Parameters

mrn   string  optional  

Medical Record Number. Example: MRN12345678

name   string  optional  

User full name. Example: Tom Smith

email   string   

User email. MUST_BE_EMAIL. Example: test@example.com

language   string  optional  

User language. Example: en

address1   string  optional  

Address line 1. MAXIMUM:STRING_LENGTH:100. Example: 53193 Orn Inlet

address2   string  optional  

Address line 2. MAXIMUM:STRING_LENGTH:100. Example: West Mariettaton, VA 47665-1015

postal_code   string  optional  

Postal code. MAXIMUM:STRING_LENGTH:100. Example: 53898-5844

city   string  optional  

City. MAXIMUM:STRING_LENGTH:100. Example: Port Jeanne

country   string  optional  

Country. MAXIMUM:STRING_LENGTH:2. Example: EE

clinic_name   string  optional  

Clinic name. MAXIMUM:STRING_LENGTH:100. Example: Aether

clinic_location   string  optional  

Clinic location. MAXIMUM:STRING_LENGTH:100. Example: 53193 Orn Inlet

image   file  optional  

Attached user image. MUST_BE_IMAGE MAXIMUM:FILE_KB:5120. Example: /tmp/php7MzSJU

mfa_enabled   boolean  optional  

Super Admin only: MFA enabled. Example: true

mfa_method   string  optional  

Super Admin only: MFA method. Example: email

Must be one of:
  • email
  • sms
is_internal   boolean  optional  

Mark user as internal (QA/ADP team). Example: false

clinicians   string[]  optional  

Clinician ID. The id of an existing record in the App\Models\User table.

notifications_timezone   string  optional  

User notifications timezone. Example: Europe/Warsaw

notifications_at   string  optional  

Time when notifications and reminders should be sent. Format: HH:MM. Set null to notify at default time. Must be a valid date in the format H:i. Example: 8:00

role   string   

Role name. Example: Amputee

Must be one of:
  • Amputee
  • ClinicianSupport
  • Clinician
  • ClinicAdmin
  • SuperAdmin
  • AcadleUser
permissions   object  optional  

List of permissions given to this user. For now, it is used for ClinicianSupport role to give access to specific actions (for example user.update means that user can update users). You can assign both predefined permissions (already checked by some endpoints) and custom permissions (check them on your own). You can also use wildcards like user.* to give access to all actions for given scope.

Response

Response Fields

id   integer   

User ID.

mrn   string   

Medical Record Number.

name   string   

User full name.

email   string   

User email address.

language   string   

User preferred language.

phone   string   

User phone number.

phone_country   string   

Phone country code.

phone_verified_at   string   

Phone verification date.

address1   string   

Address line 1.

address2   string   

Address line 2.

postal_code   string   

Postal code.

city   string   

City.

country   string   

Country code (ISO 3166 Alpha-2).

clinic_name   string   

Clinic name.

clinic_location   string   

Clinic location.

image   string   

User profile image URL.

mfa_enabled   boolean   

Whether MFA is enabled.

mfa_method   string   

Preferred MFA method.

mfa_verified_to   string   

MFA session verified until.

location_id   integer   

Location ID.

created_by   integer   

ID of the user who created this account.

active   boolean   

Whether the user account is active.

is_internal   boolean   

Whether the user is an internal user.

notifications_timezone   string   

Timezone for notifications.

notifications_at   string   

Preferred notification time.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

invitation_status   string   

User invitation status.

acadle_invitation_status   string   

Acadle invitation status.

roles   object[]   

User roles.

id   integer   

Role ID.

name   string   

Role name.

permissions   object[]   

User permissions.

clinicians   object[]   

Assigned clinicians.

devices   object[]   

Assigned devices.

patients   object[]   

Assigned patients.

invitations   object[]   

User invitations.

Update user account

requires authentication

Example request:
curl --request PUT \
    "http://localhost:8000/api/user/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: multipart/form-data" \
    --header "Accept: application/json" \
    --form "mrn=MRN12345678"\
    --form "name=Tom Smith"\
    --form "email=test@example.com"\
    --form "language=en"\
    --form "address1=2063 Pink Key"\
    --form "address2=Littlefurt, AZ 17794-9664"\
    --form "postal_code=60259-2073"\
    --form "city=Elizabethshire"\
    --form "country=CY"\
    --form "clinic_name=Aether"\
    --form "clinic_location=2063 Pink Key"\
    --form "image_delete=1"\
    --form "mfa_enabled=1"\
    --form "mfa_method=email"\
    --form "active=1"\
    --form "is_internal="\
    --form "clinicians[]=2"\
    --form "notifications_timezone=Europe/Warsaw"\
    --form "notifications_at=8:00"\
    --form "role=Amputee"\
    --form "image=@/tmp/phpA2Dn8X" 
const url = new URL(
    "http://localhost:8000/api/user/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "multipart/form-data",
    "Accept": "application/json",
};

const body = new FormData();
body.append('mrn', 'MRN12345678');
body.append('name', 'Tom Smith');
body.append('email', 'test@example.com');
body.append('language', 'en');
body.append('address1', '2063 Pink Key');
body.append('address2', 'Littlefurt, AZ 17794-9664');
body.append('postal_code', '60259-2073');
body.append('city', 'Elizabethshire');
body.append('country', 'CY');
body.append('clinic_name', 'Aether');
body.append('clinic_location', '2063 Pink Key');
body.append('image_delete', '1');
body.append('mfa_enabled', '1');
body.append('mfa_method', 'email');
body.append('active', '1');
body.append('is_internal', '');
body.append('clinicians[]', '2');
body.append('notifications_timezone', 'Europe/Warsaw');
body.append('notifications_at', '8:00');
body.append('role', 'Amputee');
body.append('image', document.querySelector('input[name="image"]').files[0]);

fetch(url, {
    method: "PUT",
    headers,
    body,
}).then(response => response.json());

Example response (202):


{
    "id": 14,
    "mrn": "Z6LFQUR61782738447",
    "name": "Icie Gerlach",
    "email": "1782738447everardo75@example.com",
    "language": "en",
    "phone": "1-689-410-7177",
    "phone_country": "JM",
    "phone_verified_at": null,
    "address1": "17604 Angie Ferry",
    "address2": "North Gladysbury, DE 58792",
    "postal_code": "57648",
    "city": "Wolf LLC",
    "country": "BG",
    "clinic_name": "Markschester",
    "clinic_location": "11214 Becker Burgs Apt. 856\nSouth Mikayla, ND 04878",
    "image": null,
    "mfa_enabled": 0,
    "mfa_method": null,
    "mfa_verified_to": null,
    "location_id": null,
    "created_by": null,
    "active": 1,
    "is_internal": 0,
    "notifications_timezone": null,
    "notifications_at": null,
    "created_at": "2026-06-29T13:07:27.000000Z",
    "updated_at": "2026-06-29T13:07:27.000000Z",
    "invitation_status": "accepted",
    "acadle_invitation_status": null,
    "roles": [
        {
            "id": 5,
            "name": "ClinicianSupport"
        }
    ]
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to update user data",
    "code": "USERS:UPDATE:INSUFFICIENT_PERMISSION"
}
 

Example response (403, Insufficient permission to assign role):


{
    "message": "Insufficient permission to assign this role as ClinicAdmin",
    "code": "USERS:UPDATE:INSUFFICIENT_PERMISSION_ASSIGN_ROLE"
}
 

Example response (404, User not found):


{
    "message": "User not found",
    "code": "USERS:UPDATE:USER_NOT_FOUND"
}
 

Request   

PUT api/user/{id}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: multipart/form-data

Accept      

Example: application/json

URL Parameters

id   integer   

User ID. Example: 1

Body Parameters

mrn   string  optional  

Medical Record Number. Example: MRN12345678

name   string  optional  

User full name. Example: Tom Smith

email   string  optional  

User email. MUST_BE_EMAIL. Example: test@example.com

language   string  optional  

User language. Example: en

address1   string  optional  

Address line 1. MAXIMUM:STRING_LENGTH:100. Example: 2063 Pink Key

address2   string  optional  

Address line 2. MAXIMUM:STRING_LENGTH:100. Example: Littlefurt, AZ 17794-9664

postal_code   string  optional  

Postal code. MAXIMUM:STRING_LENGTH:100. Example: 60259-2073

city   string  optional  

City. MAXIMUM:STRING_LENGTH:100. Example: Elizabethshire

country   string  optional  

Country. MAXIMUM:STRING_LENGTH:2. Example: CY

clinic_name   string  optional  

Clinic name. MAXIMUM:STRING_LENGTH:100. Example: Aether

clinic_location   string  optional  

Clinic location. MAXIMUM:STRING_LENGTH:100. Example: 2063 Pink Key

image   file  optional  

Attached user image. MUST_BE_IMAGE MAXIMUM:FILE_KB:5120. Example: /tmp/phpA2Dn8X

image_delete   boolean  optional  

Send this parameter instead of image to remove previously added image. Example: true

mfa_enabled   boolean  optional  

Super Admin only: MFA enabled. Example: true

mfa_method   string  optional  

Super Admin only: MFA method. Example: email

Must be one of:
  • email
  • sms
active   boolean  optional  

User active status (0 - inactive, 1 - active). Example: true

is_internal   boolean  optional  

Mark user as internal (QA/ADP team). Example: false

clinicians   string[]  optional  

Clinician ID. The id of an existing record in the App\Models\User table.

notifications_timezone   string  optional  

User notifications timezone. Example: Europe/Warsaw

notifications_at   string  optional  

Time when notifications and reminders should be sent. Format: HH:MM. Set null to notify at default time. Must be a valid date in the format H:i. Example: 8:00

role   string  optional  

Role name. Example: Amputee

Must be one of:
  • Amputee
  • ClinicianSupport
  • Clinician
  • ClinicAdmin
  • SuperAdmin
  • AcadleUser
permissions   object  optional  

List of permissions given to this user. For now, it is used for ClinicianSupport role to give access to specific actions (for example user.update means that user can update users). You can assign both predefined permissions (already checked by some endpoints) and custom permissions (check them on your own). You can also use wildcards like user.* to give access to all actions for given scope.

Response

Response Fields

id   integer   

User ID.

mrn   string   

Medical Record Number.

name   string   

User full name.

email   string   

User email address.

language   string   

User preferred language.

phone   string   

User phone number.

phone_country   string   

Phone country code.

phone_verified_at   string   

Phone verification date.

address1   string   

Address line 1.

address2   string   

Address line 2.

postal_code   string   

Postal code.

city   string   

City.

country   string   

Country code (ISO 3166 Alpha-2).

clinic_name   string   

Clinic name.

clinic_location   string   

Clinic location.

image   string   

User profile image URL.

mfa_enabled   boolean   

Whether MFA is enabled.

mfa_method   string   

Preferred MFA method.

mfa_verified_to   string   

MFA session verified until.

location_id   integer   

Location ID.

created_by   integer   

ID of the user who created this account.

active   boolean   

Whether the user account is active.

is_internal   boolean   

Whether the user is an internal user.

notifications_timezone   string   

Timezone for notifications.

notifications_at   string   

Preferred notification time.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

invitation_status   string   

User invitation status.

acadle_invitation_status   string   

Acadle invitation status.

roles   object[]   

User roles.

id   integer   

Role ID.

name   string   

Role name.

permissions   object[]   

User permissions.

clinicians   object[]   

Assigned clinicians.

devices   object[]   

Assigned devices.

patients   object[]   

Assigned patients.

invitations   object[]   

User invitations.

Update user phone number

requires authentication

Phone number has to be verified after update. Call /api/mfa/phone/verify with user-filled code after performing this operation. If value is "0" phone number will be removed without any verification.

Example request:
curl --request POST \
    "http://localhost:8000/api/user/1/phone" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"phone\": \"+1 (208) 892-0242\",
    \"phone_country\": \"US\"
}"
const url = new URL(
    "http://localhost:8000/api/user/1/phone"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "phone": "+1 (208) 892-0242",
    "phone_country": "US"
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (200, Phone number removed):


{
    "message": "Phone number removed",
    "code": "USERS:SET_PHONE:REMOVED"
}
 

Example response (200, Phone number updated):


{
    "message": "Verification code sent. Call /api/mfa/phone/verify to verify phone number.",
    "code": "USERS:SET_PHONE:UPDATED"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to update user data",
    "code": "USERS:SET_PHONE:INSUFFICIENT_PERMISSION"
}
 

Example response (404, User not found):


{
    "message": "User not found",
    "code": "USERS:SET_PHONE:USER_NOT_FOUND"
}
 

Example response (500, Code send failed):


{
    "message": "Verification code sending failed",
    "code": "USERS:SET_PHONE:SEND_FAILED"
}
 

Request   

POST api/user/{id}/phone

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   integer   

User ID. Example: 1

Body Parameters

phone   string  optional  

User phone number. Pass "0" to remove current one. Example: +1 (208) 892-0242

phone_country   string  optional  

Phone number's country (2 characters). SIZE:STRING_LENGTH:2. Example: US

Delete user account

requires authentication

Example request:
curl --request DELETE \
    "http://localhost:8000/api/user/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/user/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "DELETE",
    headers,
}).then(response => response.json());

Example response (202, OK):


{
    "message": "User deleted",
    "code": "USERS:DELETE:DELETED"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to delete user",
    "code": "USERS:DELETE:INSUFFICIENT_PERMISSION"
}
 

Example response (403, User has existing patients or chat rooms):


{
    "message": "Cannot delete: user has existing patients or chat rooms (patients: 1, chat rooms: 0)",
    "code": "USERS:DELETE:HAS_PATIENTS"
}
 

Example response (403, User has existing devices):


{
    "message": "Cannot delete: user has existing devices (as patient: 1, as clinician: 0)",
    "code": "USERS:DELETE:HAS_DEVICES"
}
 

Example response (403, User has open P2P sessions):


{
    "message": "Cannot delete: user has open P2P sessions (as patient: 0, as clinician: 1)",
    "code": "USERS:DELETE:HAS_P2P_SESSIONS"
}
 

Example response (404, User not found):


{
    "message": "User not found",
    "code": "USERS:DELETE:USER_NOT_FOUND"
}
 

Example response (500, Server error):


{
    "message": "Server error: user not deleted",
    "code": "USERS:DELETE:SERVER_ERROR"
}
 

Request   

DELETE api/user/{id}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   integer   

User ID. Example: 1

Delete own user account

requires authentication

Example request:
curl --request DELETE \
    "http://localhost:8000/api/user" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"password\": \"password\"
}"
const url = new URL(
    "http://localhost:8000/api/user"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "password": "password"
};

fetch(url, {
    method: "DELETE",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (202, OK):


{
    "message": "User deleted",
    "code": "USERS:SELF_DELETE:DELETED"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to delete user",
    "code": "USERS:SELF_DELETE:INSUFFICIENT_PERMISSION"
}
 

Example response (422, Invalid password):


{
    "message": "Invalid password",
    "code": "USERS:SELF_DELETE:INVALID_PASSWORD"
}
 

Example response (500, Server error):


{
    "message": "Server error: user not deleted",
    "code": "USERS:SELF_DELETE:SERVER_ERROR"
}
 

Request   

DELETE api/user

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Body Parameters

password   string   

User account password. Example: password

Change other user password

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/user/1/password" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"password\": \"aspernatur\"
}"
const url = new URL(
    "http://localhost:8000/api/user/1/password"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "password": "aspernatur"
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (202, OK):


{
    "message": "User password changed",
    "code": "USERS:PASSWORD_CHANGE:CHANGED"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to change user password",
    "code": "USERS:PASSWORD_CHANGE:INSUFFICIENT_PERMISSION"
}
 

Example response (404, User not found):


{
    "message": "User not found",
    "code": "USERS:PASSWORD_CHANGE:USER_NOT_FOUND"
}
 

Request   

POST api/user/{id}/password

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   integer   

User ID. Example: 1

Body Parameters

password   string   

Example: aspernatur

Get user devices list

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/user/1/devices" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/user/1/devices"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


{
    "paginator": {
        "total": 2,
        "count": 2,
        "perpage": 20,
        "current_page": 1,
        "last_page": 1
    },
    "items": [
        {
            "id": 3,
            "serial": "69737012-afaf-3a62-a410-bf28b44d9a15",
            "bluetooth_id": "6bff789a-3617-3c1e-831a-39536678e5df",
            "company_id": null,
            "model_id": 1,
            "amputee_id": null,
            "clinician_id": null,
            "firmware_version_id": null,
            "pcb_version_id": null,
            "reverse_magnets": 0,
            "is_electrode": 0,
            "active": 1,
            "last_activity_at": "0000-00-00 00:00:00",
            "created_at": "2026-06-29T13:07:27.000000Z",
            "updated_at": "2026-06-29T13:07:27.000000Z",
            "model": {
                "id": 1,
                "name": "Zeus hand v1",
                "type": "leg",
                "orientation": "right",
                "active": 1,
                "created_at": "2026-06-29T13:07:27.000000Z",
                "updated_at": "2026-06-29T13:07:27.000000Z"
            }
        },
        {
            "id": 4,
            "serial": "388502d3-4595-3135-88f6-abce059ab414",
            "bluetooth_id": "10bfbb7d-677d-320c-9c0a-4dbc5b870296",
            "company_id": null,
            "model_id": 2,
            "amputee_id": null,
            "clinician_id": null,
            "firmware_version_id": null,
            "pcb_version_id": null,
            "reverse_magnets": 0,
            "is_electrode": 0,
            "active": 1,
            "last_activity_at": "0000-00-00 00:00:00",
            "created_at": "2026-06-29T13:07:27.000000Z",
            "updated_at": "2026-06-29T13:07:27.000000Z",
            "model": {
                "id": 2,
                "name": "Zeus hand v1",
                "type": "arm",
                "orientation": "left",
                "active": 1,
                "created_at": "2026-06-29T13:07:27.000000Z",
                "updated_at": "2026-06-29T13:07:27.000000Z"
            }
        }
    ]
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to view user devices",
    "code": "USERS:DEVICES:INSUFFICIENT_PERMISSION"
}
 

Example response (404, User not found):


{
    "message": "User not found",
    "code": "USERS:DEVICES:USER_NOT_FOUND"
}
 

Request   

GET api/user/{id}/devices

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   integer   

User ID. Example: 1

Query Parameters

perpage   integer  optional  

Elements per page (Default: 20).

page   integer  optional  

Page number (Default: 1).

extend   string  optional  

Comma-separated list of relation extensions (available: model, firmwareVersion, pcbVersion, joinedDevices, joinedElectrodes).

Response

Response Fields

items   object   
id   integer   

Device ID.

serial   string   

Device serial number.

bluetooth_id   string   

Bluetooth identifier.

model_id   integer   

Device model ID.

amputee_id   integer   

Assigned patient (amputee) user ID.

firmware_version_id   integer   

Firmware version ID.

pcb_version_id   integer   

PCB version ID.

company_id   integer   

Company ID.

reverse_magnets   boolean   

Whether magnets are reversed.

is_electrode   boolean   

Whether this device is an electrode.

active   boolean   

Whether the device is active.

last_activity_at   string   

Last activity timestamp.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

model   object   

Device model details.

id   integer   

Device model ID.

name   string   

Model name.

type   string   

Model type.

orientation   string   

Model orientation.

active   boolean   

Whether the model is active.

amputee   object   

Assigned patient (amputee) user.

id   integer   

User ID.

name   string   

User full name.

email   string   

User email address.

clinicians   object[]   

Clinicians assigned to this device.

firmwareVersion   object   

Firmware version details.

id   integer   

Firmware version ID.

name   string   

Version name.

file_firmware   string   

Firmware file URL.

file_firmware_v2   string   

Firmware v2 file URL.

file_firmware_v3   string   

Firmware v3 file URL.

file_firmware_v4   string   

Firmware v4 file URL.

file_firmware_v5   string   

Firmware v5 file URL.

file_firmware_new_pcb   string   

New PCB firmware file URL.

file_bootloader   string   

Bootloader file URL.

file_bootloader_v2   string   

Bootloader v2 file URL.

file_bootloader_v3   string   

Bootloader v3 file URL.

file_bootloader_v4   string   

Bootloader v4 file URL.

changelog   string   

Changelog file URL.

pcbVersion   object   

PCB version details.

id   integer   

PCB version ID.

name   string   

Version name.

hardware_id   string   

Hardware identifier.

joinedDevices   object[]   

Joined hand devices.

joinedElectrodes   object[]   

Joined electrode devices.

paginator   object   
total   integer   

Total number of items.

count   integer   

Number of items on current page.

perpage   integer   

Items per page.

current_page   integer   

Current page number.

last_page   integer   

Last page number.

Attach patient to clinician

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/user/attach" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"email\": \"name@domain.com\"
}"
const url = new URL(
    "http://localhost:8000/api/user/attach"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "email": "name@domain.com"
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (202, OK):


{
    "message": "Patient attached",
    "code": "USERS:ATTACH:ATTACHED"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to attach patients",
    "code": "USERS:ATTACH:INSUFFICIENT_PERMISSION"
}
 

Example response (403, Patient is already assigned to another clinician):


{
    "message": "Patient is already assigned to another clinician",
    "code": "USERS:ATTACH:ALREADY_ASSIGNED"
}
 

Example response (403, User reached the temporary limit of attached devices):


{
    "message": "Reached the limit of assigned devices",
    "code": "USERS:ATTACH:LIMIT_REACHED"
}
 

Example response (404, User not found):


{
    "message": "User not found",
    "code": "USERS:ATTACH:USER_NOT_FOUND"
}
 

Request   

POST api/user/attach

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Body Parameters

email   string   

User e-mail address. MUST_BE_EMAIL. Example: name@domain.com

Detach patient from clinician

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/user/1/detach" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/user/1/detach"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "POST",
    headers,
}).then(response => response.json());

Example response (202, OK):


{
    "message": "Patient detached",
    "code": "USERS:DETACH:DETACHED"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to detach patient",
    "code": "USERS:DETACH:INSUFFICIENT_PERMISSION"
}
 

Example response (403, Cannot detach last clinician):


{
    "message": "Cannot detach patient's last clinician",
    "code": "USERS:DETACH:CANNOT_DETACH_LAST_CLINICIAN"
}
 

Example response (404, User not found):


{
    "message": "User not found",
    "code": "USERS:DETACH:USER_NOT_FOUND"
}
 

Request   

POST api/user/{id}/detach

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   integer   

User ID. Example: 1

Admin access to MFA codes

requires authentication

Requires admin.mfa_access permission.

Example request:
curl --request GET \
    --get "http://localhost:8000/api/user/1/mfa-codes" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/user/1/mfa-codes"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200, OK):


[
    {
        "id": 1,
        "user_id": 1,
        "code": "123456",
        "channel": "email",
        "expires": "2025-05-09 12:00:00"
    }
]
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to access MFA codes",
    "code": "USERS:ADMIN_MFA_ACCESS:INSUFFICIENT_PERMISSION"
}
 

Example response (404, User not found):


{
    "message": "User not found",
    "code": "USERS:ADMIN_MFA_ACCESS:USER_NOT_FOUND"
}
 

Request   

GET api/user/{id}/mfa-codes

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   integer   

User ID. Example: 1

Get user mobile consents

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/consents" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/consents"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


[
    {
        "id": 1,
        "user_id": 34,
        "name": "architecto",
        "value": "quia",
        "created_at": "1981-03-05T14:06:46.000000Z",
        "updated_at": "1997-10-06T01:58:06.000000Z"
    },
    {
        "id": 2,
        "user_id": 35,
        "name": "iste",
        "value": "dignissimos",
        "created_at": "2013-06-27T17:10:03.000000Z",
        "updated_at": "1981-05-02T23:51:01.000000Z"
    }
]
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to use mobile consents",
    "code": "USERS:GET_MOBILE_CONSENTS:INSUFFICIENT_PERMISSION"
}
 

Request   

GET api/consents

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Response

Response Fields

id   integer   

Consent record ID.

user_id   integer   

Associated user ID.

name   string   

Consent name/key.

value   string   

Consent value.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

Set user mobile consent

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/consents" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"name\": \"Push notifications\",
    \"value\": 1
}"
const url = new URL(
    "http://localhost:8000/api/consents"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "name": "Push notifications",
    "value": 1
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (200):


[
    {
        "id": 3,
        "user_id": 36,
        "name": "consequatur",
        "value": "ab",
        "created_at": "1977-02-26T12:51:36.000000Z",
        "updated_at": "1995-04-12T14:05:22.000000Z"
    },
    {
        "id": 4,
        "user_id": 37,
        "name": "dignissimos",
        "value": "odit",
        "created_at": "1972-09-30T11:01:27.000000Z",
        "updated_at": "1984-02-29T05:27:45.000000Z"
    }
]
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to use mobile consents",
    "code": "USERS:SET_MOBILE_CONSENTS:INSUFFICIENT_PERMISSION"
}
 

Request   

POST api/consents

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Body Parameters

name   string   

Consent name. Example: Push notifications

value   string   

Consent value. Example: 1

Response

Response Fields

id   integer   

Consent record ID.

user_id   integer   

Associated user ID.

name   string   

Consent name/key.

value   string   

Consent value.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

Clear user notifications

requires authentication

Clearing notifications allow to receive another notification on same day. This endpoint deletes notifications of type:

    This endpoint is intended for testing use only.
Example request:
curl --request DELETE \
    "http://localhost:8000/api/notifications/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/notifications/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "DELETE",
    headers,
}).then(response => response.json());

Example response (202, OK):


{
    "messages": "1 notifications deleted",
    "code": "USERS:CLEAR_NOTIFICATIONS:CLEARED"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to update user data",
    "code": "USERS:CLEAR_NOTIFICATIONS:INSUFFICIENT_PERMISSION"
}
 

Example response (404, User not found):


{
    "message": "User not found",
    "code": "USERS:CLEAR_NOTIFICATIONS:USER_NOT_FOUND"
}
 

Request   

DELETE api/notifications/{id}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   integer   

User ID. Example: 1

Versions

API endpoints for versions management

Get software versions

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/versions/software" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/versions/software"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


[
    {
        "id": 1,
        "name": "4.12.64",
        "created_at": "2026-06-29T13:09:20.000000Z",
        "updated_at": "2026-06-29T13:09:20.000000Z"
    },
    {
        "id": 2,
        "name": "4.7.61",
        "created_at": "2026-06-29T13:09:20.000000Z",
        "updated_at": "2026-06-29T13:09:20.000000Z"
    }
]
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to list versions",
    "code": "SOFTWARE_VERSION:LIST:INSUFFICIENT_PERMISSION"
}
 

Request   

GET api/versions/software

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Response

Response Fields

id   integer   

Software version ID.

name   string   

Version name.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

Create software version

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/versions/software" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"name\": \"1.0\"
}"
const url = new URL(
    "http://localhost:8000/api/versions/software"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "name": "1.0"
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (201):


{
    "id": 3,
    "name": "6.0.82",
    "created_at": "2026-06-29T13:09:20.000000Z",
    "updated_at": "2026-06-29T13:09:20.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to create versions",
    "code": "SOFTWARE_VERSION:CREATE:INSUFFICIENT_PERMISSION"
}
 

Request   

POST api/versions/software

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Body Parameters

name   string   

Name of version. Example: 1.0

Response

Response Fields

id   integer   

Software version ID.

name   string   

Version name.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

Delete software version

requires authentication

Example request:
curl --request DELETE \
    "http://localhost:8000/api/versions/software/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/versions/software/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "DELETE",
    headers,
}).then(response => response.json());

Example response (202, OK):


{
    "message": "Version deleted",
    "code": "SOFTWARE_VERSION:DELETE:DELETED"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to delete versions",
    "code": "SOFTWARE_VERSION:DELETE:INSUFFICIENT_PERMISSION"
}
 

Example response (403, Version in use (compatibility)):


{
    "message": "Cannot delete: version is used in compatibility entries (1)",
    "code": "SOFTWARE_VERSION:DELETE:VERSION_IN_USE_COMPATIBILITY"
}
 

Example response (404, Version not found):


{
    "message": "Version not found",
    "code": "SOFTWARE_VERSION:DELETE:VERSION_NOT_FOUND"
}
 

Request   

DELETE api/versions/software/{id}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   integer   

Software Version ID. Example: 1

Get firmware versions

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/versions/firmware" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/versions/firmware"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


[
    {
        "id": 2,
        "name": "9.64.32",
        "file_firmware": "/tmp/fakerRnJCvR",
        "file_firmware_v2": "/tmp/faker3jxabw",
        "file_firmware_v3": "/tmp/fakerdv8CKn",
        "file_firmware_v4": "/tmp/fakerrsQHwY",
        "file_firmware_v5": "/tmp/fakerFT6Hx6",
        "file_firmware_new_pcb": "/tmp/fakerSeJYTd",
        "file_bootloader": "/tmp/faker7ObrHS",
        "file_bootloader_v2": "/tmp/fakerbBzGFw",
        "file_bootloader_v3": "/tmp/fakerDN6RLl",
        "file_bootloader_v4": "/tmp/faker719qmJ",
        "changelog": "Molestias pariatur saepe repellendus ut adipisci dolores officiis unde. Ea est et quasi repellat consequatur sed. Dolores ipsum enim consequuntur nobis minus impedit aperiam quia.",
        "created_at": "2026-06-29T13:09:20.000000Z",
        "updated_at": "2026-06-29T13:09:20.000000Z"
    },
    {
        "id": 3,
        "name": "6.82.90",
        "file_firmware": "/tmp/fakerm6gxbE",
        "file_firmware_v2": "/tmp/fakerLVUT3H",
        "file_firmware_v3": "/tmp/fakerFU6RE9",
        "file_firmware_v4": "/tmp/fakerDrimST",
        "file_firmware_v5": "/tmp/fakersmumGt",
        "file_firmware_new_pcb": "/tmp/fakern4dA15",
        "file_bootloader": "/tmp/fakerHG4rzE",
        "file_bootloader_v2": "/tmp/fakerWIrP3X",
        "file_bootloader_v3": "/tmp/fakerj3Iy1W",
        "file_bootloader_v4": "/tmp/fakerPcjaD8",
        "changelog": "Commodi animi alias suscipit. Sunt vel atque voluptas quia tempore. Eos animi et culpa sed rem quas suscipit. Quis laborum dolorem sapiente. Dolor quidem repellat dolorem qui aliquam dolores at.",
        "created_at": "2026-06-29T13:09:20.000000Z",
        "updated_at": "2026-06-29T13:09:20.000000Z"
    }
]
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to list versions",
    "code": "FIRMWARE_VERSION:LIST:INSUFFICIENT_PERMISSION"
}
 

Request   

GET api/versions/firmware

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Query Parameters

extend   string  optional  

Comma-separated list of relation extensions (available: models).

Response

Response Fields

id   integer   

Firmware version ID.

name   string   

Version name.

file_firmware   string   

Firmware file URL.

file_firmware_v2   string   

Firmware v2 file URL.

file_firmware_v3   string   

Firmware v3 file URL.

file_firmware_v4   string   

Firmware v4 file URL.

file_firmware_v5   string   

Firmware v5 file URL.

file_firmware_new_pcb   string   

New PCB firmware file URL.

file_bootloader   string   

Bootloader file URL.

file_bootloader_v2   string   

Bootloader v2 file URL.

file_bootloader_v3   string   

Bootloader v3 file URL.

file_bootloader_v4   string   

Bootloader v4 file URL.

changelog   string   

Changelog file URL.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

Create firmware version

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/versions/firmware" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: multipart/form-data" \
    --header "Accept: application/json" \
    --form "name=1.0"\
    --form "models[]=1"\
    --form "changelog[][language]=en"\
    --form "changelog[][changelog]=Fixed bug with the connection"\
    --form "file_firmware=@/tmp/php8Jcql5" \
    --form "file_firmware_v2=@/tmp/phpQp1bRb" \
    --form "file_firmware_v3=@/tmp/phpKMldk8" \
    --form "file_firmware_v4=@/tmp/phpxyFmAb" \
    --form "file_firmware_v5=@/tmp/phpZ8Qyeq" \
    --form "file_firmware_new_pcb=@/tmp/phpFDVJzk" \
    --form "file_bootloader=@/tmp/phpNiE1S0" \
    --form "file_bootloader_v2=@/tmp/phpE5yfN1" \
    --form "file_bootloader_v3=@/tmp/php3OXdvO" \
    --form "file_bootloader_v4=@/tmp/phpdxBmPK" 
const url = new URL(
    "http://localhost:8000/api/versions/firmware"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "multipart/form-data",
    "Accept": "application/json",
};

const body = new FormData();
body.append('name', '1.0');
body.append('models[]', '1');
body.append('changelog[][language]', 'en');
body.append('changelog[][changelog]', 'Fixed bug with the connection');
body.append('file_firmware', document.querySelector('input[name="file_firmware"]').files[0]);
body.append('file_firmware_v2', document.querySelector('input[name="file_firmware_v2"]').files[0]);
body.append('file_firmware_v3', document.querySelector('input[name="file_firmware_v3"]').files[0]);
body.append('file_firmware_v4', document.querySelector('input[name="file_firmware_v4"]').files[0]);
body.append('file_firmware_v5', document.querySelector('input[name="file_firmware_v5"]').files[0]);
body.append('file_firmware_new_pcb', document.querySelector('input[name="file_firmware_new_pcb"]').files[0]);
body.append('file_bootloader', document.querySelector('input[name="file_bootloader"]').files[0]);
body.append('file_bootloader_v2', document.querySelector('input[name="file_bootloader_v2"]').files[0]);
body.append('file_bootloader_v3', document.querySelector('input[name="file_bootloader_v3"]').files[0]);
body.append('file_bootloader_v4', document.querySelector('input[name="file_bootloader_v4"]').files[0]);

fetch(url, {
    method: "POST",
    headers,
    body,
}).then(response => response.json());

Example response (201):


{
    "id": 4,
    "name": "1.58.13",
    "file_firmware": "/tmp/fakermDicCe",
    "file_firmware_v2": "/tmp/fakerM9AWuq",
    "file_firmware_v3": "/tmp/faker2kj666",
    "file_firmware_v4": "/tmp/fakerjKDEH8",
    "file_firmware_v5": "/tmp/fakervn02Yl",
    "file_firmware_new_pcb": "/tmp/fakercD2Dmg",
    "file_bootloader": "/tmp/fakerWzw4FQ",
    "file_bootloader_v2": "/tmp/faker1On4G2",
    "file_bootloader_v3": "/tmp/fakerq1pt5F",
    "file_bootloader_v4": "/tmp/fakermLxCFj",
    "changelog": "In aut omnis et dolore et. Animi sapiente ab laboriosam nemo. Exercitationem eligendi praesentium enim voluptatem et quaerat eaque unde. Possimus voluptas non quas.",
    "created_at": "2026-06-29T13:09:20.000000Z",
    "updated_at": "2026-06-29T13:09:20.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to create versions",
    "code": "FIRMWARE_VERSION:CREATE:INSUFFICIENT_PERMISSION"
}
 

Request   

POST api/versions/firmware

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: multipart/form-data

Accept      

Example: application/json

Body Parameters

name   string   

Name of version. Example: 1.0

models   integer[]  optional  

Device Model ID. The id of an existing record in the App\Models\DeviceModel table.

file_firmware   file  optional  

Attached firmware file. Must be a file. MAXIMUM:FILE_KB:102400. Example: /tmp/php8Jcql5

file_firmware_v2   file  optional  

Attached firmware file. Must be a file. MAXIMUM:FILE_KB:102400. Example: /tmp/phpQp1bRb

file_firmware_v3   file  optional  

Attached firmware file. Must be a file. MAXIMUM:FILE_KB:102400. Example: /tmp/phpKMldk8

file_firmware_v4   file  optional  

Attached firmware file. Must be a file. MAXIMUM:FILE_KB:102400. Example: /tmp/phpxyFmAb

file_firmware_v5   file  optional  

Attached firmware file. Must be a file. MAXIMUM:FILE_KB:102400. Example: /tmp/phpZ8Qyeq

file_firmware_new_pcb   file  optional  

Attached firmware for new PCB file. Must be a file. MAXIMUM:FILE_KB:102400. Example: /tmp/phpFDVJzk

file_bootloader   file  optional  

Attached bootloader file. Must be a file. MAXIMUM:FILE_KB:102400. Example: /tmp/phpNiE1S0

file_bootloader_v2   file  optional  

Attached bootloader file. Must be a file. MAXIMUM:FILE_KB:102400. Example: /tmp/phpE5yfN1

file_bootloader_v3   file  optional  

Attached bootloader file. Must be a file. MAXIMUM:FILE_KB:102400. Example: /tmp/php3OXdvO

file_bootloader_v4   file  optional  

Attached bootloader file. Must be a file. MAXIMUM:FILE_KB:102400. Example: /tmp/phpdxBmPK

changelog   object[]  optional  

List of changelog translations.

language   string  optional  

Changelog language (2 characters code). Example: en

changelog   string  optional  

Changelog for the version. Example: Fixed bug with the connection

Response

Response Fields

id   integer   

Firmware version ID.

name   string   

Version name.

file_firmware   string   

Firmware file URL.

file_firmware_v2   string   

Firmware v2 file URL.

file_firmware_v3   string   

Firmware v3 file URL.

file_firmware_v4   string   

Firmware v4 file URL.

file_firmware_v5   string   

Firmware v5 file URL.

file_firmware_new_pcb   string   

New PCB firmware file URL.

file_bootloader   string   

Bootloader file URL.

file_bootloader_v2   string   

Bootloader v2 file URL.

file_bootloader_v3   string   

Bootloader v3 file URL.

file_bootloader_v4   string   

Bootloader v4 file URL.

changelog   string   

Changelog file URL.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

Update firmware version

requires authentication

Example request:
curl --request PUT \
    "http://localhost:8000/api/versions/firmware/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: multipart/form-data" \
    --header "Accept: application/json" \
    --form "name=1.0"\
    --form "models[]=1"\
    --form "file_firmware_delete=1"\
    --form "file_firmware_v2_delete=1"\
    --form "file_firmware_v3_delete=1"\
    --form "file_firmware_v4_delete=1"\
    --form "file_firmware_v5_delete=1"\
    --form "file_firmware_new_pcb_delete=1"\
    --form "file_bootloader_delete=1"\
    --form "file_bootloader_v2_delete=1"\
    --form "file_bootloader_v3_delete=1"\
    --form "file_bootloader_v4_delete=1"\
    --form "changelog[][language]=en"\
    --form "changelog[][changelog]=Fixed bug with the connection"\
    --form "file_firmware=@/tmp/phps9Cqw0" \
    --form "file_firmware_v2=@/tmp/phpRTimJt" \
    --form "file_firmware_v3=@/tmp/php2X20iK" \
    --form "file_firmware_v4=@/tmp/phpw4jp5T" \
    --form "file_firmware_v5=@/tmp/php4jt8Y0" \
    --form "file_firmware_new_pcb=@/tmp/phpblpdsr" \
    --form "file_bootloader=@/tmp/phpubBMBV" \
    --form "file_bootloader_v2=@/tmp/php0ejkUl" \
    --form "file_bootloader_v3=@/tmp/phpD1AVdd" \
    --form "file_bootloader_v4=@/tmp/phplidwEs" 
const url = new URL(
    "http://localhost:8000/api/versions/firmware/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "multipart/form-data",
    "Accept": "application/json",
};

const body = new FormData();
body.append('name', '1.0');
body.append('models[]', '1');
body.append('file_firmware_delete', '1');
body.append('file_firmware_v2_delete', '1');
body.append('file_firmware_v3_delete', '1');
body.append('file_firmware_v4_delete', '1');
body.append('file_firmware_v5_delete', '1');
body.append('file_firmware_new_pcb_delete', '1');
body.append('file_bootloader_delete', '1');
body.append('file_bootloader_v2_delete', '1');
body.append('file_bootloader_v3_delete', '1');
body.append('file_bootloader_v4_delete', '1');
body.append('changelog[][language]', 'en');
body.append('changelog[][changelog]', 'Fixed bug with the connection');
body.append('file_firmware', document.querySelector('input[name="file_firmware"]').files[0]);
body.append('file_firmware_v2', document.querySelector('input[name="file_firmware_v2"]').files[0]);
body.append('file_firmware_v3', document.querySelector('input[name="file_firmware_v3"]').files[0]);
body.append('file_firmware_v4', document.querySelector('input[name="file_firmware_v4"]').files[0]);
body.append('file_firmware_v5', document.querySelector('input[name="file_firmware_v5"]').files[0]);
body.append('file_firmware_new_pcb', document.querySelector('input[name="file_firmware_new_pcb"]').files[0]);
body.append('file_bootloader', document.querySelector('input[name="file_bootloader"]').files[0]);
body.append('file_bootloader_v2', document.querySelector('input[name="file_bootloader_v2"]').files[0]);
body.append('file_bootloader_v3', document.querySelector('input[name="file_bootloader_v3"]').files[0]);
body.append('file_bootloader_v4', document.querySelector('input[name="file_bootloader_v4"]').files[0]);

fetch(url, {
    method: "PUT",
    headers,
    body,
}).then(response => response.json());

Example response (201):


{
    "id": 5,
    "name": "5.81.21",
    "file_firmware": "/tmp/fakerElLtUo",
    "file_firmware_v2": "/tmp/fakerpWNXw5",
    "file_firmware_v3": "/tmp/fakerHcATIJ",
    "file_firmware_v4": "/tmp/fakerQXvtfI",
    "file_firmware_v5": "/tmp/fakernWIVh6",
    "file_firmware_new_pcb": "/tmp/fakeruBCtmW",
    "file_bootloader": "/tmp/fakerrTnBHR",
    "file_bootloader_v2": "/tmp/fakerguaUfm",
    "file_bootloader_v3": "/tmp/fakerbh68gT",
    "file_bootloader_v4": "/tmp/fakerP2aD7C",
    "changelog": "Rerum voluptas fugit explicabo dolorem. Veniam suscipit deserunt laboriosam. Corporis officiis deleniti consequatur eligendi.",
    "created_at": "2026-06-29T13:09:20.000000Z",
    "updated_at": "2026-06-29T13:09:20.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to update versions",
    "code": "FIRMWARE_VERSION:UPDATE:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Version not found):


{
    "message": "Version not found",
    "code": "FIRMWARE_VERSION:UPDATE:VERSION_NOT_FOUND"
}
 

Request   

PUT api/versions/firmware/{id}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: multipart/form-data

Accept      

Example: application/json

URL Parameters

id   integer   

Firmware Version ID. Example: 1

Body Parameters

name   string  optional  

Name of version. Example: 1.0

models   integer[]  optional  

Device Model ID. The id of an existing record in the App\Models\DeviceModel table.

file_firmware   file  optional  

Attached firmware file. Must be a file. MAXIMUM:FILE_KB:102400. Example: /tmp/phps9Cqw0

file_firmware_v2   file  optional  

Attached firmware file. Must be a file. MAXIMUM:FILE_KB:102400. Example: /tmp/phpRTimJt

file_firmware_v3   file  optional  

Attached firmware file. Must be a file. MAXIMUM:FILE_KB:102400. Example: /tmp/php2X20iK

file_firmware_v4   file  optional  

Attached firmware file. Must be a file. MAXIMUM:FILE_KB:102400. Example: /tmp/phpw4jp5T

file_firmware_v5   file  optional  

Attached firmware file. Must be a file. MAXIMUM:FILE_KB:102400. Example: /tmp/php4jt8Y0

file_firmware_new_pcb   file  optional  

Attached firmware for new PCB file. Must be a file. MAXIMUM:FILE_KB:102400. Example: /tmp/phpblpdsr

file_bootloader   file  optional  

Attached bootloader file. Must be a file. MAXIMUM:FILE_KB:102400. Example: /tmp/phpubBMBV

file_bootloader_v2   file  optional  

Attached bootloader file. Must be a file. MAXIMUM:FILE_KB:102400. Example: /tmp/php0ejkUl

file_bootloader_v3   file  optional  

Attached bootloader file. Must be a file. MAXIMUM:FILE_KB:102400. Example: /tmp/phpD1AVdd

file_bootloader_v4   file  optional  

Attached bootloader file. Must be a file. MAXIMUM:FILE_KB:102400. Example: /tmp/phplidwEs

changelog   object[]  optional  

List of changelog translations.

language   string  optional  

Changelog language (2 characters code). Example: en

changelog   string  optional  

Changelog for the version. Pass "NULL" string to remove the entry for given language. Example: Fixed bug with the connection

file_firmware_delete   string  optional  

Send this parameter with value 1 to remove existing file for file_firmware. Example: 1

file_firmware_v2_delete   string  optional  

Send this parameter with value 1 to remove existing file for file_firmware_v2. Example: 1

file_firmware_v3_delete   string  optional  

Send this parameter with value 1 to remove existing file for file_firmware_v3. Example: 1

file_firmware_v4_delete   string  optional  

Send this parameter with value 1 to remove existing file for file_firmware_v4. Example: 1

file_firmware_v5_delete   string  optional  

Send this parameter with value 1 to remove existing file for file_firmware_v5. Example: 1

file_firmware_new_pcb_delete   string  optional  

Send this parameter with value 1 to remove existing file for file_firmware_new_pcb. Example: 1

file_bootloader_delete   string  optional  

Send this parameter with value 1 to remove existing file for file_bootloader. Example: 1

file_bootloader_v2_delete   string  optional  

Send this parameter with value 1 to remove existing file for file_bootloader_v2. Example: 1

file_bootloader_v3_delete   string  optional  

Send this parameter with value 1 to remove existing file for file_bootloader_v3. Example: 1

file_bootloader_v4_delete   string  optional  

Send this parameter with value 1 to remove existing file for file_bootloader_v4. Example: 1

Response

Response Fields

id   integer   

Firmware version ID.

name   string   

Version name.

file_firmware   string   

Firmware file URL.

file_firmware_v2   string   

Firmware v2 file URL.

file_firmware_v3   string   

Firmware v3 file URL.

file_firmware_v4   string   

Firmware v4 file URL.

file_firmware_v5   string   

Firmware v5 file URL.

file_firmware_new_pcb   string   

New PCB firmware file URL.

file_bootloader   string   

Bootloader file URL.

file_bootloader_v2   string   

Bootloader v2 file URL.

file_bootloader_v3   string   

Bootloader v3 file URL.

file_bootloader_v4   string   

Bootloader v4 file URL.

changelog   string   

Changelog file URL.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

Delete firmware version

requires authentication

Example request:
curl --request DELETE \
    "http://localhost:8000/api/versions/firmware/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/versions/firmware/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "DELETE",
    headers,
}).then(response => response.json());

Example response (202, OK):


{
    "message": "Version deleted",
    "code": "FIRMWARE_VERSION:DELETE:DELETED"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to delete versions",
    "code": "FIRMWARE_VERSION:DELETE:INSUFFICIENT_PERMISSION"
}
 

Example response (403, Version in use (compatibility)):


{
    "message": "Cannot delete: version is used in compatibility entries (1)",
    "code": "FIRMWARE_VERSION:DELETE:VERSION_IN_USE_COMPATIBILITY"
}
 

Example response (403, Version in use (device)):


{
    "message": "Cannot delete: version is assigned to devices (1)",
    "code": "FIRMWARE_VERSION:DELETE:VERSION_IN_USE_DEVICE"
}
 

Example response (404, Version not found):


{
    "message": "Version not found",
    "code": "FIRMWARE_VERSION:DELETE:VERSION_NOT_FOUND"
}
 

Request   

DELETE api/versions/firmware/{id}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   integer   

Firmware Version ID. Example: 1

Get PCB versions

requires authentication

Example request:
curl --request GET \
    --get "http://localhost:8000/api/versions/pcb" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/versions/pcb"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


[
    {
        "id": 2,
        "name": "4.81.16",
        "hardware_id": "",
        "created_at": "2026-06-29T13:09:20.000000Z",
        "updated_at": "2026-06-29T13:09:20.000000Z"
    },
    {
        "id": 3,
        "name": "3.21.59",
        "hardware_id": "",
        "created_at": "2026-06-29T13:09:20.000000Z",
        "updated_at": "2026-06-29T13:09:20.000000Z"
    }
]
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to list versions",
    "code": "PCB_VERSION:LIST:INSUFFICIENT_PERMISSION"
}
 

Request   

GET api/versions/pcb

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Query Parameters

extend   string  optional  

Comma-separated list of relation extensions (available: models).

Response

Response Fields

id   integer   

PCB version ID.

name   string   

Version name.

hardware_id   string   

Hardware identifier.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

Create PCB version

requires authentication

Example request:
curl --request POST \
    "http://localhost:8000/api/versions/pcb" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"name\": \"1.0\",
    \"models\": [
        1
    ],
    \"hardware_id\": \"1\"
}"
const url = new URL(
    "http://localhost:8000/api/versions/pcb"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "name": "1.0",
    "models": [
        1
    ],
    "hardware_id": "1"
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (201):


{
    "id": 4,
    "name": "5.35.10",
    "hardware_id": "",
    "created_at": "2026-06-29T13:09:20.000000Z",
    "updated_at": "2026-06-29T13:09:20.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to create versions",
    "code": "PCB_VERSION:CREATE:INSUFFICIENT_PERMISSION"
}
 

Request   

POST api/versions/pcb

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Body Parameters

name   string   

Name of version. Example: 1.0

models   integer[]  optional  

Device Model ID. The id of an existing record in the App\Models\DeviceModel table.

hardware_id   string   

Hardware ID name. Example: 1

Response

Response Fields

id   integer   

PCB version ID.

name   string   

Version name.

hardware_id   string   

Hardware identifier.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

Update PCB version

requires authentication

Example request:
curl --request PUT \
    "http://localhost:8000/api/versions/pcb/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"name\": \"1.0\",
    \"models\": [
        1
    ],
    \"hardware_id\": \"1\"
}"
const url = new URL(
    "http://localhost:8000/api/versions/pcb/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "name": "1.0",
    "models": [
        1
    ],
    "hardware_id": "1"
};

fetch(url, {
    method: "PUT",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (201):


{
    "id": 5,
    "name": "6.7.54",
    "hardware_id": "",
    "created_at": "2026-06-29T13:09:20.000000Z",
    "updated_at": "2026-06-29T13:09:20.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to update versions",
    "code": "PCB_VERSION:UPDATE:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Version not found):


{
    "message": "Version not found",
    "code": "PCB_VERSION:UPDATE:VERSION_NOT_FOUND"
}
 

Request   

PUT api/versions/pcb/{id}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   integer   

PCB Version ID. Example: 1

Body Parameters

name   string  optional  

Name of version. Example: 1.0

models   integer[]  optional  

Device Model ID. The id of an existing record in the App\Models\DeviceModel table.

hardware_id   string  optional  

Hardware ID name. Example: 1

Response

Response Fields

id   integer   

PCB version ID.

name   string   

Version name.

hardware_id   string   

Hardware identifier.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

Delete PCB version

requires authentication

Example request:
curl --request DELETE \
    "http://localhost:8000/api/versions/pcb/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/versions/pcb/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "DELETE",
    headers,
}).then(response => response.json());

Example response (202, OK):


{
    "message": "Version deleted",
    "code": "PCB_VERSION:DELETE:DELETED"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to delete versions",
    "code": "PCB_VERSION:DELETE:INSUFFICIENT_PERMISSION"
}
 

Example response (403, Version in use (compatibility)):


{
    "message": "Cannot delete: version is used in compatibility entries (1)",
    "code": "PCB_VERSION:DELETE:VERSION_IN_USE_COMPATIBILITY"
}
 

Example response (403, Version in use (device)):


{
    "message": "Cannot delete: version is assigned to devices (1)",
    "code": "PCB_VERSION:DELETE:VERSION_IN_USE_DEVICE"
}
 

Example response (404, Version not found):


{
    "message": "Version not found",
    "code": "PCB_VERSION:DELETE:VERSION_NOT_FOUND"
}
 

Request   

DELETE api/versions/pcb/{id}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   integer   

PCB Version ID. Example: 1

List compatibilities

requires authentication

Most typical scenarios to use compatibility matrix:

Example request:
curl --request GET \
    --get "http://localhost:8000/api/versions/compatibility?model=1&software=1.2&firmware=1.5&pcb=1.0&summary=" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/versions/compatibility"
);

const params = {
    "model": "1",
    "software": "1.2",
    "firmware": "1.5",
    "pcb": "1.0",
    "summary": "0",
};
Object.keys(params)
    .forEach(key => url.searchParams.append(key, params[key]));

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


{
    "paginator": {
        "total": 2,
        "count": 2,
        "perpage": 20,
        "current_page": 1,
        "last_page": 1
    },
    "items": [
        {
            "id": 1,
            "device_model_id": 10,
            "software_version_id": 4,
            "firmware_version_id": 14,
            "pcb_version_id": 6,
            "is_fully_compatible": 1,
            "created_at": "2026-06-29T13:09:20.000000Z",
            "updated_at": "2026-06-29T13:09:20.000000Z",
            "features": [
                {
                    "id": 1,
                    "compatibility_id": 1,
                    "feature_id": 5,
                    "is_compatible": 0,
                    "reason": "Saepe aut amet sit aspernatur. Veniam vel ab tempore non sit.",
                    "created_at": "2026-06-29T13:09:20.000000Z",
                    "updated_at": "2026-06-29T13:09:20.000000Z",
                    "feature": {
                        "id": 5,
                        "name": "gray",
                        "slug": "pariatur-id-facere-unde-suscipit-voluptate-aliquid-non",
                        "created_at": "2026-06-29T13:09:20.000000Z",
                        "updated_at": "2026-06-29T13:09:20.000000Z"
                    }
                },
                {
                    "id": 2,
                    "compatibility_id": 1,
                    "feature_id": 7,
                    "is_compatible": 1,
                    "reason": "Harum cum occaecati et ea libero. Totam optio et autem quasi. Non reiciendis et ullam. Quaerat dolor voluptatibus aut.",
                    "created_at": "2026-06-29T13:09:20.000000Z",
                    "updated_at": "2026-06-29T13:09:20.000000Z",
                    "feature": {
                        "id": 7,
                        "name": "green",
                        "slug": "veritatis-ut-suscipit-incidunt-et-ipsam-optio-eum",
                        "created_at": "2026-06-29T13:09:20.000000Z",
                        "updated_at": "2026-06-29T13:09:20.000000Z"
                    }
                },
                {
                    "id": 3,
                    "compatibility_id": 1,
                    "feature_id": 9,
                    "is_compatible": 1,
                    "reason": "Aperiam et pariatur qui fugit. Deleniti iste repellat earum non voluptatem eum fugiat. Sed veniam alias sunt. Saepe repellat voluptatibus optio voluptates. Voluptatem blanditiis deserunt voluptatem.",
                    "created_at": "2026-06-29T13:09:20.000000Z",
                    "updated_at": "2026-06-29T13:09:20.000000Z",
                    "feature": {
                        "id": 9,
                        "name": "lime",
                        "slug": "et-sed-dicta-suscipit-occaecati-ea",
                        "created_at": "2026-06-29T13:09:20.000000Z",
                        "updated_at": "2026-06-29T13:09:20.000000Z"
                    }
                }
            ]
        },
        {
            "id": 5,
            "device_model_id": 14,
            "software_version_id": 8,
            "firmware_version_id": 18,
            "pcb_version_id": 10,
            "is_fully_compatible": 0,
            "created_at": "2026-06-29T13:09:20.000000Z",
            "updated_at": "2026-06-29T13:09:20.000000Z",
            "features": [
                {
                    "id": 4,
                    "compatibility_id": 5,
                    "feature_id": 10,
                    "is_compatible": 0,
                    "reason": "Libero ducimus sit non rerum rerum necessitatibus. Provident ullam et enim et voluptatibus veritatis sequi. Qui omnis qui incidunt.",
                    "created_at": "2026-06-29T13:09:20.000000Z",
                    "updated_at": "2026-06-29T13:09:20.000000Z",
                    "feature": {
                        "id": 10,
                        "name": "fuchsia",
                        "slug": "harum-non-amet-laborum-repudiandae",
                        "created_at": "2026-06-29T13:09:20.000000Z",
                        "updated_at": "2026-06-29T13:09:20.000000Z"
                    }
                },
                {
                    "id": 5,
                    "compatibility_id": 5,
                    "feature_id": 12,
                    "is_compatible": 0,
                    "reason": "Mollitia ut nihil iusto consequatur beatae enim eos. Blanditiis temporibus velit eius. Mollitia repellendus in quaerat rerum voluptatem. Et excepturi et perspiciatis quia.",
                    "created_at": "2026-06-29T13:09:20.000000Z",
                    "updated_at": "2026-06-29T13:09:20.000000Z",
                    "feature": {
                        "id": 12,
                        "name": "fuchsia",
                        "slug": "vero-corporis-enim-eos",
                        "created_at": "2026-06-29T13:09:20.000000Z",
                        "updated_at": "2026-06-29T13:09:20.000000Z"
                    }
                },
                {
                    "id": 6,
                    "compatibility_id": 5,
                    "feature_id": 14,
                    "is_compatible": 0,
                    "reason": "Rerum et placeat porro voluptatum reiciendis rerum. Est necessitatibus et veritatis quaerat nostrum itaque. Et suscipit sed eaque eos sapiente ut. Qui quas quam minima at et sed.",
                    "created_at": "2026-06-29T13:09:20.000000Z",
                    "updated_at": "2026-06-29T13:09:20.000000Z",
                    "feature": {
                        "id": 14,
                        "name": "lime",
                        "slug": "ex-nihil-minus-et-et-deleniti-deserunt-alias-corporis",
                        "created_at": "2026-06-29T13:09:20.000000Z",
                        "updated_at": "2026-06-29T13:09:20.000000Z"
                    }
                }
            ]
        }
    ]
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to list versions compatibilities",
    "code": "COMPATIBILITY:LIST:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Device model not found):


{
    "message": "Device model not found",
    "code": "COMPATIBILITY:LIST:DEVICE_MODEL_NOT_FOUND"
}
 

Example response (404, Software version not found):


{
    "message": "Software version not found",
    "code": "COMPATIBILITY:LIST:SOFTWARE_VERSION_NOT_FOUND"
}
 

Example response (404, Firmware version not found):


{
    "message": "Firmware version not found",
    "code": "COMPATIBILITY:LIST:FIRMWARE_VERSION_NOT_FOUND"
}
 

Example response (404, PCB version not found):


{
    "message": "PCB version not found",
    "code": "COMPATIBILITY:LIST:PCB_VERSION_NOT_FOUND"
}
 

Request   

GET api/versions/compatibility

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Query Parameters

model   integer  optional  

Filter compatibility matrix by device model ID. Example: 1

software   string  optional  

Filter compatibility matrix by software version name (not ID!). Example: 1.2

firmware   string  optional  

Filter compatibility matrix by firmware version name (not ID!). Example: 1.5

pcb   string  optional  

Filter compatibility matrix by PCB version name (not ID!). Example: 1.0

summary   boolean  optional  

Add to response the device model, software, firmware and PCB entries used to filter the list. Example: false

perpage   integer  optional  

Elements per page (Default: 20).

page   integer  optional  

Page number (Default: 1).

extend   string  optional  

Comma-separated list of relation extensions (available: features, features.feature, deviceModel, softwareVersion, firmwareVersion, pcbVersion).

Response

Response Fields

items   object   
id   integer   

Compatibility entry ID.

device_model_id   integer   

Associated device model ID.

software_version_id   integer   

Associated software version ID.

firmware_version_id   integer   

Associated firmware version ID.

pcb_version_id   integer   

Associated PCB version ID.

is_fully_compatible   boolean   

Whether all versions are fully compatible.

note   string   

Compatibility note.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

features   object[]   

Associated compatibility features.

paginator   object   
total   integer   

Total number of items.

count   integer   

Number of items on current page.

perpage   integer   

Items per page.

current_page   integer   

Current page number.

last_page   integer   

Last page number.

Add compatibility

requires authentication

Adds or updates compatibility matrix with assigned features. You can specify many versions for each list.

Example request:
curl --request POST \
    "http://localhost:8000/api/versions/compatibility" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"device_models\": [
        1
    ],
    \"software_versions\": [
        1
    ],
    \"firmware_versions\": [
        1
    ],
    \"pcb_versions\": [
        1
    ],
    \"is_fully_compatible\": true,
    \"features\": [
        {
            \"feature_id\": 1,
            \"compatible\": true,
            \"reason\": \"Firmware does not support...\"
        }
    ]
}"
const url = new URL(
    "http://localhost:8000/api/versions/compatibility"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "device_models": [
        1
    ],
    "software_versions": [
        1
    ],
    "firmware_versions": [
        1
    ],
    "pcb_versions": [
        1
    ],
    "is_fully_compatible": true,
    "features": [
        {
            "feature_id": 1,
            "compatible": true,
            "reason": "Firmware does not support..."
        }
    ]
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (202, OK):


{
    "added": 1,
    "updated": 0,
    "not_changed": 0
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to add versions compatibility",
    "code": "COMPATIBILITY:ADD:INSUFFICIENT_PERMISSION"
}
 

Request   

POST api/versions/compatibility

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

Body Parameters

device_models   integer[]  optional  

Array of Device Model IDs. The id of an existing record in the App\Models\DeviceModel table.

software_versions   integer[]  optional  

Array of Software Version IDs. The id of an existing record in the App\Models\SoftwareVersion table.

firmware_versions   integer[]  optional  

Array of Firmware Version IDs. The id of an existing record in the App\Models\FirmwareVersion table.

pcb_versions   integer[]  optional  

Array of PCB Version IDs. The id of an existing record in the App\Models\PCBVersion table.

is_fully_compatible   boolean  optional  

Is this set of versions fully compatible?. Example: true

features   object[]  optional  

Array of features to be assigned to this set of versions.

feature_id   string  optional  

Product feature ID. The id of an existing record in the App\Models\ProductFeature table. Example: 1

compatible   boolean  optional  

Is this feature compatible?. Example: true

reason   string  optional  

Reason of incompatibility. Example: Firmware does not support...

Update compatibility

requires authentication

Example request:
curl --request PUT \
    "http://localhost:8000/api/versions/compatibility/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"device_model_id\": 1,
    \"software_version_id\": 15,
    \"firmware_version_id\": 8,
    \"pcb_version_id\": 20,
    \"is_fully_compatible\": true,
    \"features\": [
        {
            \"id\": 1,
            \"feature_id\": 1,
            \"compatible\": true,
            \"reason\": \"Firmware does not support...\",
            \"delete\": true
        }
    ]
}"
const url = new URL(
    "http://localhost:8000/api/versions/compatibility/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "device_model_id": 1,
    "software_version_id": 15,
    "firmware_version_id": 8,
    "pcb_version_id": 20,
    "is_fully_compatible": true,
    "features": [
        {
            "id": 1,
            "feature_id": 1,
            "compatible": true,
            "reason": "Firmware does not support...",
            "delete": true
        }
    ]
};

fetch(url, {
    method: "PUT",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (202):


{
    "id": 9,
    "device_model_id": 18,
    "software_version_id": 12,
    "firmware_version_id": 22,
    "pcb_version_id": 14,
    "is_fully_compatible": 1,
    "created_at": "2026-06-29T13:09:21.000000Z",
    "updated_at": "2026-06-29T13:09:21.000000Z",
    "features": [
        {
            "id": 7,
            "compatibility_id": 9,
            "feature_id": 15,
            "is_compatible": 0,
            "reason": "Eum qui quam culpa animi. Eius eum quos qui maxime quia. Officia aut provident eum ut debitis.",
            "created_at": "2026-06-29T13:09:21.000000Z",
            "updated_at": "2026-06-29T13:09:21.000000Z",
            "feature": {
                "id": 15,
                "name": "yellow",
                "slug": "blanditiis-repellat-quia-quibusdam",
                "created_at": "2026-06-29T13:09:21.000000Z",
                "updated_at": "2026-06-29T13:09:21.000000Z"
            }
        }
    ]
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to update versions compatibility",
    "code": "COMPATIBILITY:UPDATE:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Versions Compatibility not found):


{
    "message": "Versions compatibility not found",
    "code": "COMPATIBILITY:UPDATE:COMPATIBILITY_NOT_FOUND"
}
 

Request   

PUT api/versions/compatibility/{id}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   integer   

Versions Compatibility ID. Example: 1

Body Parameters

device_model_id   integer  optional  

Device Model ID. The id of an existing record in the App\Models\DeviceModel table. Example: 1

software_version_id   integer  optional  

Software Version ID. The id of an existing record in the App\Models\SoftwareVersion table. Example: 15

firmware_version_id   integer  optional  

Firmware Version ID. The id of an existing record in the App\Models\FirmwareVersion table. Example: 8

pcb_version_id   integer  optional  

PCB Version ID. The id of an existing record in the App\Models\PCBVersion table. Example: 20

is_fully_compatible   boolean  optional  

Is this set of versions fully compatible?. Example: true

features   object[]  optional  

Array of features to be assigned to this set of versions.

id   string  optional  

Versions compatibility feature ID. Use with delete parameter to delete specific entry. Do not confuse with feature_id, this field refers to ID of relation between versions compatibility and product feature. The id of an existing record in the App\Models\VersionsCompatibilityFeature table. Example: 1

feature_id   string  optional  

Product feature ID. The id of an existing record in the App\Models\ProductFeature table. Example: 1

compatible   boolean  optional  

Is this feature compatible?. Example: true

reason   string  optional  

Reason of incompatibility. Example: Firmware does not support...

delete   boolean  optional  

Pass 1 to detach feature from this set of versions, skip otherwise. Example: true

Response

Response Fields

id   integer   

Compatibility entry ID.

device_model_id   integer   

Associated device model ID.

software_version_id   integer   

Associated software version ID.

firmware_version_id   integer   

Associated firmware version ID.

pcb_version_id   integer   

Associated PCB version ID.

is_fully_compatible   boolean   

Whether all versions are fully compatible.

note   string   

Compatibility note.

created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

features   object[]   

Associated compatibility features.

Delete compatibility

requires authentication

Example request:
curl --request DELETE \
    "http://localhost:8000/api/versions/compatibility/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/versions/compatibility/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "DELETE",
    headers,
}).then(response => response.json());

Example response (202, OK):


{
    "message": "Versions compatibility deleted",
    "code": "COMPATIBILITY:DELETE:DELETED"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to delete versions compatibility",
    "code": "COMPATIBILITY:DELETE:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Versions compatibility not found):


{
    "message": "Versions compatibility not found",
    "code": "COMPATIBILITY:DELETE:COMPATIBILITY_NOT_FOUND"
}
 

Request   

DELETE api/versions/compatibility/{id}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   integer   

Versions Compatibility ID. Example: 1

Video sessions

API endpoints for managing video sessions

List video sessions

requires authentication

Returns list of open video sessions. For most cases there should be exactly one entry (open/active session) or exactly zero entries (empty array, no open sessions).

Example request:
curl --request GET \
    --get "http://localhost:8000/api/sessions/video/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/sessions/video/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


[
    {
        "id": 1,
        "moderator_id": 126,
        "guest_id": 127,
        "jwt_moderator": "584178e5e3517ddcebc66340917adc3a27ce4be359a29aa827563d481ff5d67a",
        "jwt_guest": "a863d61edf457f037a3a9507a75f412107305e98738e7528f41f776d2f6ef4ce",
        "room_name": "room_e89a0c9b2a5b541a9eedba0d5bbf79d6",
        "expires": 1782739400,
        "status": "open",
        "created_at": "2026-06-29T13:08:21.000000Z",
        "updated_at": "2026-06-29T13:08:21.000000Z"
    },
    {
        "id": 2,
        "moderator_id": 130,
        "guest_id": 131,
        "jwt_moderator": "9b9f7060d3290054631e4f2a081601add7307f3f873e9bca60514fb3bddb566c",
        "jwt_guest": "50781ae6a4d70a21d399c2ac28327244ea447ed7f8d6c218396afb0f1532eeec",
        "room_name": "room_f7abcb8a1571b306de27a8d37f786765",
        "expires": 1782739402,
        "status": "open",
        "created_at": "2026-06-29T13:08:23.000000Z",
        "updated_at": "2026-06-29T13:08:23.000000Z"
    }
]
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to access video session",
    "code": "VIDEO_SESSIONS:LIST:INSUFFICIENT_PERMISSION"
}
 

Example response (404, User not found):


{
    "message": "User not found",
    "code": "VIDEO_SESSIONS:LIST:USER_NOT_FOUND"
}
 

Request   

GET api/sessions/video/{guestId}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

guestId   integer   

User ID (guest of the meeting). Example: 1

Response

Response Fields

id   integer   

Video session ID.

moderator_id   integer   

Moderator user ID.

guest_id   integer   

Guest user ID.

jwt_moderator   string   

JWT token for the moderator.

jwt_guest   string   

JWT token for the guest.

room_name   string   

Video room name.

expires   integer   

Session expiry as Unix timestamp.

status   string   

Session status.

Must be one of:
  • open
  • expired
  • closed
created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

moderator   object   

Moderator user.

guest   object   

Guest user.

Initialize video session

requires authentication

Creates JWT (JSON Web Token) and room name for Jitsi session. Logged-in user is a moderator of the session. JWT lifetime is 15 minutes.

Example request:
curl --request POST \
    "http://localhost:8000/api/sessions/video/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/sessions/video/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "POST",
    headers,
}).then(response => response.json());

Example response (201):


{
    "id": 3,
    "moderator_id": 134,
    "guest_id": 135,
    "jwt_moderator": "2162456ce5874b705f4bfdbeaa45dd2d596ed346c0b90cb7a5866d1246e769e6",
    "jwt_guest": "11e91a3f6d8635f3d7aa79678c64bde99e94d2a5f8276403e7e1917e0118fb1c",
    "room_name": "room_db02f018352239d4aa0a60a740ef294c",
    "expires": 1782739404,
    "status": "open",
    "created_at": "2026-06-29T13:08:25.000000Z",
    "updated_at": "2026-06-29T13:08:25.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to initialize video session",
    "code": "VIDEO_SESSIONS:INIT:INSUFFICIENT_PERMISSION"
}
 

Example response (404, User not found):


{
    "message": "User not found",
    "code": "VIDEO_SESSIONS:INIT:USER_NOT_FOUND"
}
 

Example response (500, Server error):


{
    "message": "Server error",
    "code": "VIDEO_SESSIONS:INIT:SERVER_ERROR"
}
 

Request   

POST api/sessions/video/{guestId}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

guestId   integer   

User ID (guest of the meeting). Example: 1

Response

Response Fields

id   integer   

Video session ID.

moderator_id   integer   

Moderator user ID.

guest_id   integer   

Guest user ID.

jwt_moderator   string   

JWT token for the moderator.

jwt_guest   string   

JWT token for the guest.

room_name   string   

Video room name.

expires   integer   

Session expiry as Unix timestamp.

status   string   

Session status.

Must be one of:
  • open
  • expired
  • closed
created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

moderator   object   

Moderator user.

guest   object   

Guest user.

Refresh video session

requires authentication

Refreshes video session JWT tokens to extend session lifetime.

Example request:
curl --request POST \
    "http://localhost:8000/api/sessions/video/1/refresh" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/sessions/video/1/refresh"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "POST",
    headers,
}).then(response => response.json());

Example response (202):


{
    "id": 4,
    "moderator_id": 138,
    "guest_id": 139,
    "jwt_moderator": "bac53a2cdcbf0a3d8fc1b1e573e81699382ed1080821d20ec1b47c7dddd02fa5",
    "jwt_guest": "d2cbe878a458bc302d4682c1057a21ce6d131ffa462de78fe18c304f05b30314",
    "room_name": "room_ea7c2aa8c91a164bb263d4d3dc4ed56d",
    "expires": 1782739406,
    "status": "open",
    "created_at": "2026-06-29T13:08:27.000000Z",
    "updated_at": "2026-06-29T13:08:27.000000Z"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to refresh video session",
    "code": "VIDEO_SESSIONS:REFRESH:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Session not found):


{
    "message": "Video session not found",
    "code": "VIDEO_SESSIONS:REFRESH:SESSION_NOT_FOUND"
}
 

Request   

POST api/sessions/video/{sessionId}/refresh

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

sessionId   integer   

Video Session ID. Example: 1

Response

Response Fields

id   integer   

Video session ID.

moderator_id   integer   

Moderator user ID.

guest_id   integer   

Guest user ID.

jwt_moderator   string   

JWT token for the moderator.

jwt_guest   string   

JWT token for the guest.

room_name   string   

Video room name.

expires   integer   

Session expiry as Unix timestamp.

status   string   

Session status.

Must be one of:
  • open
  • expired
  • closed
created_at   string   

Creation timestamp.

updated_at   string   

Last update timestamp.

moderator   object   

Moderator user.

guest   object   

Guest user.

Close video session

requires authentication

Marks video session (database entry) as closed. Does not close session on Jitsi side.

Example request:
curl --request DELETE \
    "http://localhost:8000/api/sessions/video/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "http://localhost:8000/api/sessions/video/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "DELETE",
    headers,
}).then(response => response.json());

Example response (202, OK):


{
    "message": "Video session closed",
    "code": "VIDEO_SESSIONS:CLOSE:CLOSED"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to close video session",
    "code": "VIDEO_SESSIONS:CLOSE:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Session not found):


{
    "message": "Video session not found",
    "code": "VIDEO_SESSIONS:CLOSE:SESSION_NOT_FOUND"
}
 

Request   

DELETE api/sessions/video/{sessionId}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

sessionId   integer   

Video Session ID. Example: 1

Invite technical support

requires authentication

Sends notification to Slack channel. Link to meeting is valid for 10 minutes.

Example request:
curl --request POST \
    "http://localhost:8000/api/sessions/video/invite-support/1" \
    --header "Authorization: Bearer {ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"room\": \"room_1081c785cf1464e4d6ebc3976561d490\",
    \"description\": \"Grip switching is not working, please join.\"
}"
const url = new URL(
    "http://localhost:8000/api/sessions/video/invite-support/1"
);

const headers = {
    "Authorization": "Bearer {ACCESS_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "room": "room_1081c785cf1464e4d6ebc3976561d490",
    "description": "Grip switching is not working, please join."
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (200, OK):


{
    "response": "success",
    "code": "VIDEO_SESSIONS:INVITE_TECH_SUPPORT:SUCCESS"
}
 

Example response (403, Insufficient permission):


{
    "message": "Insufficient permission to invite tech support",
    "code": "VIDEO_SESSIONS:INVITE_TECH_SUPPORT:INSUFFICIENT_PERMISSION"
}
 

Example response (404, Device not found):


{
    "message": "Device not found",
    "code": "VIDEO_SESSIONS:INVITE_TECH_SUPPORT:DEVICE_NOT_FOUND"
}
 

Example response (500, Request failed):


{
    "response": "invalid_payload",
    "code": "VIDEO_SESSIONS:INVITE_TECH_SUPPORT:FAILED"
}
 

Request   

POST api/sessions/video/invite-support/{deviceId}

Headers

Authorization      

Example: Bearer {ACCESS_TOKEN}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

deviceId   integer   

Device ID (current device of the session). Example: 1

Body Parameters

room   string   

Name of Jitsi room to connect. Example: room_1081c785cf1464e4d6ebc3976561d490

description   string  optional  

Description of problem provided by clinician. Example: Grip switching is not working, please join.