Partner-facing endpoints for listing sites and retrieving site configuration within a domain.
QUBS Integrations API (v1)
Partner-facing API providing read access to selected QUBS configuration and scheduling data, plus reporting submission endpoints for tele reporting workflows.
Authentication is via a bearer JWT in the Authorization header. Authorization is domain-scoped; all requests include a {domain} path parameter. Tokens are issued via the OAuth 2.0 client credentials flow (see Authentication below).
Token lifetimes:
- Authentication flow session duration: 3 minutes.
- Access token expiration: 60 minutes.
- ID token expiration: 60 minutes.
- Refresh token expiration: 5 days.
Refresh tokens (when issued) can be exchanged for new access tokens until they expire; after expiration, request a new token via the client credentials flow.
Scopes/audience: no additional scopes are required for current integrations; authorization is domain-scoped via claims. Audience is managed by QUBS; use the client credentials provisioned for your integration.
Sandbox: no public sandbox environment is currently available.
Errors are returned as RFC7807 Problem Details (application/problem+json) and include a requestId plus the X-Correlation-Id response header.
Data handling: responses may include PHI (patient name/date of birth). Treat all such data as sensitive, apply least-privilege access, and avoid logging or storing longer than required.
Date/time conventions: date values use ISO 8601 yyyy-MM-dd. time values use HH:mm:ss in the scheduled site's local timezone (see SiteSettings.timeZone). date-time values are returned in UTC. Numeric values are JSON numbers (integers/decimals), not strings.
Pagination: cursor endpoints return page objects with items and nextToken, while offset endpoints return arrays. For cursor paging, stop when nextToken is empty/omitted; for offset paging, stop when the response count is less than take. Ordering is not guaranteed and should not be assumed to be chronological.
Retry guidance: for 429 responses, honor the Retry-After header and use exponential backoff with jitter. GET requests are safe to retry. Reporting POST endpoints support the Idempotency-Key header; use a stable ASCII token (recommend a UUID) up to 128 characters and reuse the same key with the same payload to receive the original response. For timeouts or transient transport errors, retry the POST with the same key and exponential backoff; reuse with a different payload returns 409 Conflict. Keys are retained for 24 hours (comments/reports) or 15 minutes (report attachment uploads). Without the header, retries can create duplicates.
Rate limits: no fixed quotas or standard rate-limit headers are guaranteed. Use 429 responses and Retry-After when present.
- Request an access token using the OAuth 2.0 client credentials flow.
- Send it in the
Authorizationheader asBearer <token>.
Token endpoint: https://authenticate.qubs.io/oauth2/token
Token request examples:
curl -X POST "https://authenticate.qubs.io/oauth2/token" \
-H "Content-Type: application/x-www-form-urlencoded" \
--data-urlencode "grant_type=client_credentials" \
--data-urlencode "client_id=<client_id>" \
--data-urlencode "client_secret=<client_secret>"Unirest.setTimeouts(0, 0);
HttpResponse<String> response = Unirest.post("https://authenticate.qubs.io/oauth2/token")
.header("Content-Type", "application/x-www-form-urlencoded")
.field("grant_type", "client_credentials")
.field("client_id", "<client_id>")
.field("client_secret", "<client_secret>")
.asString();using var client = new HttpClient();
using var request = new HttpRequestMessage(HttpMethod.Post, "https://authenticate.qubs.io/oauth2/token");
request.Content = new FormUrlEncodedContent(new Dictionary<string, string>
{
["grant_type"] = "client_credentials",
["client_id"] = "<client_id>",
["client_secret"] = "<client_secret>"
});
using var response = await client.SendAsync(request);
response.EnsureSuccessStatusCode();
var tokenPayload = await response.Content.ReadAsStringAsync();Use the access_token value from the response as your bearer token.
If a refresh_token is issued, you can exchange it for new access tokens until it expires (5 days). When a refresh token is expired or not provided, request a new token via client credentials.
curl -X GET "https://partners.qubs.io/integrations/v1/acme/reporting/appointments/pending?pageSize=1" \
-H "Authorization: Bearer <token>"curl -X POST "https://partners.qubs.io/integrations/v1/acme/reporting/appointments/A123456/report" \
-H "Authorization: Bearer <token>" \
-H "Content-Type: application/json" \
-d '{"reportText":"Preliminary report text","reportStatus":"preliminary","reportedAtUtc":"2025-01-10T03:04:05Z"}'- List pending reporting appointments.
curl -X GET "https://partners.qubs.io/integrations/v1/acme/reporting/appointments/pending?pageSize=1" \
-H "Authorization: Bearer <token>"Example response:
{
"items": [
{
"domain": "acme",
"appointmentId": "A123456",
"status": "PENDING REPORTING",
"scheduledSite": "Central Clinic",
"appointmentDate": "2025-01-12",
"startTime": "13:45:00",
"patientName": "Jane Doe"
}
],
"nextToken": "DDB_NEXT_TOKEN"
}- (Optional) Create report attachment upload URLs.
curl -X POST "https://partners.qubs.io/integrations/v1/acme/reporting/appointments/A123456/report/attachments" \
-H "Authorization: Bearer <token>" \
-H "Content-Type: application/json" \
-H "Idempotency-Key: <idempotency-key>" \
-d '{"items":[{"fileName":"report.pdf","contentType":"application/pdf"}]}'Example response:
{
"items": [
{
"guid": "989dd0c7-13bb-4bba-b7a0-53a28bdf5155",
"fileName": "report.pdf",
"category": "report",
"uploadUrl": "https://example.com/upload/report.pdf",
"uploadUrlExpiresAtUtc": "2025-01-10T03:19:05Z"
}
]
}- Upload the report artifact bytes with a PUT to
uploadUrl.
curl -X PUT "https://example.com/upload/report.pdf" \
-H "Content-Type: application/pdf" \
--data-binary "@report.pdf"- Submit the report content. Submissions overwrite any existing report for the appointment; you can submit a preliminary report and later submit a final report.
curl -X POST "https://partners.qubs.io/integrations/v1/acme/reporting/appointments/A123456/report" \
-H "Authorization: Bearer <token>" \
-H "Content-Type: application/json" \
-H "Idempotency-Key: <idempotency-key>" \
-d '{"reportText":"No acute abnormality detected.","reportStatus":"preliminary","reportedAtUtc":"2025-01-10T03:04:05Z"}'Example response:
{
"reportGuid": "4b7f0a91-b4f5-4f2a-9a21-23456789abcd",
"reportStatus": "preliminary",
"reportedAtUtc": "2025-01-10T03:04:05Z"
}- (Optional) Create an appointment comment/alert.
curl -X POST "https://partners.qubs.io/integrations/v1/acme/reporting/appointments/A123456/comments" \
-H "Authorization: Bearer <token>" \
-H "Content-Type: application/json" \
-H "Idempotency-Key: <idempotency-key>" \
-d '{"commentText":"Report sent to referrer.","commentType":"AC","isAlert":false}'Download OpenAPI description
Languages
Servers
Mock server
https://partnerdocs.qubs.io/_mock/openapi
Production API
https://partners.qubs.io
Relative to the current host
https://partnerdocs.qubs.io
Request
Returns appointment attachments (e.g. referrals, worksheets) and a short-lived presigned URL for each attachment when available.
Response body is a JSON array. Fields below apply to each array item.
Security
Bearer
Path
Partner domain identifier. Your bearer token is scoped to one or more domains and requests outside that scope are rejected.
Example: acme
- Mock serverhttps://partnerdocs.qubs.io/_mock/openapi/integrations/v1/{domain}/appointments/{appointmentId}/attachments
- Production APIhttps://partners.qubs.io/integrations/v1/{domain}/appointments/{appointmentId}/attachments
- Relative to the current hosthttps://partnerdocs.qubs.io/integrations/v1/{domain}/appointments/{appointmentId}/attachments
- curl
- JavaScript
- Node.js
- Python
- Java
- C#
- PHP
- Go
- Ruby
- R
- Payload
curl -i -X GET \
'https://partnerdocs.qubs.io/_mock/openapi/integrations/v1/acme/appointments/A123456/attachments?urlTtlSeconds=900&disposition=inline' \
-H 'Authorization: Bearer <YOUR_JWT_HERE>' \
-H 'X-Correlation-Id: 4b7f0a91b4f54f2a'Array of attachments for the requested appointment, including short-lived presigned URLs when available.
Bodyapplication/jsonArray [
When the attachment was added (UTC).
Example: "2020-01-01T00:00:00Z"
When the attachment was last modified (UTC).
Example: "2020-01-01T00:00:00Z"
Short-lived presigned URL for retrieving the attachment content when available.
Example: "https://example.com"
UTC expiry timestamp for the presigned URL when available.
Example: "2020-01-01T00:00:00Z"
Response
application/json
[ { "guid": "989dd0c7-13bb-4bba-b7a0-53a28bdf5155", "category": "Referral", "fileName": "referral.pdf", "addedDateTime": "2025-01-10T01:02:03Z", "addedBy": { … }, "lastModifiedDateTime": "2025-01-10T01:02:03Z", "lastModifiedBy": { … }, "url": "https://example.com/attachments/referral.pdf", "urlExpiresAtUtc": "2025-01-10T01:17:03Z" } ]
Security
Bearer
Path
Partner domain identifier. Your bearer token is scoped to one or more domains and requests outside that scope are rejected.
Example: acme
- Mock serverhttps://partnerdocs.qubs.io/_mock/openapi/integrations/v1/{domain}/appointments/{appointmentId}/attachments/{attachmentGuid}
- Production APIhttps://partners.qubs.io/integrations/v1/{domain}/appointments/{appointmentId}/attachments/{attachmentGuid}
- Relative to the current hosthttps://partnerdocs.qubs.io/integrations/v1/{domain}/appointments/{appointmentId}/attachments/{attachmentGuid}
- curl
- JavaScript
- Node.js
- Python
- Java
- C#
- PHP
- Go
- Ruby
- R
- Payload
curl -i -X GET \
'https://partnerdocs.qubs.io/_mock/openapi/integrations/v1/acme/appointments/A123456/attachments/989dd0c7-13bb-4bba-b7a0-53a28bdf5155?urlTtlSeconds=900&disposition=inline' \
-H 'Authorization: Bearer <YOUR_JWT_HERE>' \
-H 'X-Correlation-Id: 4b7f0a91b4f54f2a'Attachment metadata for the requested appointment attachment, including a short-lived presigned URL when available.
Bodyapplication/json
When the attachment was added (UTC).
Example: "2020-01-01T00:00:00Z"
When the attachment was last modified (UTC).
Example: "2020-01-01T00:00:00Z"
Short-lived presigned URL for retrieving the attachment content when available.
Example: "https://example.com"
Response
application/json
{ "guid": "989dd0c7-13bb-4bba-b7a0-53a28bdf5155", "category": "Referral", "fileName": "referral.pdf", "addedDateTime": "2025-01-10T01:02:03Z", "addedBy": { "username": "jchen", "firstName": "Jesse", "initials": "JC", "lastName": "Chen", "role": "Scheduler" }, "lastModifiedDateTime": "2025-01-10T01:02:03Z", "lastModifiedBy": { "username": "mbrown", "firstName": "Maya", "initials": "MB", "lastName": "Brown", "role": "Reception" }, "url": "https://example.com/attachments/referral.pdf", "urlExpiresAtUtc": "2025-01-10T01:17:03Z" }
Comments
Partner-facing endpoints for retrieving appointment and patient comments/alerts associated with an appointment.