Skip to content

QUBS Integrations API (v1)

Partner-facing API providing read access to selected QUBS configuration and scheduling data, plus reporting submission endpoints for tele reporting workflows.

Authentication is via a bearer JWT in the Authorization header. Authorization is domain-scoped; all requests include a {domain} path parameter. Tokens are issued via the OAuth 2.0 client credentials flow (see Authentication below).

Token lifetimes:

  • Authentication flow session duration: 3 minutes.
  • Access token expiration: 60 minutes.
  • ID token expiration: 60 minutes.
  • Refresh token expiration: 5 days.

Refresh tokens (when issued) can be exchanged for new access tokens until they expire; after expiration, request a new token via the client credentials flow.

Scopes/audience: no additional scopes are required for current integrations; authorization is domain-scoped via claims. Audience is managed by QUBS; use the client credentials provisioned for your integration.

Sandbox: no public sandbox environment is currently available.

Errors are returned as RFC7807 Problem Details (application/problem+json) and include a requestId plus the X-Correlation-Id response header.

Data handling: responses may include PHI (patient name/date of birth). Treat all such data as sensitive, apply least-privilege access, and avoid logging or storing longer than required.

Date/time conventions: date values use ISO 8601 yyyy-MM-dd. time values use HH:mm:ss in the scheduled site's local timezone (see SiteSettings.timeZone). date-time values are returned in UTC. Numeric values are JSON numbers (integers/decimals), not strings.

Pagination: cursor endpoints return page objects with items and nextToken, while offset endpoints return arrays. For cursor paging, stop when nextToken is empty/omitted; for offset paging, stop when the response count is less than take. Ordering is not guaranteed and should not be assumed to be chronological.

Retry guidance: for 429 responses, honor the Retry-After header and use exponential backoff with jitter. GET requests are safe to retry. Reporting POST endpoints support the Idempotency-Key header; use a stable ASCII token (recommend a UUID) up to 128 characters and reuse the same key with the same payload to receive the original response. For timeouts or transient transport errors, retry the POST with the same key and exponential backoff; reuse with a different payload returns 409 Conflict. Keys are retained for 24 hours (comments/reports) or 15 minutes (report attachment uploads). Without the header, retries can create duplicates.

Rate limits: no fixed quotas or standard rate-limit headers are guaranteed. Use 429 responses and Retry-After when present.

Getting started

Base URL

  • Production: https://partners.qubs.io

Authentication

  1. Request an access token using the OAuth 2.0 client credentials flow.
  2. Send it in the Authorization header as Bearer <token>.

Token endpoint: https://authenticate.qubs.io/oauth2/token

Token request examples:

curl -X POST "https://authenticate.qubs.io/oauth2/token" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  --data-urlencode "grant_type=client_credentials" \
  --data-urlencode "client_id=<client_id>" \
  --data-urlencode "client_secret=<client_secret>"
Unirest.setTimeouts(0, 0);
HttpResponse<String> response = Unirest.post("https://authenticate.qubs.io/oauth2/token")
  .header("Content-Type", "application/x-www-form-urlencoded")
  .field("grant_type", "client_credentials")
  .field("client_id", "<client_id>")
  .field("client_secret", "<client_secret>")
  .asString();
using var client = new HttpClient();
using var request = new HttpRequestMessage(HttpMethod.Post, "https://authenticate.qubs.io/oauth2/token");
request.Content = new FormUrlEncodedContent(new Dictionary<string, string>
{
    ["grant_type"] = "client_credentials",
    ["client_id"] = "<client_id>",
    ["client_secret"] = "<client_secret>"
});
using var response = await client.SendAsync(request);
response.EnsureSuccessStatusCode();
var tokenPayload = await response.Content.ReadAsStringAsync();

Use the access_token value from the response as your bearer token.

If a refresh_token is issued, you can exchange it for new access tokens until it expires (5 days). When a refresh token is expired or not provided, request a new token via client credentials.

Example requests

curl -X GET "https://partners.qubs.io/integrations/v1/acme/reporting/appointments/pending?pageSize=1" \
  -H "Authorization: Bearer <token>"
curl -X POST "https://partners.qubs.io/integrations/v1/acme/reporting/appointments/A123456/report" \
  -H "Authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d '{"reportText":"Preliminary report text","reportStatus":"preliminary","reportedAtUtc":"2025-01-10T03:04:05Z"}'

Reporting workflow (example)

  1. List pending reporting appointments.
curl -X GET "https://partners.qubs.io/integrations/v1/acme/reporting/appointments/pending?pageSize=1" \
  -H "Authorization: Bearer <token>"

Example response:

{
  "items": [
    {
      "domain": "acme",
      "appointmentId": "A123456",
      "status": "PENDING REPORTING",
      "scheduledSite": "Central Clinic",
      "appointmentDate": "2025-01-12",
      "startTime": "13:45:00",
      "patientName": "Jane Doe"
    }
  ],
  "nextToken": "DDB_NEXT_TOKEN"
}
  1. (Optional) Create report attachment upload URLs.
curl -X POST "https://partners.qubs.io/integrations/v1/acme/reporting/appointments/A123456/report/attachments" \
  -H "Authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -H "Idempotency-Key: <idempotency-key>" \
  -d '{"items":[{"fileName":"report.pdf","contentType":"application/pdf"}]}'

Example response:

{
  "items": [
    {
      "guid": "989dd0c7-13bb-4bba-b7a0-53a28bdf5155",
      "fileName": "report.pdf",
      "category": "report",
      "uploadUrl": "https://example.com/upload/report.pdf",
      "uploadUrlExpiresAtUtc": "2025-01-10T03:19:05Z"
    }
  ]
}
  1. Upload the report artifact bytes with a PUT to uploadUrl.
curl -X PUT "https://example.com/upload/report.pdf" \
  -H "Content-Type: application/pdf" \
  --data-binary "@report.pdf"
  1. Submit the report content. Submissions overwrite any existing report for the appointment; you can submit a preliminary report and later submit a final report.
curl -X POST "https://partners.qubs.io/integrations/v1/acme/reporting/appointments/A123456/report" \
  -H "Authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -H "Idempotency-Key: <idempotency-key>" \
  -d '{"reportText":"No acute abnormality detected.","reportStatus":"preliminary","reportedAtUtc":"2025-01-10T03:04:05Z"}'

Example response:

{
  "reportGuid": "4b7f0a91-b4f5-4f2a-9a21-23456789abcd",
  "reportStatus": "preliminary",
  "reportedAtUtc": "2025-01-10T03:04:05Z"
}
  1. (Optional) Create an appointment comment/alert.
curl -X POST "https://partners.qubs.io/integrations/v1/acme/reporting/appointments/A123456/comments" \
  -H "Authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -H "Idempotency-Key: <idempotency-key>" \
  -d '{"commentText":"Report sent to referrer.","commentType":"AC","isAlert":false}'
Download OpenAPI description
openapi.json
openapi.yaml
Languages
Servers
Mock server
https://partnerdocs.qubs.io/_mock/openapi
Production API
https://partners.qubs.io
Relative to the current host
https://partnerdocs.qubs.io

Site Settings

Partner-facing endpoints for listing sites and retrieving site configuration within a domain.

Operations

Exam Codes

Partner-facing endpoints for retrieving exam code configuration for a site within a domain.

Operations

List exam codes for a site

Request

Returns exam codes for the specified domain and site when the caller is authorized.

Response body is a JSON array. Fields below apply to each array item.

Security
Bearer
Path
domainstringrequired

Partner domain identifier. Your bearer token is scoped to one or more domains and requests outside that scope are rejected.

Example: acme
siteNamestringrequired

Site name within the specified domain.

Example: Example Site
Headers
X-Correlation-Idstring

Request correlation identifier. Echoes the incoming X-Correlation-Id header when provided.

Example: 4b7f0a91b4f54f2a
curl -i -X GET \
  'https://partnerdocs.qubs.io/_mock/openapi/integrations/v1/acme/sites/Example Site/exam-codes' \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'X-Correlation-Id: 4b7f0a91b4f54f2a'

Responses

Array of exam codes for the requested domain and site.

Headers
X-Correlation-Idstring

Request correlation identifier. Echoes the incoming X-Correlation-Id header when provided.

Example: "4b7f0a91b4f54f2a"
Bodyapplication/jsonArray [
examCodeIdstringrequired

Unique exam code identifier.

Example: "123"
keystringrequired

QUBS internal key for the exam code record.

Example: "Example key"
sitestringrequired

Site this exam code belongs to.

Example: "Example site"
descriptionstringrequired

Human-readable exam description.

Example: "Example description"
categorystring

Optional exam category.

Example: "Example category"
modalitystring

Optional imaging modality.

Example: "Example modality"
totalDurationinteger(int32)

Configured duration in minutes.

Example: 1
showOnlineboolean

Whether this exam code is visible/available online.

Example: true
lastModifiedDateTimestring(date-time)

When the exam code was last updated.

Example: "2020-01-01T00:00:00Z"
]
Response
application/json
[
  {
    "examCodeId": "EC100",
    "key": "CT_CHEST",
    "site": "Central Clinic",
    "description": "CT Chest",
    "category": "CT",
    "modality": "CT",
    "totalDuration": 15,
    "showOnline": true,
    "lastModifiedDateTime": "2025-01-10T02:03:04Z"
  }
]

Staff Skills

Partner-facing endpoints for retrieving the staff skill grid and related metadata for a site within a domain.

Operations

Appointments

Partner-facing endpoints for retrieving appointments within a domain.

Operations

Attachments

Partner-facing endpoints for retrieving appointment attachments and generating short-lived presigned URLs.

Operations

Comments

Partner-facing endpoints for retrieving appointment and patient comments/alerts associated with an appointment.

Operations

Patients

Partner-facing endpoints for retrieving patients within a domain.

Operations

Reporting

Partner-facing endpoints for retrieving appointments that are pending reporting and submitting tele reporting artifacts. Typical workflow: list pending reporting appointments, create upload URLs for report artifacts (optional), upload with PUT, then submit report content.

Operations