This document provides detailed information about the Hospital Management System API. The API allows for managing users, patients, doctors, appointments, services, and contact requests.
All API endpoints are relative to the base URL:
http://localhost:8000
The API uses JWT (JSON Web Token) authentication. Most endpoints require authentication.
To authenticate, you need to obtain a JWT token by sending a POST request to the login endpoint:
POST /api/user/login/
Request body:
{
"username": "your_username",
"password": "your_password"
}
Response:
{
"refresh": "your_refresh_token",
"access": "your_access_token"
}
Include the access token in the Authorization header for all authenticated requests:
Authorization: Bearer your_access_token
Access tokens expire after a certain period. Use the refresh token to get a new access token:
POST /api/user/token/refresh/
Request body:
{
"refresh": "your_refresh_token"
}
Response:
{
"access": "new_access_token"
}
To log out and invalidate the refresh token:
POST /api/user/logout/
Request body:
{
"refresh": "your_refresh_token"
}
The API implements rate limiting to prevent abuse. Different endpoints may have different rate limits. When a rate limit is exceeded, the API will return a 429 Too Many Requests response.
List endpoints support pagination with the following query parameters:
page: The page number (default: 1)limits: The number of items per page (default: 100, max: 1000)Paginated responses include the following fields:
count: The total number of itemsnext: URL to the next page (null if there is no next page)previous: URL to the previous page (null if there is no previous page)results: Array of items for the current page400 Bad Request: The request was invalid or cannot be served. The request is not processed due to client error.401 Unauthorized: Authentication is required and has failed or has not been provided.403 Forbidden: The request was valid, but the server is refusing action. The user might not have the necessary permissions.404 Not Found: The requested resource could not be found.429 Too Many Requests: The user has sent too many requests in a given amount of time.500 Internal Server Error: The server has encountered a situation it doesn’t know how to handle.POST /api/user/register/
Creates a new user account. A UserProfile and Patient instance will be automatically created.
Request body:
{
"username": "string",
"first_name": "string",
"last_name": "string",
"email": "user@example.com",
"password": "string",
"confirm_password": "string"
}
Response:
{
"message": "string",
"tokens": {
"refresh": "string",
"access": "string"
},
"user": {
"id": 0,
"username": "string",
"email": "user@example.com",
"first_name": "string",
"last_name": "string",
"is_staff": false,
"is_active": true,
"date_joined": "2023-01-01T00:00:00Z"
}
}
POST /api/user/login/
Authenticate a user and obtain tokens.
Request body:
{
"username": "string",
"password": "string"
}
Response:
{
"refresh": "string",
"access": "string"
}
POST /api/user/logout/
Blacklist the refresh token.
Request body:
{
"refresh": "string"
}
Response:
{
"message": "string"
}
POST /api/user/token/refresh/
Get a new access token using a refresh token.
Request body:
{
"refresh": "string"
}
Response:
{
"access": "string"
}
GET /api/user/profiles/
Get a list of user profiles. Regular users can only see their own profile.
Query parameters:
page: Page number (default: 1)limits: Number of items per page (default: 100, max: 1000)search: Search term for username, email, first_name, or last_nameResponse:
{
"count": 0,
"next": "string",
"previous": "string",
"results": [
{
"id": 0,
"user": {
"id": 0,
"username": "string",
"email": "user@example.com",
"first_name": "string",
"last_name": "string",
"is_staff": false,
"is_active": true,
"date_joined": "2023-01-01T00:00:00Z"
},
"bio": "string",
"address": "string",
"date_of_birth": "2023-01-01",
"profile_picture": "string",
"created_at": "2023-01-01T00:00:00Z",
"updated_at": "2023-01-01T00:00:00Z"
}
]
}
POST /api/user/profiles/
Create a new user profile.
Request body (multipart/form-data):
username: stringemail: string (email)first_name: stringlast_name: stringbio: stringaddress: stringdate_of_birth: string (date)profile_picture: fileResponse:
{
"id": 0,
"user": {
"id": 0,
"username": "string",
"email": "user@example.com",
"first_name": "string",
"last_name": "string",
"is_staff": false,
"is_active": true,
"date_joined": "2023-01-01T00:00:00Z"
},
"bio": "string",
"address": "string",
"date_of_birth": "2023-01-01",
"profile_picture": "string",
"created_at": "2023-01-01T00:00:00Z",
"updated_at": "2023-01-01T00:00:00Z"
}
GET /api/user/profiles/{id}/
Get a specific user profile by ID.
Response:
{
"id": 0,
"user": {
"id": 0,
"username": "string",
"email": "user@example.com",
"first_name": "string",
"last_name": "string",
"is_staff": false,
"is_active": true,
"date_joined": "2023-01-01T00:00:00Z"
},
"bio": "string",
"address": "string",
"date_of_birth": "2023-01-01",
"profile_picture": "string",
"created_at": "2023-01-01T00:00:00Z",
"updated_at": "2023-01-01T00:00:00Z"
}
PUT /api/user/profiles/{id}/
Update a specific user profile by ID.
Request body (multipart/form-data):
username: stringemail: string (email)first_name: stringlast_name: stringbio: stringaddress: stringdate_of_birth: string (date)profile_picture: fileResponse: Same as Get a user profile.
PATCH /api/user/profiles/{id}/
Partially update a specific user profile by ID.
Request body (multipart/form-data): Same as Update a user profile, but all fields are optional.
Response: Same as Get a user profile.
DELETE /api/user/profiles/{id}/
Delete a specific user profile by ID.
Response: 204 No Content
GET /api/user/profiles/me/
Get the profile of the currently authenticated user.
Response: Same as Get a user profile.
GET /patients/
Get a list of patients.
Query parameters:
page: Page number (default: 1)limits: Number of items per page (default: 100, max: 1000)search: Search term for id, user, or phonephone: Filter by phone numberResponse:
{
"count": 0,
"next": "string",
"previous": "string",
"results": [
{
"id": 0,
"user": "string",
"profile": "string",
"phone": "string"
}
]
}
POST /patients/
Create a new patient. The user field is automatically set to the authenticated user.
Request body (multipart/form-data):
profile: filephone: stringResponse:
{
"id": 0,
"user": "string",
"profile": "string",
"phone": "string"
}
GET /patients/{id}/
Get a specific patient by ID.
Response:
{
"id": 0,
"user": "string",
"profile": "string",
"phone": "string"
}
PUT /patients/{id}/
Update a specific patient by ID.
Request body (multipart/form-data):
profile: filephone: stringResponse: Same as Get a patient.
PATCH /patients/{id}/
Partially update a specific patient by ID.
Request body (multipart/form-data): Same as Update a patient, but all fields are optional.
Response: Same as Get a patient.
DELETE /patients/{id}/
Delete a specific patient by ID.
Response: 204 No Content
GET /doctors/
Get a list of doctors.
Query parameters:
page: Page number (default: 1)limits: Number of items per page (default: 100, max: 1000)specialisation: Filter by specialisation IDdesignation: Filter by designation IDfee: Filter by feeavailable_time: Filter by available time IDResponse:
{
"count": 0,
"next": "string",
"previous": "string",
"results": [
{
"id": 0,
"user": "string",
"profile": "string",
"designation": ["string"],
"specialisation": ["string"],
"available_time": [0],
"fee": 0,
"meet_link": "string"
}
]
}
POST /doctors/
Create a new doctor. The user field is automatically set to the authenticated user.
Request body (multipart/form-data):
profile: filedesignation: array of integersspecialisation: array of integersavailable_time: array of integersfee: integermeet_link: stringResponse:
{
"id": 0,
"user": "string",
"profile": "string",
"designation": ["string"],
"specialisation": ["string"],
"available_time": [0],
"fee": 0,
"meet_link": "string"
}
GET /doctors/{id}/
Get a specific doctor by ID.
Response:
{
"id": 0,
"user": "string",
"profile": "string",
"designation": ["string"],
"specialisation": ["string"],
"available_time": [0],
"fee": 0,
"meet_link": "string"
}
PUT /doctors/{id}/
Update a specific doctor by ID.
Request body (multipart/form-data):
profile: filedesignation: array of integersspecialisation: array of integersavailable_time: array of integersfee: integermeet_link: stringResponse: Same as Get a doctor.
PATCH /doctors/{id}/
Partially update a specific doctor by ID.
Request body (multipart/form-data): Same as Update a doctor, but all fields are optional.
Response: Same as Get a doctor.
DELETE /doctors/{id}/
Delete a specific doctor by ID.
Response: 204 No Content
GET /designations/
Get a list of designations.
Response:
[
{
"id": 0,
"name": "string",
"slug": "string"
}
]
POST /designations/
Create a new designation (admin only).
Request body:
{
"name": "string",
"slug": "string"
}
Response:
{
"id": 0,
"name": "string",
"slug": "string"
}
GET /specialisations/
Get a list of specialisations.
Response:
[
{
"id": 0,
"name": "string",
"slug": "string"
}
]
POST /specialisations/
Create a new specialisation (admin only).
Request body:
{
"name": "string",
"slug": "string"
}
Response:
{
"id": 0,
"name": "string",
"slug": "string"
}
GET /available-time/
Get a list of available times.
Query parameters:
id: Filter by IDResponse:
[
{
"id": 0,
"time": "string"
}
]
POST /available-time/
Create a new available time (admin only).
Request body:
{
"time": "string"
}
Response:
{
"id": 0,
"time": "string"
}
GET /reviews/
Get a list of reviews.
Query parameters:
page: Page number (default: 1)limits: Number of items per page (default: 100, max: 1000)doctor: Filter by doctor IDreviwer: Filter by reviewer IDrating: Filter by ratingsearch: Search term for doctor or reviewerResponse:
{
"count": 0,
"next": "string",
"previous": "string",
"results": [
{
"id": 0,
"reviewer": "string",
"doctor_name": "string",
"body": "string",
"created_on": "2023-01-01",
"rating": "⭐⭐⭐⭐⭐"
}
]
}
POST /reviews/
Create a new review.
Request body:
{
"doctor": 0,
"body": "string",
"rating": "⭐⭐⭐⭐⭐"
}
Response:
{
"id": 0,
"reviewer": "string",
"doctor_name": "string",
"body": "string",
"created_on": "2023-01-01",
"rating": "⭐⭐⭐⭐⭐"
}
GET /reviews/{id}/
Get a specific review by ID.
Response:
{
"id": 0,
"reviewer": "string",
"doctor_name": "string",
"body": "string",
"created_on": "2023-01-01",
"rating": "⭐⭐⭐⭐⭐"
}
PUT /reviews/{id}/
Update a specific review by ID.
Request body:
{
"doctor": 0,
"body": "string",
"rating": "⭐⭐⭐⭐⭐"
}
Response: Same as Get a review.
PATCH /reviews/{id}/
Partially update a specific review by ID.
Request body: Same as Update a review, but all fields are optional.
Response: Same as Get a review.
DELETE /reviews/{id}/
Delete a specific review by ID.
Response: 204 No Content
GET /appointments/
Get a list of appointments.
Query parameters:
page: Page number (default: 1)limits: Number of items per page (default: 100, max: 1000)patient_id: Filter by patient IDdoctor_id: Filter by doctor IDResponse:
{
"count": 0,
"next": "string",
"previous": "string",
"results": [
{
"id": 0,
"patient": 0,
"doctor": 0,
"appointment_type": "Online",
"appointment_status": "Pendding",
"symptoms": "string",
"time": 0,
"cancel": false
}
]
}
POST /appointments/
Create a new appointment. The patient field is automatically set to the authenticated user.
Request body:
{
"doctor": 0,
"appointment_type": "Online",
"symptoms": "string",
"time": 0,
"cancel": false
}
Response:
{
"id": 0,
"patient": 0,
"doctor": 0,
"appointment_type": "Online",
"appointment_status": "Pendding",
"symptoms": "string",
"time": 0,
"cancel": false
}
GET /appointments/{id}/
Get a specific appointment by ID.
Response:
{
"id": 0,
"patient": 0,
"doctor": 0,
"appointment_type": "Online",
"appointment_status": "Pendding",
"symptoms": "string",
"time": 0,
"cancel": false
}
PUT /appointments/{id}/
Update a specific appointment by ID.
Request body:
{
"doctor": 0,
"appointment_type": "Online",
"symptoms": "string",
"time": 0,
"cancel": false
}
Response: Same as Get an appointment.
PATCH /appointments/{id}/
Partially update a specific appointment by ID.
Request body: Same as Update an appointment, but all fields are optional.
Response: Same as Get an appointment.
DELETE /appointments/{id}/
Delete a specific appointment by ID.
Response: 204 No Content
GET /services/
Get a list of services.
Response:
[
{
"id": 0,
"image": "string",
"name": "string",
"description": "string"
}
]
POST /services/
Create a new service.
Request body (multipart/form-data):
image: filename: stringdescription: stringResponse:
{
"id": 0,
"image": "string",
"name": "string",
"description": "string"
}
GET /services/{id}/
Get a specific service by ID.
Response:
{
"id": 0,
"image": "string",
"name": "string",
"description": "string"
}
PUT /services/{id}/
Update a specific service by ID.
Request body (multipart/form-data):
image: filename: stringdescription: stringResponse: Same as Get a service.
PATCH /services/{id}/
Partially update a specific service by ID.
Request body (multipart/form-data): Same as Update a service, but all fields are optional.
Response: Same as Get a service.
DELETE /services/{id}/
Delete a specific service by ID.
Response: 204 No Content
GET /contacts/
Get a list of contacts.
Response:
[
{
"id": 0,
"name": "string",
"phone": "string",
"massage": "string"
}
]
POST /contacts/
Create a new contact.
Request body:
{
"name": "string",
"phone": "string",
"massage": "string"
}
Response:
{
"id": 0,
"name": "string",
"phone": "string",
"massage": "string"
}
GET /contacts/{id}/
Get a specific contact by ID.
Response:
{
"id": 0,
"name": "string",
"phone": "string",
"massage": "string"
}
PUT /contacts/{id}/
Update a specific contact by ID.
Request body:
{
"name": "string",
"phone": "string",
"massage": "string"
}
Response: Same as Get a contact.
PATCH /contacts/{id}/
Partially update a specific contact by ID.
Request body: Same as Update a contact, but all fields are optional.
Response: Same as Get a contact.
DELETE /contacts/{id}/
Delete a specific contact by ID.
Response: 204 No Content