Skip to main content

Authentication

All Nevatal API endpoints require authentication via API keys. Your API key identifies your clinic and determines the scope of data you can access.

Getting your API key

  1. Log into your Nevatal dashboard at app.nevatal.com
  2. Navigate to Settings → API Keys
  3. Click Create API Key
  4. Select the scopes (permissions) your integration needs
  5. Copy and securely store the generated key
API keys are shown only once at creation time. Store them securely. If you lose a key, revoke it and create a new one.

Using your API key

Include the API key as a Bearer token in the Authorization header of every request: 
curl -X GET https://api.nevatal.com/api/v1/patients \
  -H "Authorization: Bearer nvtl_your_api_key_here" \
  -H "Content-Type: application/json"

Scopes

API keys are scoped to specific modules. When creating a key, you select which modules it can access:
ScopeReadWriteDescription
patientsPatient records and demographics
appointmentsAppointment scheduling and management
billingInvoices, payments, and credit notes
emrMedical records, prescriptions, clinical notes
clinical-proceduresProcedure catalog and management
locationsClinic location information

Key management

Revoking a key

curl -X DELETE https://api.nevatal.com/api/v1/api-keys/{keyId} \
  -H "Authorization: Bearer nvtl_admin_key"

Listing active keys

curl -X GET https://api.nevatal.com/api/v1/api-keys \
  -H "Authorization: Bearer nvtl_admin_key"

Security best practices

API keys should only be used in server-to-server communication. Never include them in frontend JavaScript, mobile apps, or public repositories.
Only grant the scopes your integration actually needs. A billing integration doesn’t need EMR access.
Create new keys periodically and revoke old ones. This limits the impact of a compromised key.
Store API keys in environment variables or a secrets manager, never hardcoded in source files.