The Hero Public API implements API key authentication on all it's calls. Scopes are employed to ensure the correct level of control is applied. Every API key is tied directly to a Hero practice group and partner. To make calls against a different practice, see our section on cross-organisational calls
In order to generate an API key, please email Hero support referencing the API scopes you wish to receive and the proposed use case for your integration.
Access to our API calls is controlled by scopes. When requesting an API key, specify the scopes you need so we can configure the correct level of access for your integration.
In order to ensure you are configured with the correct functionality, please request one or more of the following:
- Booking links
- Messaging
- Booking
Cross-organisational calls allow you to make API requests on behalf of a different practice group, provided both practices belong to the same Hero-configured network.
Hero also supports cross-organisational API calls under certain circumstances. If the x-practice-group-id header that is passed does not match the practice group id configured on the API key, Hero will verify that the chosen practice exists within a Hero-configured network alongside the API key practice. If such a network exists, the calls will return content from the specified practice group.
The primary use case for this is cross-organisational bookings e.g. a practice within a PCN wants to invite their patient list to book at into a hubsite