Authentication

The Hero Public API implements API key authentication on all it's calls. Scopes are employed to ensure the correct level of control is applied. Every API key is tied directly to a Hero practice group and partner. To make calls against a different practice, see our section on cross-organisational calls

How to generate an API key

In order to generate an API key, please email Hero support referencing the API scopes you wish to receive and the proposed use case for your integration.

Scopes

Access to our API calls is controlled by scopes. In order to ensure you are configured with the correct functionality, please request one or more of the following:

  • Booking links
  • Messaging
  • Booking

Cross-organisational calls

Hero also supports cross-organisational API calls under certain circumstances. If the x-practice-group-id header that is passed does not match the practice group id configured on the API key, Hero will verify that the chosen practice exists within a Hero-configured network alongside the API key practice. If such a network exists, the calls will return content from the specified practice group.

The primary use case for this is cross-organisational bookings e.g. a practice within a PCN wants to invite their patient list to book at into a hubsite