Authentication - Spike API

All Spike Care API requests must include a valid API key in the Authorization header. The API key is associated with your EMR (electronic medical record) and is validated on every request.

Sending the API key

Use HTTP Bearer authentication:

Authorization: Bearer <your_api_key>

Example with curl:

curl -H "Authorization: Bearer YOUR_API_KEY" \
  https://api.spikecare.com/public/v1/clinics

How it works

The server reads the value after Bearer from the Authorization header.
The key is looked up in the EMR registry. If it matches an EMR record, the request is allowed and the EMR ID is used for scoping.
If the header is missing, empty, or the key does not match any EMR, the server responds with 401 Unauthorized.

Getting an API key

API keys are issued per EMR. To obtain or manage keys for your organization, use the Spike Care Portal or contact Spike to set up your integration.

Security

Treat API keys as secrets. Do not commit them to source control or expose them in client-side code.
Use HTTPS for all requests so the key is not sent in the clear.

Overview

List clinics

​Sending the API key

​How it works

​Getting an API key

​Security

Sending the API key

How it works

Getting an API key

Security