Secure REST API for hospitals, clinics, and health platforms to access patient-consented pain, wellbeing, and vitals data.
Your patients are already self-tracking. Connect that data to your system.
Pain levels, body area mapping, pain quality descriptors, daily wellbeing scores, and device vitals — all in one timeline.
OAuth 2.0 authorization. Patients grant granular scopes and can revoke access at any time. GDPR-compliant by design.
Receive push notifications within seconds of a patient logging a check-in — no polling required.
Structured JSON responses with pain levels, body areas, wellbeing scores and device vitals — easy to map into any EHR or clinic dashboard.
Polar, Withings, Oura, and Google Health Connect data flows through a single unified endpoint.
Generate the same clinic-ready PDF report (with AI pattern analysis) via API, in 7 languages.
Partner API key + patient in-app consent — no redirect flows or OAuth complexity
After signing a Data Processing Agreement, you receive an API key (X-API-Key header) that identifies your integration on every request.
Call POST /v1/link-requests with the patient's email address and the scopes you need. Pain2Care delivers the request to the patient's app instantly — no redirect, no token exchange.
The patient sees a consent card showing your clinic name, the requested scopes, and an optional message. They tap Accept or Decline. Unanswered requests expire after 30 days.
consent.granted webhook — access dataOn acceptance you receive a consent.granted webhook containing the patient's anonymized ID. Use that ID with X-API-Key on all subsequent data requests.
Patients can revoke access at any time from within the app. You receive a consent.revoked webhook and must delete stored data within 30 days.
Base URL: https://api.pain2care.com/v1
curl -X POST https://api.pain2care.com/v1/link-requests \
-H "X-API-Key: p2c_live_xxxxxxxxxxxx" \
-H "Content-Type: application/json" \
-d '{
"patient_email": "patient@example.com",
"scopes": ["pain:read", "wellbeing:read"],
"message": "We need your pain diary data to prepare for your appointment on 12 May."
}'
// Response 201 Created
{
"request_id": "lr_8f3a2c91",
"status": "pending",
"expires_at": "2026-06-05T00:00:00Z"
}
// When accepted, you receive a consent.granted webhook:
// { "event": "consent.granted", "patient_id": "p2c_anon_a3f9b2",
// "scopes": ["pain:read", "wellbeing:read"], "granted_at": "…" }curl -G https://api.pain2care.com/v1/patients/p2c_anon_a3f9b2/pain-entries \
-H "X-API-Key: p2c_live_xxxxxxxxxxxx" \
-H "Authorization: Bearer <access_token>" \
-d from=2026-04-04 \
-d to=2026-05-04 \
-d per_page=50
// Response
{
"data": [
{
"id": "1746349200000",
"pain_level": 6,
"areas": [{ "id": "left_knee", "max_intensity": 6 }],
"qualities": ["burning", "throbbing"],
"overall_wellbeing": 3.2,
"vitals": { "source": "polar", "metrics": { "hrv": 42, "sleep_duration": 7.1 }},
"logged_at": "2026-05-04T09:00:00Z"
}
],
"pagination": { "total": 22, "page": 1, "per_page": 50 }
}curl -G https://api.pain2care.com/v1/patients/p2c_anon_a3f9b2/reports/pdf \
-H "X-API-Key: p2c_live_xxxxxxxxxxxx" \
-H "Authorization: Bearer <access_token>" \
-d lang=fi \
-d from=2026-04-01 \
-d to=2026-05-04 \
--output report.pdf
// Returns PDF — same clinic-ready report patients can download in-appGet notified within seconds when patients log new data — no polling needed.
Patient accepted your link request. Contains the anonymized patient ID and granted scopes — start querying the patient API immediately.
Fired every time a patient submits a pain check-in. Includes pain level, body areas, and vitals if available.
Daily wellness questionnaire completed. Includes composite score and individual dimension scores.
Patient removed your integration. Triggers GDPR data deletion obligation on your side.
{
"event": "pain_entry.created",
"patient_id": "p2c_anon_a3f9b2", // stable anonymized ID
"timestamp": "2026-05-04T09:00:12Z",
"data": {
"id": "1746349200000",
"pain_level": 6,
"areas": [{ "id": "left_knee", "max_intensity": 6 }],
"logged_at": "2026-05-04T09:00:00Z"
}
}
Sign webhook deliveries with your secret — Pain2Care includes an
X-P2C-Signature: sha256=…
header on every POST so you can verify authenticity server-side.
From first contact to live data — typically completed in 1–2 weeks.
Email api@pain2care.com with a brief description of your use case and which data scopes you need. We'll respond within one business day.
We send you a Data Processing Agreement by email. You tick the data scopes you need, both parties sign. If you need incidents:read, an additional Schedule A applies. API credentials are issued only after a signed DPA is on file.
You receive a scoped API key for your integration. Use it to push consent requests directly to patients and to query their data once consent is granted.
Call POST /v1/link-requests with the patient's email. A consent card appears in the patient's Pain2Care app showing your clinic name, requested scopes, and your message. The patient taps Accept or Decline — no code entry, no redirect. You receive a consent.granted webhook the moment they accept, and their data is immediately accessible via the API. Patients can revoke access at any time from within the app.
Use the OpenAPI 3.1 spec and sandbox environment to build your integration. Authenticate with X-API-Key on every request. Test against synthetic patient data before going live.
Switch to your production API key. Pain, wellbeing, vitals, and AI analysis data flow directly into your system in real time.
Choose self-service integration or let us handle the full implementation.
Your technical team integrates using the OpenAPI spec and sandbox environment.
Pain2Care builds and maintains the integration into your EHR or clinic system.
Deploy Pain2Care under your brand for your patient population.
A signed Data Processing Agreement (DPA) is required before API credentials are issued. Send us a brief description of your use case and we'll send you the DPA and get back within one business day.
Contact us — api@pain2care.comOnce the DPA is signed, you'll receive your API key and sandbox access by email.