REST API for clinic and patient operations. All endpoints require session cookie via /login. Content-Type: application/json.
Sessions are HTTP-only cookies set by SSO at auth.melyx.id. After login, cookies are scoped to .carelyx.app.
/login — redirect to SSO/logout — full SSO logout/auth/callback?token=<jwt> — SSO landing/api/clinic/me — current user's clinic/api/clinic — create clinic {"name":"My Clinic","timezone":"Europe/Dublin"}/api/clinic/:id/stats — patient/appointment counts/api/clinic/:id/members — staff list/api/clinic/:id/members — invite/api/clinic/:id/member/:memberId/api/clinic/:id/outcomes — aggregate outcomes (Phase 3)/api/clinic/:id/symptom-alerts — high-severity alerts (Phase 3)/api/patients — list patients/api/patient/:id — patient detail/api/patient/:id/api/patients/export.csv — CSV export/api/import/execute — bulk import patients/api/appointments?date=YYYY-MM-DD/api/appointments {"patient_id":1,"type":"chemo","scheduled_at":"2026-05-01T10:00:00"}/api/appointment/:id/api/treatments/:patientId/api/notes/:patientId/api/timeline/:patientId — chronological events (Phase 2)/api/p/me/api/p/logs/api/p/prescriptions/api/p/today-doses/api/p/cycles/api/articles/:slug/api/articles/:slug/ai/api/news/receive — HMAC-signed webhook (internal)/api/health — {"ok":true,"ts":1745700000000}