{"activeVersionTag":"latest","latestAvailableVersionTag":"latest","collection":{"info":{"_postman_id":"de7e3516-d171-4223-b8fc-514dce763023","name":"1. Core Practice API - Deprecated API Version","description":"NOTE: This documentation refers to an **older version** of the Core Practice API and is **no longer supported**.  \nPlease refer to the **latest API documentation** at [<b>docs.corepractice.io</b>](https://docs.corepractice.io).\n\n---\n\nWelcome to the Core Practice API Integration! Join Core Practice community of dentist for more efficient collaboration, task automation and streamline workflows.\n\nThis documentation offers a well-defined route to begin integrating with the Core Practice API, directing you through the steps required to achieve certification for your integration. It details the Authentication process and how to gain access to essential practice data. This includes information on practice locations, calendar settings, appointment bookings and their availability, comprehensive reporting features, and patient records\n\n# 2\\. Getting Started Guide\n\nThis guide provides step-by-step instructions on how to get started with integrating Core Practice's functionalities. Follow the steps below to gain access, create your API keys, request support, and begin building your app.\n\n#### Step 1: Get Access to Sandbox Environment\n\nBefore you can start building with the Core Practice API, you'll need to gain access to our sandbox environment. This environment is designed to provide you with a safe space to test and develop your application without affecting real data or operations.\n\nTo request access to the sandbox environment, please contact our support team. Provide them with details about your project and how you plan to use the Core Practice API. Our team will review your request and send an invitation to create a user account in the sandbox environment.\n\n#### Step 2: Create API Keys\n\nAPI keys are essential for authenticating and securing communication between your application and the Core Practice API. Follow these steps to create your API keys:\n\n- **Create Sandbox Account**: If your request has been accepted, you should receive an email to create a user account in the sandbox environment.\n    \n- **Navigate to Settings**: Log in to your Core Practice account and navigate to the `Settings` section.\n    \n- **Access API Keys**: Navigate to `Settings` > `INTEGRATION` and click on `API Keys`.\n    \n- **Create API Keys**: Click on the `Create API Keys` button. You will be prompted to enter a name for your key pair and select the permissions you require.\n    \n- **Save Key and Secret**: Ensure you save the Key and Secret in a safe place. These credentials are crucial for your application's access to the Core Practice API and cannot be retrieved if lost.\n    \n\n#### Step 3: Create Support Request\n\nTo activate your API key and set up your application's `redirect_uri`, you need to create a support request:\n\n- **Navigate to the support request form** at [Core Practice Support](https://support.corepractice.com.au/hc/en-us/requests/new).\n    \n- **Select \"Technical\"** as the category and specify that you \"need help with Core Practice API.\"\n    \n- **In your request, provide us with the** **`redirect_uri`** for your application. This URI is where users will be redirected after authenticating with Core Practice.\n    \n\n#### View API Documentation and Start Building\n\nWith your API key activated and your development environment set up, you're ready to start building your application. Visit the Core Practice API documentation at [https://developer.corepractice.com.au](https://developer.corepractice.com.au/#authentication-api) to find comprehensive guides\n\n# 3\\. Certification Checkpoints\n\nTo become certified, your integration with Core Practice must meet certain minimum requirements. These include establishing a secure OAuth flow for app adoption, creating a user-friendly connection setup page, adhering to branding guidelines, managing scopes efficiently, handling errors transparently, and ensuring data integrity.\n\nYour integration will be evaluated based on these checkpoints, so it is crucial to review and align your integration with them before requesting a product key.\n\nAdditional requirements may apply, depending on the specific features of your integration.\n\n#### **Checkpoint 1: Activate Core Practice**\n\nAll apps are required to build an Activate Core Practice OAuth flow. It enables a seamless app adoption experience from your 'Connect to Core Practice' button.\n\n#### **Checkpoint 2: Connection**\n\nEnsure you implement a setup page that allows users to connect to Core Practice and manage their settings for the integration. Ideally, this should be made possible without assistance from your support or onboarding team.\n\n#### **Required Features:**\n\n- Display the name of the tenant and the URL that has been connected. The tenant name can be practice name or location name, the Core Practice URL (\\*.corepractice.is) can be obtained from the client upon integration request.\n    \n- Show the status of connections with Core Practice. If disconnected, provide a button to reconnect to Core Practice.\n    \n- Include a button to disconnect the integration.\n    \n- Core Practice can have multiple practice locations within a tenant instance. Consider whether you are catering to a single or multi-practice connection. Think about how you might design this process. Do you need the user to confirm which Practice Location they would like to use?\n    \n- Ensure you implement the disconnection process for customers who no longer require the integration. This will ensure that all sensitive data, such as refresh tokens, is removed from your system and that any automated data sync processes are stopped.\n    \n\n#### **Things to Avoid:**\n\n- Never request a user's Core Practice login details within your application; always use OAuth for authentication.\n    \n- Avoid using automatic processes to manage the Access Token lifecycle, including expiry and renewal. Each time you require a new Access Token, utilize the previously saved Refresh Token to exchange for a new Access Token and Refresh Token. You will need to save this Refresh Token for future use.\n    \n- Do not reuse refresh tokens. Refresh tokens are valid for up to 90 days. Any attempt to reuse a refresh token will result in the invalidation of all active tokens for security reasons.\n    \n- It is important to store the Refresh Token in a secure location; if it's compromised, it could allow anyone to generate new Access Tokens for that user with the same permissions.\n    \n- Avoid the use of pop-up windows or new tabs in the authentication process. Redirecting users to Core Practice in a pop-up window can be blocked by a pop-up blocker.\n    \n- Never show or store sensitive data like the access token, client ID, and client secret on the client side of the application (e.g., frontend of a web app or local configuration files for native apps).\n    \n\n#### **Checkpoint 3: Branding and Naming**\n\n- The application name must reflect the go-to-market name of your app or product and cannot include the word 'Core Practice.'\n    \n- Where possible, use the \"connect\" and \"disconnect\" buttons we've provided on our branding page and the Core Practice standard logo.\n    \n\n#### **Checkpoint 4: Scopes**\n\n- Only request the minimal scopes that you require to fulfill the intended use cases of your integration. Unexplained or ambiguous use of scopes will not be permitted.\n    \n- After certification, any significant changes to use cases and scopes should be communicated to Core Practice so that we can assist you in ensuring the integration continues to meet requirements.\n    \n\n#### **Checkpoint 5: Error Handling**\n\n- Errors happen; users may remove mapped locations, temporary connectivity issues may disrupt integrations, and various other potential problems might arise. It is essential to find a way to inform users when an error has occurred within your integration.\n    \n\n#### **Checkpoint 6: Data Integrity**\n\n- Ensure any data retrieved from Core Practice is displayed correctly in your app, and that data created in Core Practice by the app is generated successfully and appears correctly.\n    \n\n# 4\\. Go Live Guide\n\nCongratulations on reaching the final steps of taking your Core Practice integration live! This guide will walk you through the necessary steps to activate your API key and configure your application for production use\n\n**Step 1: Pass the Certification Requirements**\n\nBefore proceeding to the go-live phase, ensure that your integration meets all minimum [certification requirements](https://developer.corepractice.com.au/#3-certification-requirements) for your integration with Core Practice API.\n\n**Step 2: Provide a Demo Video**\n\nTo demonstrate your application's readiness for live operations, you must submit a demo video. This video should illustrate the following minimum required features:\n\n- **Activate Core Practice**: Show how users will activate the integration within your application.\n    \n- **Connection Status Setup Page**: Display the setup page and highlight the feature that checks the connection status with Core Practice.\n    \n- **Connect OAuth Flow**: Demonstrate the OAuth flow, showing how users will sign in with their Core Practice account to your application.\n    \n- **Disconnect Integration**: Show the process for a user to disconnect the integration, ensuring that all sensitive information is securely handled and the disconnection is clean and user-friendly.\n    \n- **App Feature Demonstration**: Provide a thorough demo of your app's features, emphasizing how it integrates with Core Practice and adds value to the user experience.\n    \n\n**Step 3: Activate Your API Key**\n\nOnce certified, you need to activate your API key for the production environment by creating a support request:\n\n**Create Support Request**:\n\n- Navigate to the support request form at [Core Practice Support](https://support.corepractice.com.au/hc/en-us/requests/new).\n    \n- Select \"Technical\" as the category and specify that you \"need help with Core Practice API.\"\n    \n- Include the link to your demo video.\n    \n- Include the production `redirect_uri` for your application in your support request. This URI should point to your production environment, where users will be redirected after authentication.\n    \n\n**Step 4: Await Activation Confirmation**  \nAfter submitting your support request and demo video, wait for confirmation from the Core Practice team. We will review your submission and provide final approval for your application to go live.\n\nOnce you've received activation confirmation and addressed any feedback, your application will be ready for deployment to the production environment.\n\nAbout your production API key:\n\n- We will provide you with one unique API client_id and client_secret for all production environment integration with the same redirect_uri.\n    \n- This one production API key will be applied for each Core Pracice client who requests for your API integration activation.\n    \n- You will not need to provide this API key to your Core Practice client, it will be applied by Core Practice for the client during the integration request.\n    \n\n# Authentication API","schema":"https://schema.getpostman.com/json/collection/v2.0.0/collection.json","isPublicCollection":false,"owner":"110969","team":178686,"collectionId":"de7e3516-d171-4223-b8fc-514dce763023","publishedId":"Tzeai5X5","public":true,"publicUrl":"https://developer.corepractice.com.au","privateUrl":"https://go.postman.co/documentation/110969-de7e3516-d171-4223-b8fc-514dce763023","customColor":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"FF6C37"},"documentationLayout":"classic-double-column","customisation":{"metaTags":[{"name":"description","value":""},{"name":"title","value":""}],"appearance":{"default":"light","themes":[{"name":"dark","logo":null,"colors":{"top-bar":"212121","right-sidebar":"303030","highlight":"FF6C37"}},{"name":"light","logo":null,"colors":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"FF6C37"}}]}},"version":"8.10.0","publishDate":"2025-10-23T04:07:31.000Z","activeVersionTag":"latest","documentationTheme":"light","metaTags":{"title":"","description":""},"logos":{"logoLight":null,"logoDark":null}},"statusCode":200},"environments":[],"user":{"authenticated":false,"permissions":{"publish":false}},"run":{"button":{"js":"https://run.pstmn.io/button.js","css":"https://run.pstmn.io/button.css"}},"web":"https://www.getpostman.com/","team":{"logo":"https://res.cloudinary.com/postman/image/upload/t_team_logo_pubdoc/v1/team/0947328f898ae4679754548eb22c2324118305e31929812d89eebbe831f795ce","favicon":"https://res.cloudinary.com/postman/image/upload/v1624342657/team/vp3i5hobozayziwzverp.ico"},"isEnvFetchError":false,"languages":"[{\"key\":\"csharp\",\"label\":\"C#\",\"variant\":\"HttpClient\"},{\"key\":\"csharp\",\"label\":\"C#\",\"variant\":\"RestSharp\"},{\"key\":\"curl\",\"label\":\"cURL\",\"variant\":\"cURL\"},{\"key\":\"dart\",\"label\":\"Dart\",\"variant\":\"http\"},{\"key\":\"go\",\"label\":\"Go\",\"variant\":\"Native\"},{\"key\":\"http\",\"label\":\"HTTP\",\"variant\":\"HTTP\"},{\"key\":\"java\",\"label\":\"Java\",\"variant\":\"OkHttp\"},{\"key\":\"java\",\"label\":\"Java\",\"variant\":\"Unirest\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"Fetch\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"jQuery\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"XHR\"},{\"key\":\"c\",\"label\":\"C\",\"variant\":\"libcurl\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Axios\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Native\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Request\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Unirest\"},{\"key\":\"objective-c\",\"label\":\"Objective-C\",\"variant\":\"NSURLSession\"},{\"key\":\"ocaml\",\"label\":\"OCaml\",\"variant\":\"Cohttp\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"cURL\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"Guzzle\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"HTTP_Request2\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"pecl_http\"},{\"key\":\"powershell\",\"label\":\"PowerShell\",\"variant\":\"RestMethod\"},{\"key\":\"python\",\"label\":\"Python\",\"variant\":\"http.client\"},{\"key\":\"python\",\"label\":\"Python\",\"variant\":\"Requests\"},{\"key\":\"r\",\"label\":\"R\",\"variant\":\"httr\"},{\"key\":\"r\",\"label\":\"R\",\"variant\":\"RCurl\"},{\"key\":\"ruby\",\"label\":\"Ruby\",\"variant\":\"Net::HTTP\"},{\"key\":\"shell\",\"label\":\"Shell\",\"variant\":\"Httpie\"},{\"key\":\"shell\",\"label\":\"Shell\",\"variant\":\"wget\"},{\"key\":\"swift\",\"label\":\"Swift\",\"variant\":\"URLSession\"}]","languageSettings":[{"key":"csharp","label":"C#","variant":"HttpClient"},{"key":"csharp","label":"C#","variant":"RestSharp"},{"key":"curl","label":"cURL","variant":"cURL"},{"key":"dart","label":"Dart","variant":"http"},{"key":"go","label":"Go","variant":"Native"},{"key":"http","label":"HTTP","variant":"HTTP"},{"key":"java","label":"Java","variant":"OkHttp"},{"key":"java","label":"Java","variant":"Unirest"},{"key":"javascript","label":"JavaScript","variant":"Fetch"},{"key":"javascript","label":"JavaScript","variant":"jQuery"},{"key":"javascript","label":"JavaScript","variant":"XHR"},{"key":"c","label":"C","variant":"libcurl"},{"key":"nodejs","label":"NodeJs","variant":"Axios"},{"key":"nodejs","label":"NodeJs","variant":"Native"},{"key":"nodejs","label":"NodeJs","variant":"Request"},{"key":"nodejs","label":"NodeJs","variant":"Unirest"},{"key":"objective-c","label":"Objective-C","variant":"NSURLSession"},{"key":"ocaml","label":"OCaml","variant":"Cohttp"},{"key":"php","label":"PHP","variant":"cURL"},{"key":"php","label":"PHP","variant":"Guzzle"},{"key":"php","label":"PHP","variant":"HTTP_Request2"},{"key":"php","label":"PHP","variant":"pecl_http"},{"key":"powershell","label":"PowerShell","variant":"RestMethod"},{"key":"python","label":"Python","variant":"http.client"},{"key":"python","label":"Python","variant":"Requests"},{"key":"r","label":"R","variant":"httr"},{"key":"r","label":"R","variant":"RCurl"},{"key":"ruby","label":"Ruby","variant":"Net::HTTP"},{"key":"shell","label":"Shell","variant":"Httpie"},{"key":"shell","label":"Shell","variant":"wget"},{"key":"swift","label":"Swift","variant":"URLSession"}],"languageOptions":[{"label":"C# - HttpClient","value":"csharp - HttpClient - C#"},{"label":"C# - RestSharp","value":"csharp - RestSharp - C#"},{"label":"cURL - cURL","value":"curl - cURL - cURL"},{"label":"Dart - http","value":"dart - http - Dart"},{"label":"Go - Native","value":"go - Native - Go"},{"label":"HTTP - HTTP","value":"http - HTTP - HTTP"},{"label":"Java - OkHttp","value":"java - OkHttp - Java"},{"label":"Java - Unirest","value":"java - Unirest - Java"},{"label":"JavaScript - Fetch","value":"javascript - Fetch - JavaScript"},{"label":"JavaScript - jQuery","value":"javascript - jQuery - JavaScript"},{"label":"JavaScript - XHR","value":"javascript - XHR - JavaScript"},{"label":"C - libcurl","value":"c - libcurl - C"},{"label":"NodeJs - Axios","value":"nodejs - Axios - NodeJs"},{"label":"NodeJs - Native","value":"nodejs - Native - NodeJs"},{"label":"NodeJs - Request","value":"nodejs - Request - NodeJs"},{"label":"NodeJs - Unirest","value":"nodejs - Unirest - NodeJs"},{"label":"Objective-C - NSURLSession","value":"objective-c - NSURLSession - Objective-C"},{"label":"OCaml - Cohttp","value":"ocaml - Cohttp - OCaml"},{"label":"PHP - cURL","value":"php - cURL - PHP"},{"label":"PHP - Guzzle","value":"php - Guzzle - PHP"},{"label":"PHP - HTTP_Request2","value":"php - HTTP_Request2 - PHP"},{"label":"PHP - pecl_http","value":"php - pecl_http - PHP"},{"label":"PowerShell - RestMethod","value":"powershell - RestMethod - PowerShell"},{"label":"Python - http.client","value":"python - http.client - Python"},{"label":"Python - Requests","value":"python - Requests - Python"},{"label":"R - httr","value":"r - httr - R"},{"label":"R - RCurl","value":"r - RCurl - R"},{"label":"Ruby - Net::HTTP","value":"ruby - Net::HTTP - Ruby"},{"label":"Shell - Httpie","value":"shell - Httpie - Shell"},{"label":"Shell - wget","value":"shell - wget - Shell"},{"label":"Swift - URLSession","value":"swift - URLSession - Swift"}],"layoutOptions":[{"value":"classic-single-column","label":"Single Column"},{"value":"classic-double-column","label":"Double Column"}],"versionOptions":[],"environmentOptions":[{"value":"0","label":"No Environment"}],"canonicalUrl":"https://developer.corepractice.com.au/view/metadata/Tzeai5X5"}