Skip to main content
All requests to the Aniva Partner API must include your partner API key in the x-api-key request header. 
x-api-key: your-api-key-here
Contact Aniva to obtain your API key. Keys are issued per partner and scoped to specific operations.

Sending authenticated requests

Include the x-api-key header in every request you make to the API. 
curl https://anivahealth.com/api/v1/locations \
  -H "x-api-key: YOUR_API_KEY"

Scopes

Each API key is scoped to a set of permitted operations. If your key does not have the required scope for an endpoint, the API returns a 403 Forbidden error.
ScopeWhat it allows
CREATE_USERCreate and update patient profiles
PROFILES_VIEWRetrieve patient profiles
IMPERSONATEAlternative scope to retrieve patient profiles
TEST_SESSIONS_SCHEDULECreate appointments, add panels, and confirm blood draws. Also grants LOCATIONS_VIEW.
TEST_SESSIONS_VIEWRetrieve appointment details
TEST_SESSIONS_OPERATEConfirm shipment pickup of blood samples
TEST_SESSIONS_MANAGEFull appointment management including shipment pickup
LOCATIONS_VIEWList available test locations
RESULTS_VIEWRetrieve lab results and download lab report documents
SHIPMENTS_MANAGECreate, list, retrieve, update, and cancel shipment orders
The TEST_SESSIONS_SCHEDULE scope also grants LOCATIONS_VIEW, so you do not need to request both if you are scheduling appointments.

Error responses

If your API key is missing or does not have the required scope, the API responds with 403 Forbidden. 
{
  "error": "Forbidden"
}
If you receive this error, verify that:
  1. Your request includes the x-api-key header.
  2. The API key value is correct and has not been rotated.
  3. Your key has the scope required for the endpoint you are calling.
Never expose your API key in client-side code or public repositories. Treat it like a password.
Contact Aniva to rotate a compromised key or to add scopes to an existing key.