Skip to main content
All /v1/* requests require two headers:
  • X-Tenant-Code: the human-readable tenant slug you received during registration.
  • X-API-Key: the tenant-scoped API key (lowercase x-api-key also works).
POST /v1/patients HTTP/1.1
Host: cds.marmar.life
X-Tenant-Code: demo-clinic
X-API-Key: {{API_KEY}}
Content-Type: application/json

Register a tenant

Use the public registration endpoint to provision a tenant, capture the generated slug, and store the one-time API key: 
curl -X POST https://cds.marmar.life/v1/tenants/register \
  -H "Content-Type: application/json" \
  -d '{ "name": "Acme Oncology" }'
Response: 
{
  "tenantId": "b9f6a8f6-3cb4-4d85-9c78-8edb6447d5f9",
  "tenantCode": "acme-oncology",
  "apiKey": "marmar_T8Y..."
}
Keys should be stored securely and rotated on a regular cadence. If a key is compromised, revoke it immediately and provision a replacement before resuming requests. Use the API to generate a new key—the plaintext value is returned only once: 
curl -X POST https://cds.marmar.life/v1/tenants/{tenantCode}/api-key \
  -H "Content-Type: application/json" \
  -H "X-Tenant-Code: {tenantCode}" \
  -H "X-API-Key: <current-key>"
Response: 
{
  "apiKey": "marmar_0b8x..."
}
Store the key immediately (e.g., in HashiCorp Vault or AWS Secrets Manager). Subsequent calls to this endpoint generate a brand-new key and invalidate the previous one. For local development export both X-Tenant-Code and X-API-Key, or pass them directly when using the SDK client.