Mass registration of patients with token-based API

This API is beta testing with early customers. It is not yet on our production servers.

Why the API

The API for decryption tokens allows mass registration of patients by letter-printing companies, patient kiosk vendors and hospital IT departments.

The faster an organisation registers patients the faster the return on investment. This API allows registering patients without needing face-to-face appointments. Instead the registration details for patients can go to each patient’s home using automatically generated letters from the institution’s existing database about the patient.

How it works

Here are the steps:
  1. The organisation creates a record for their patient as they normally do (eg via HL7 API or CSV manual upload). At scale this usually means the HL7 APIs with A28 / A31 messages. The organisation can immediately send data to populate the record, for example with laboratory test results and clinic appointments.
  2. Any user with decryption rights to this patient’s record can use the new PKB Rest API call to generate a patient-specific unique user id and decryption token for that record. For example a hospital can create a letter to send to the patient’s home with the ID and token.
  3. The recipient of the letter uses ID and token to start registration on the PKB web site.
  4. For security, PKB tests the registering user’s knowledge of the patient’s date of birth.
  5. The patient enters their email address and password.
  6. The patient can now log into the PKB web site to see their data and send messages to their clinical team.
Here is an example of the steps using a integration with letter printing software (such as Synertec):


GET /v1/users/{PKB ID}/recordAccessToken

  • PKB ID of the patient

Return - success:
  • invitationCode [string]
  • token [string]

Return - failure: appropriate http error code &
  • errorMessage [string with descriptive details of error]

  • The call will be scoped to TEAMCOORD and System Client ID callers
  • PKB ID can be retrieved using existing call GET /v2-beta/users/byNationalId/{nationalId}/{nationalIdType}
  • PKB Record must have patient identifier and date of birth present in order for token to be returned
  • NOT_INVITED_NOT_REGISTERED = a record exists for the patient, no invitations have been sent, registration has not been completed
  • INVITED_NOT_REGISTERED = a record exists, invitation has been sent (of any sort - token or email), registration has not been completed
  • REGISTERED = a record exists, registration has been completed
  • Tokens will time-expire from the time of generation
  • Tokens can be generated at any time using this call - new id/token will be generated each time, existing id/token will not be invalidated (until they time-expire)
  • Caveat - it's possible there may be small changes to the above as we come to implement
Relevant API calls