If you're a developer planning to build integrations with PracSuite, you must apply for a Vendor Key before you can build integrations using the API. To begin the process as a developer, please contact: api@pracsuite.com
PracSuite API Documentation for developers can be found here.
Overview
PracSuite provides an optional API that allows approved third party software developers to securely access select data in your PracSuite account.
An API, or Application Programming Interface, allows two software systems to communicate directly with each other. In practical terms, this means external applications can exchange information with PracSuite automatically, without the need for manual data entry or file exports.
API access is always controlled by you. Integrations only work when you explicitly enable API access and provide a subscriber API key to the third party developer you choose.
How API Access Works
Access to PracSuite data via the API requires two separate keys:
Subscriber API Key
Generated by you within your PracSuite account. This key determines what data the integration can access.
Vendor Key
Issued by Smartsoft to approved software developers after they complete a security and compliance review.
Both keys must be present for API access to be granted. This dual key approach ensures that only approved developers can connect, and only with the permissions you allow.
Creating a Subscriber API Key
PracSuite users can enable API access and create subscriber API keys by navigating to: Settings > Integrations > API
Enable API Integrations
Select Add to create a new subscriber API key
Assign permissions based on the requirements of the integration
Once created, provide the subscriber API key to your chosen third party software provider. You can revoke or modify this key at any time.
Important: Keep Your API Key Secure
Your subscriber API key should be treated in the same way as a password.
Only share your API key with the specific software provider you have chosen to integrate with PracSuite. Do not share it publicly, include it in emails beyond the intended recipient, or store it in unsecured documents.
While API access also requires a separate vendor key issued by Smartsoft, your subscriber API key still controls what data can be accessed and with what permissions. If an API key is shared incorrectly, it may allow unintended access to your PracSuite data.
If you believe an API key has been exposed or shared in error, you should immediately delete the key and create a new one. API access can be revoked at any time from Settings > Integrations > API.
API Key Permissions
Each API key has configurable permissions that control what data it can access.
Only enable the minimum permissions required for the integration to function. Restricting permissions reduces risk and ensures you remain in control of your data.
For each data category, you can choose:
Read access
Write access
No access
Available Data Permission Categories
API access can be granted to the following categories:
Appointment data
Clinical data
Contact data
Files data
Financial data
Patient data
System data
Managing and Revoking Access
API access is not permanent or unrestricted.
After selecting an existing subscriber API key in Settings > Integrations > API, you can:
Edit permissions on an existing API key
Delete an API key at any time to stop a third party from accessing your data
This allows you to maintain ongoing control over integrations as your needs change.
API Key Logs
Each subscriber API key includes an activity log showing up to 90 days of usage.
Logs allow you to see:
When an API key was used
What data was accessed
Which integration made the request
These logs can help you audit third party access and understand how your data is being used. They can also assist software developers when troubleshooting integration issues.