Authentication
All RxScale APIs use API key authentication. Include your API key in theX-API-Key header with every request.
API Key Header
Legacy Header (Public API only)
The Public API also acceptsX-RxScale-Authorization as an alternative to X-API-Key. This is supported for backward compatibility with existing integrations.
New integrations should use
X-API-Key. The X-RxScale-Authorization header is only supported on Public API endpoints.API Key Types
Pharmacy API Keys
Pharmacy API keys can be scoped to:- A single pharmacy — The key can only access data for that specific pharmacy.
- A pharmacy group — The key can access data for any pharmacy in the group. When using a group-wide key, you must include the
pharmacy_uidquery parameter to specify which pharmacy you are acting on.
Management API Keys
Management API keys are scoped to an organisation. They can access data for all entities within that organisation.Permissions
Each API key has a set of permissions that control which endpoints it can access. Common permissions include:| Permission | Description |
|---|---|
orders_read | List and view orders |
orders_write | Update order status |
stock_read | List SKUs and stock levels |
stock_write | Update stock levels |
prescription:read | View prescription data |
product:read | View product catalog |
webhooks_read | List webhook subscriptions |
webhooks_write | Register and manage webhooks |
Your API key’s permissions are set during key creation. Contact your RxScale account manager to adjust permissions.
Error Responses
If authentication fails, you will receive one of these responses:| Status Code | Description |
|---|---|
401 | Missing or invalid API key |
403 | Valid API key but insufficient permissions for this endpoint |
404 | Resource not found or not accessible with your key |