Testing Guide

Step-by-step instructions for testing your API integration

Prerequisites

  • ✓ An API key with patients:read permission
  • ✓ API secret and hospital token from key generation
  • ✓ cURL, Postman, or REST client installed
  • ✓ Hospital ID for testing

Test 1: Verify Authentication

Check that your credentials are correct

Test Request

curl -X GET "https://server.nyraai.io/api/external/patients?limit=1" \
  -H "x-api-key: <YOUR_API_KEY>" \
  -H "x-api-secret: <YOUR_API_SECRET>" \
  -H "Authorization: Bearer <YOUR_HOSPITAL_TOKEN>"

✓ Expected: 200 OK with patient list

✗ Got 401? Check all three headers are correct

✗ Got 403? Your key lacks patients:read permission

Test 2: Test Specific Endpoints

Verify each endpoint works correctly

Create Patient

curl -X POST "https://server.nyraai.io/api/external/patients" \
  -H "x-api-key: <YOUR_API_KEY>" \
  -H "x-api-secret: <YOUR_API_SECRET>" \
  -H "Authorization: Bearer <YOUR_HOSPITAL_TOKEN>" \
  -H "Content-Type: application/json" \
  -d '{
    "phone": "9876543210",
    "name": "Test Patient",
    "age": 30,
    "gender": "MALE",
    "date_of_birth": "1995-01-01"
  }'

Create Appointment

curl -X POST "https://server.nyraai.io/api/external/appointments" \
  -H "x-api-key: <YOUR_API_KEY>" \
  -H "x-api-secret: <YOUR_API_SECRET>" \
  -H "Authorization: Bearer <YOUR_HOSPITAL_TOKEN>" \
  -H "Content-Type: application/json" \
  -d '{
    "patient_id": "<PATIENT_UUID_FROM_PREVIOUS_STEP>",
    "doctor_id": "<DOCTOR_UUID>",
    "appointment_date": "2026-04-20",
    "appointment_time": "10:00:00",
    "type": "CONSULTATION"
  }'

Search Patients

curl -X GET "https://server.nyraai.io/api/external/patients?q=test&page=1&limit=10" \
  -H "x-api-key: <YOUR_API_KEY>" \
  -H "x-api-secret: <YOUR_API_SECRET>" \
  -H "Authorization: Bearer <YOUR_HOSPITAL_TOKEN>"

Test 3: Permission Validation

Verify permissions are enforced correctly

Test Missing Permission

If your API key doesn't have patients:create, this should return 403:

curl -X POST "https://server.nyraai.io/api/external/patients" \
  -H "x-api-key: <YOUR_API_KEY>" \
  -H "x-api-secret: <YOUR_API_SECRET>" \
  -H "Authorization: Bearer <YOUR_HOSPITAL_TOKEN>" \
  -H "Content-Type: application/json" \
  -d '{ "phone": "9876543210", "name": "Test", "age": 30, "gender": "MALE" }'

✓ Expected: 403 Forbidden with message about missing permission

Test 4: Error Handling

Verify your integration handles errors correctly

Invalid Headers Test

# Wrong API key
curl -X GET "https://server.nyraai.io/api/external/patients" \
  -H "x-api-key: wrong_key" \
  -H "x-api-secret: <YOUR_API_SECRET>" \
  -H "Authorization: Bearer <YOUR_HOSPITAL_TOKEN>"

✓ Expected: 401 Unauthorized

Invalid Request Body

curl -X POST "https://server.nyraai.io/api/external/patients" \
  -H "x-api-key: <YOUR_API_KEY>" \
  -H "x-api-secret: <YOUR_API_SECRET>" \
  -H "Authorization: Bearer <YOUR_HOSPITAL_TOKEN>" \
  -H "Content-Type: application/json" \
  -d '{ "name": "Missing required fields" }'

✓ Expected: 400 Bad Request with validation error

Testing with Postman

Create a new Postman request with these settings:

  1. Set URL to API endpoint
  2. Select HTTP method (GET, POST, etc.)
  3. Go to Headers tab and add:
    • x-api-key: your_key
    • x-api-secret: your_secret
    • Authorization: Bearer your_token
    • Content-Type: application/json (for POST/PUT)
  4. For POST/PUT, add JSON body in Body tab (raw JSON)
  5. Click Send and check response

Checklist for Go-Live

All endpoints tested and working
Error handling implemented for all endpoints
API credentials stored securely (env vars, vault)
Request validation implemented
Rate limiting/retry logic implemented
Logging enabled for debugging
Tested with production API key in staging