Skip to content
Malpracticed

API Documentation

Public REST API for journalists, researchers, and developers.

Base URL: https://malpracticed.org/api/v1/medical-registry

Quick Start

# Get all facilities

curl https://malpracticed.org/api/v1/medical-registry/facilities

# Search practitioners by name

curl "https://malpracticed.org/api/v1/medical-registry/?search=Smith"

# Export all data as CSV

curl "https://malpracticed.org/api/v1/medical-registry/export?format=csv" -o malpracticed.csv

# Verify a report hash

curl https://malpracticed.org/api/v1/medical-registry/verify/abc123...

Endpoints

GET
/api/v1/medical-registry/

Search practitioners by name, license, specialty, facility, country

Params: search, license, facility, facility_id, country, page, limit

GET
/api/v1/medical-registry/suggest

Autocomplete search for practitioners and facilities

Params: q (min 2 chars)

GET
/api/v1/medical-registry/facilities

Search facilities

Params: search, country, type, page, limit

GET
/api/v1/medical-registry/facilities/:id

Facility profile with practitioners and violations

Params: id (UUID)

GET
/api/v1/medical-registry/:id

Practitioner profile with violation history

Params: id (UUID)

GET
/api/v1/medical-registry/stats

Aggregate statistics (total reports, practitioners, facilities, jurisdictions)

Params: none

GET
/api/v1/medical-registry/recent

Most recently filed violations

Params: limit (default 10), category, severity, country, province

GET
/api/v1/medical-registry/violation-types

All violation categories and types

Params: none

GET
/api/v1/medical-registry/map/violations

Geo-located violations for map display

Params: north, south, east, west, category, severity, facility_id, start_date, end_date

GET
/api/v1/medical-registry/verify/:hash

Verify a report by SHA-256 hash (includes OTS status, chain integrity)

Params: hash (64 hex chars)

GET
/api/v1/medical-registry/export

Bulk data export (JSON or CSV)

Params: format=csv or format=json (default)

GET
/api/v1/medical-registry/news

Registry news and announcements

Params: none

GET
/api/v1/medical-registry/health

Service health check

Params: none

POST
/api/v1/medical-registry/practitioners

Register a new practitioner

Params: first_name*, last_name*, title, license_number, specialty, facility_id, force

POST
/api/v1/medical-registry/facilities

Register a new facility

Params: name*, country*, province_state, city, facility_type, practitioner_count

POST
/api/v1/medical-registry/donate

Create filing donation invoice

Params: payment_method, declarant_name, declarant_email, return_url*

GET
/api/v1/medical-registry/donate/:invoiceId/status

Check donation payment status

Params: invoiceId

POST
/api/v1/medical-registry/violations

File a violation (requires payment_id)

Params: category*, title*, description*, severity, filing_type, payment_id*, oath_confirmed, declarant_name, declarant_email, declarant_signature, incident_date, incident_location, evidence_base64

POST
/api/v1/medical-registry/responses

Practitioner/facility response to a violation

Params: violation_id*, response_text*, respondent_name*, respondent_email*, respondent_type, respondent_position, license_number

POST
/api/v1/medical-registry/contact

Submit a contact form message

Params: name*, email*, message*, subject

POST
/api/v1/medical-registry/suggestions

Submit a suggestion

Params: type*, message*, email

GET
/api/v1/medical-registry/export/practitioners.csv

CSV export of all practitioners with trust scores and violation counts

Params: none

GET
/api/v1/medical-registry/export/facilities.csv

CSV export of all facilities with trust scores

Params: none

GET
/api/v1/medical-registry/export/violations.json

JSON export of all violations (public fields only, no declarant info)

Params: none

Embeddable Widgets

Embed a practitioner's trust badge on your website. Replace PRACTITIONER_ID with the practitioner's UUID.

<!-- Malpracticed Trust Badge -->

<iframe

src="https://malpracticed.org/embed/PRACTITIONER_ID"

width="340" height="120"

frameborder="0"

style="border:none;border-radius:12px;"

></iframe>

The widget renders a compact trust badge with the practitioner's name, specialty, trust score, and violation count. Links back to the full profile on Malpracticed.

Rate Limits

  • Violation filing: 10 requests/minute per IP
  • Practitioner/facility registration: 5 requests/minute per IP
  • Search/read endpoints: 100 requests/minute per IP

Data Policy

All public endpoints return aggregate data only. Declarant identities, report descriptions, and signatures are never exposed via the API. The export endpoint provides practitioner names, facility names, violation titles, categories, severities, and SHA-256 hashes only.