API Documentation
Public REST API for journalists, researchers, and developers.
Base URL: https://malpracticed.org/api/v1/medical-registry
Quick Start
# Get all facilities
curl https://malpracticed.org/api/v1/medical-registry/facilities
# Search practitioners by name
curl "https://malpracticed.org/api/v1/medical-registry/?search=Smith"
# Export all data as CSV
curl "https://malpracticed.org/api/v1/medical-registry/export?format=csv" -o malpracticed.csv
# Verify a report hash
curl https://malpracticed.org/api/v1/medical-registry/verify/abc123...
Endpoints
/api/v1/medical-registry/Search practitioners by name, license, specialty, facility, country
Params: search, license, facility, facility_id, country, page, limit
/api/v1/medical-registry/suggestAutocomplete search for practitioners and facilities
Params: q (min 2 chars)
/api/v1/medical-registry/facilitiesSearch facilities
Params: search, country, type, page, limit
/api/v1/medical-registry/facilities/:idFacility profile with practitioners and violations
Params: id (UUID)
/api/v1/medical-registry/:idPractitioner profile with violation history
Params: id (UUID)
/api/v1/medical-registry/statsAggregate statistics (total reports, practitioners, facilities, jurisdictions)
Params: none
/api/v1/medical-registry/recentMost recently filed violations
Params: limit (default 10), category, severity, country, province
/api/v1/medical-registry/violation-typesAll violation categories and types
Params: none
/api/v1/medical-registry/map/violationsGeo-located violations for map display
Params: north, south, east, west, category, severity, facility_id, start_date, end_date
/api/v1/medical-registry/verify/:hashVerify a report by SHA-256 hash (includes OTS status, chain integrity)
Params: hash (64 hex chars)
/api/v1/medical-registry/exportBulk data export (JSON or CSV)
Params: format=csv or format=json (default)
/api/v1/medical-registry/newsRegistry news and announcements
Params: none
/api/v1/medical-registry/healthService health check
Params: none
/api/v1/medical-registry/practitionersRegister a new practitioner
Params: first_name*, last_name*, title, license_number, specialty, facility_id, force
/api/v1/medical-registry/facilitiesRegister a new facility
Params: name*, country*, province_state, city, facility_type, practitioner_count
/api/v1/medical-registry/donateCreate filing donation invoice
Params: payment_method, declarant_name, declarant_email, return_url*
/api/v1/medical-registry/donate/:invoiceId/statusCheck donation payment status
Params: invoiceId
/api/v1/medical-registry/violationsFile a violation (requires payment_id)
Params: category*, title*, description*, severity, filing_type, payment_id*, oath_confirmed, declarant_name, declarant_email, declarant_signature, incident_date, incident_location, evidence_base64
/api/v1/medical-registry/responsesPractitioner/facility response to a violation
Params: violation_id*, response_text*, respondent_name*, respondent_email*, respondent_type, respondent_position, license_number
/api/v1/medical-registry/contactSubmit a contact form message
Params: name*, email*, message*, subject
/api/v1/medical-registry/suggestionsSubmit a suggestion
Params: type*, message*, email
/api/v1/medical-registry/export/practitioners.csvCSV export of all practitioners with trust scores and violation counts
Params: none
/api/v1/medical-registry/export/facilities.csvCSV export of all facilities with trust scores
Params: none
/api/v1/medical-registry/export/violations.jsonJSON export of all violations (public fields only, no declarant info)
Params: none
Embeddable Widgets
Embed a practitioner's trust badge on your website. Replace PRACTITIONER_ID with the practitioner's UUID.
<!-- Malpracticed Trust Badge -->
<iframe
src="https://malpracticed.org/embed/PRACTITIONER_ID"
width="340" height="120"
frameborder="0"
style="border:none;border-radius:12px;"
></iframe>
The widget renders a compact trust badge with the practitioner's name, specialty, trust score, and violation count. Links back to the full profile on Malpracticed.
Rate Limits
- Violation filing: 10 requests/minute per IP
- Practitioner/facility registration: 5 requests/minute per IP
- Search/read endpoints: 100 requests/minute per IP
Data Policy
All public endpoints return aggregate data only. Declarant identities, report descriptions, and signatures are never exposed via the API. The export endpoint provides practitioner names, facility names, violation titles, categories, severities, and SHA-256 hashes only.