Introduction

The Medtimes API allows you to embed regulated clinical capabilities directly into your application. We provide the infrastructure for telehealth consultations, medical aid billing, and electronic prescriptions.

Our API is organized around REST. Our API has predictable resource-oriented URLs, accepts form-encoded request bodies, returns JSON-encoded responses, and uses standard HTTP response codes.

Regulatory Notice

By utilizing the Medtimes API, your platform acts as a digital conduit. Clinical liability remains strictly with the attending HPCSA-registered physician provided via our Locum Network.

Base URL

HTTPS https://api.medtimes.health/v1/

Authentication

The Medtimes API uses API keys to authenticate requests. You can view and manage your API keys in the Partner Console.

Your API keys carry many privileges, so be sure to keep them secure! Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, and so forth.

Authentication to the API is performed via HTTP Bearer Auth. Provide your API key as the bearer token value.

cURL
curl https://api.medtimes.health/v1/consults \
  -H "Authorization: Bearer sk_live_abc123..."
POST

Create a Consultation

Generates a secure, HIPAA/POPIA compliant video room and assigns the next available Locum GP from the Medtimes network to the session.

/v1/consults/create

Parameters

  • patient_id Required
    string

    Your internal identifier for the patient. Used to link clinical records in our EMR back to your user.

  • symptoms
    array of strings

    Initial triage data to present to the doctor before joining the room.

  • billing_mode
    string (enum: 'medical_aid', 'cash', 'partner_covered')

    Defaults to cash. Determines how Medtimes handles the invoicing.

import { Medtimes } from '@medtimes/sdk';

const medtimes = new Medtimes('sk_live_...');

const consult = await medtimes.consults.create({
  patient_id: 'usr_8921a',
  symptoms: ['persistent cough', 'fever'],
  billing_mode: 'medical_aid',
  scheme_details: {
    name: 'Discovery Health',
    number: '123456789'
  }
});
Response (200 OK) 
{
  "id": "cns_4492193",
  "object": "consult",
  "status": "waiting_for_doctor",
  "join_url": "https://meet.medtimes.health/cns_4492193",
  "expires_at": 1740075551
}
POST

Submit Medical Aid Claim

Allows your platform to submit an EDI claim directly to a South African medical aid switcher.

/v1/claims/submit

Parameters

  • icd10_codes Required
    array of strings

    The primary and secondary diagnosis codes.

  • nappi_codes
    array of objects

    List of procedures, materials, or medications dispensed (e.g., IV Drips, wound care).

  • amount Required
    integer

    Amount in cents (ZAR). E.g., R450.00 is 45000.

const claim = await medtimes.claims.submit({
  patient_id: 'usr_8921a',
  amount: 45000,
  currency: 'zar',
  icd10_codes: ['J20.9'], // Acute Bronchitis
  tariff_codes: ['0132'] // Telehealth Consult
});

The claim is routed through the BHF switcher in real-time. You will receive a claim.paid or claim.rejected webhook asynchronously.

Errors

Medtimes uses conventional HTTP response codes to indicate the success or failure of an API request. In general: Codes in the 2xx range indicate success. Codes in the 4xx range indicate an error that failed given the information provided (e.g., a required parameter was omitted). Codes in the 5xx range indicate an error with our servers.

Code Description
200 - OK Everything worked as expected.
400 - Bad Request The request was unacceptable, often due to missing a required parameter.
401 - Unauthorized No valid API key provided.
403 - Forbidden The API key doesn't have permissions to perform the request.
404 - Not Found The requested resource doesn't exist.
500 - Server Error Something went wrong on Medtimes' end. (These are rare).
Error Response Format 
{
  "error": {
    "type": "invalid_request_error",
    "code": "parameter_missing",
    "message": "The 'patient_id' field is required."
  }
}
POST

Batch Screening (Events)

For Corporate Wellness Days and high-volume screenings. Upload a batch of employees to instantly validate medical aid standing and provision temporary EMR profiles for the event.

/v1/events/batch

Parameters

  • event_name Required
    string

    Name of the corporate wellness day (e.g., "Standard Bank HQ Screening").

  • patients Required
    array of objects

    List of patient objects containing id_number, name, and scheme_number.

Response (200 OK) 
{
  "id": "evt_909112",
  "status": "processed",
  "summary": {
    "total_received": 500,
    "validated": 485,
    "scheme_suspended": 15
  },
  "validation_report_url": "https://..."
}
GET

Retrieve a Prescription

Fetch the details of an electronic prescription issued by a Medtimes Locum during a telehealth consultation. You can use this to show users their script status or pharmacy token.

/v1/prescriptions/{id}

Path Parameters

  • id Required
    string

    The unique identifier for the prescription (usually returned via a consult.completed webhook).

Response (200 OK) 
{
  "id": "scr_881920",
  "consult_id": "cns_4492193",
  "doctor": "Dr Medstar (MP 000000)",
  "medication": [
    {
      "name": "Amoxicillin 500mg",
      "dosage": "1 cap TDS for 5 days"
    }
  ],
  "status": "dispatched",
  "pharmacy": "Clicks Sandton",
  "collection_token": "MED-A92B"
}

Webhook Events

Medtimes uses webhooks to notify your application when an asynchronous event happens in your account. Webhooks are particularly useful for asynchronous events like medical aid claim settlements or when a doctor completes a consultation.

Event Type Trigger Description
consult.completed Fired when the doctor ends the video call and finalizes clinical notes. Contains the generated prescription_id (if applicable).
claim.paid Fired when the medical aid switching house confirms successful remittance for a submitted EDI claim.
claim.rejected Fired if a claim is denied (e.g., "Insufficient funds", "Member suspended"). Payload contains the exact rejection reason code.
prescription.dispensed Fired when the partner pharmacy confirms the patient has collected the medication.

Verifying Signatures

To verify that a webhook was actually sent by Medtimes and not a malicious third party, every payload includes a Medtimes-Signature header. This is an HMAC SHA256 signature generated using your Endpoint Secret. 

const crypto = require('crypto');

app.post('/webhooks/medtimes', express.raw({type: 'application/json'}), (request, response) => {
  const signature = request.headers['medtimes-signature'];
  const endpointSecret = process.env.MEDTIMES_WEBHOOK_SECRET;

  const hash = crypto
    .createHmac('sha256', endpointSecret)
    .update(request.body)
    .digest('hex');

  if (hash === signature) {
    console.log('Webhook verified successfully!');
    // Process the event...
    response.status(200).send();
  } else {
    response.status(400).send('Invalid signature');
  }
});

Support & Contact

Need help integrating the Medtimes API? We offer several channels for developer and enterprise support to ensure your deployment goes smoothly.

Developer Support

For technical questions, bug reports, API keys, and integration guidance.

developers@medtimes.health

Enterprise SLA

Priority support, dedicated Slack channel, and custom architecture reviews.

enterprise@medtimes.health

System Status

Check the real-time operational status of our clinical API, switchers, and webhooks.

status.medtimes.health →

Clinical Operations

For escalations regarding Locum availability, unfulfilled scripts, or specific patient consults.

clinical.ops@medtimes.health