Multi-Location Practice API

ByDentalFynd
Last UpdateMay 2026
Share

Developer guide

Practice API · Locations · Procedures · Sub-accounts

This guide explains how dental practices and integration partners use the Multi-location Practice API in production. All programmatic calls use your practice's API key only — no separate client Basic auth on these routes.

Production base URL

https://api.dentalfynd.com/api/v1/

Example: GET https://api.dentalfynd.com/api/v1/practice/api-key/details

Who can use this API

  • Practices registered as Multiple locations (isMultiLocation: true).
  • Practice must be approved and email-verified in DentalFynd.
  • IT vendors syncing office locations or onboarding staff/dentist logins.

Multiple practitioners (single site, many dentists) and solo providers do not use this API for locations.

Authentication

Send on every request:

X-Practice-Api-Key: <your-practice-api-key>

Generate or regenerate the key in the DentalFynd practice portal: Practice profile → Locations → Generate API key (multi-location accounts only). Store the key securely; it is shown once when generated.

Endpoints

MethodPathPurpose
GETpractice/api-key/detailsRead practice profile and locations[]
POSTpractice/api-key/editUpdate profile and/or locations
GETpractice/api-key/sub-accountsList provider sub-accounts linked to the practice
POSTpractice/api-key/sub-accountsCreate sub-account (email + password for UI login)
POSTpractice/api-key/sub-accounts/disassociateRemove link to practice (does not delete the provider record)
GETpractice/api-key/procedure-listList practice procedures (fixed-price offerings)
POSTpractice/api-key/add-procedureAdd a procedure
POSTpractice/api-key/edit-procedureUpdate procedure title and/or cost
POSTpractice/api-key/delete-procedureSoft-delete a procedure (isInactive: true)

1. Read practice and locations

GET https://api.dentalfynd.com/api/v1/practice/api-key/details
X-Practice-Api-Key: <key>
Accept: application/json

2. Update locations

POST https://api.dentalfynd.com/api/v1/practice/api-key/edit
X-Practice-Api-Key: <key>
Content-Type: application/json

{
  "isMultiLocation": true,
  "locations": [
    {
      "address": "100 Main St, Pittsburgh, PA 15213",
      "city": "Pittsburgh",
      "state": "PA",
      "zipcode": "15213",
      "isPrimary": true
    }
  ]
}

Include _id on a location when updating an existing row from a prior details response.

3. Create a sub-account

Sub-accounts are provider users linked to your practice. They sign in to the DentalFynd provider experience with the email and password you set (or that your office provides separately).

POST https://api.dentalfynd.com/api/v1/practice/api-key/sub-accounts
X-Practice-Api-Key: <key>
Content-Type: application/json

{
  "email": "[email protected]",
  "password": "secure-password-min-6-chars",
  "fullName": "Dr. Jane Smith",
  "isEmailVerified": true,
  "sendWelcomeEmail": true,
  "sendSetPasswordEmail": false
}
  • sendWelcomeEmail (optional): welcomes the user; explains login with practice-provided credentials. Password is not included in the email.
  • sendSetPasswordEmail (optional): sends a link to set a new password on the DentalFynd website.

4. List sub-accounts

GET https://api.dentalfynd.com/api/v1/practice/api-key/sub-accounts
X-Practice-Api-Key: <key>

5. Disassociate a sub-account

POST https://api.dentalfynd.com/api/v1/practice/api-key/sub-accounts/disassociate
X-Practice-Api-Key: <key>
Content-Type: application/json

{
  "providerIds": ["<provider _id from list response>"]
}

6. Procedures (fixed-price offerings)

Multi-location practices can manage two kinds of procedures via API key:

  • Practice-wide — omit providerId; stored with associatedPracticeId. Visible on every sub-account provider profile and for patient booking.
  • Sub-account only — include providerId from GET practice/api-key/sub-accounts; stored on that provider only. Other sub-accounts do not see it.

When cost is set, a Stripe product/price may be created. Use the same X-Practice-Api-Key header as other routes.cost is in cents (e.g. 15000 = $150.00), same as patient checkout and provider profiles.

List procedures

GET https://api.dentalfynd.com/api/v1/practice/api-key/procedure-list?skip=0&limit=50
X-Practice-Api-Key: <key>
Accept: application/json

# Optional: only procedures for one sub-account (+ practice-wide)
GET https://api.dentalfynd.com/api/v1/practice/api-key/procedure-list?skip=0&limit=50&providerId=<sub-account _id>

Response data.procedures includes providerId when the row is sub-account-specific.

Add procedure

POST https://api.dentalfynd.com/api/v1/practice/api-key/add-procedure
X-Practice-Api-Key: <key>
Content-Type: application/json

# Practice-wide (all sub-accounts)
{
  "title": "New patient exam",
  "cost": 15000
}

# One sub-account only
{
  "title": "Dr. Smith — implant consult",
  "cost": 20000,
  "providerId": "<provider _id from sub-accounts>"
}

Edit procedure

POST https://api.dentalfynd.com/api/v1/practice/api-key/edit-procedure
X-Practice-Api-Key: <key>
Content-Type: application/json

{
  "id": "<procedure _id>",
  "title": "Updated exam name",
  "cost": 17500
}

Delete procedure

POST https://api.dentalfynd.com/api/v1/practice/api-key/delete-procedure
X-Practice-Api-Key: <key>
Content-Type: application/json

{
  "id": "<procedure _id>"
}

UI login (sub-accounts and practice owners)

End users log in through the DentalFynd web app using email and password. Integrations that embed login use the unified login endpoint with app credentials issued by DentalFynd (contact [email protected] for partner onboarding).

POST https://api.dentalfynd.com/api/v1/guest/login
Authorization: Basic <app-client-credentials>
Content-Type: application/json

{
  "email": "[email protected]",
  "password": "secure-password-min-6-chars",
  "deviceType": "web",
  "deviceToken": ""
}

Successful sub-account login returns userType: "provider".

Common errors

HTTPMeaning
401Missing or invalid API key
403Invalid request body
404Practice not found, or disassociate found no matching sub-accounts
412Practice not multi-location, or not approved

Security

  • Treat the practice API key like a password; regenerate it in the portal if exposed.
  • Use HTTPS only in production.
  • Do not embed API keys in public front-end code.
Share

Need help?

DentalFynd Partner Support

For production API access, client credentials for embedded login, or practice onboarding questions, contact [email protected].