Multi-Location Practice API
Developer guide
Practice API · Locations · Procedures · Sub-accounts
This guide explains how dental practices and integration partners use the Multi-location Practice API in production. All programmatic calls use your practice's API key only — no separate client Basic auth on these routes.
Production base URL
https://api.dentalfynd.com/api/v1/
Example: GET https://api.dentalfynd.com/api/v1/practice/api-key/details
Who can use this API
- Practices registered as Multiple locations (
isMultiLocation: true). - Practice must be approved and email-verified in DentalFynd.
- IT vendors syncing office locations or onboarding staff/dentist logins.
Multiple practitioners (single site, many dentists) and solo providers do not use this API for locations.
Authentication
Send on every request:
X-Practice-Api-Key: <your-practice-api-key>
Generate or regenerate the key in the DentalFynd practice portal: Practice profile → Locations → Generate API key (multi-location accounts only). Store the key securely; it is shown once when generated.
Endpoints
| Method | Path | Purpose |
|---|---|---|
GET | practice/api-key/details | Read practice profile and locations[] |
POST | practice/api-key/edit | Update profile and/or locations |
GET | practice/api-key/sub-accounts | List provider sub-accounts linked to the practice |
POST | practice/api-key/sub-accounts | Create sub-account (email + password for UI login) |
POST | practice/api-key/sub-accounts/disassociate | Remove link to practice (does not delete the provider record) |
GET | practice/api-key/procedure-list | List practice procedures (fixed-price offerings) |
POST | practice/api-key/add-procedure | Add a procedure |
POST | practice/api-key/edit-procedure | Update procedure title and/or cost |
POST | practice/api-key/delete-procedure | Soft-delete a procedure (isInactive: true) |
1. Read practice and locations
GET https://api.dentalfynd.com/api/v1/practice/api-key/details X-Practice-Api-Key: <key> Accept: application/json
2. Update locations
POST https://api.dentalfynd.com/api/v1/practice/api-key/edit
X-Practice-Api-Key: <key>
Content-Type: application/json
{
"isMultiLocation": true,
"locations": [
{
"address": "100 Main St, Pittsburgh, PA 15213",
"city": "Pittsburgh",
"state": "PA",
"zipcode": "15213",
"isPrimary": true
}
]
}Include _id on a location when updating an existing row from a prior details response.
3. Create a sub-account
Sub-accounts are provider users linked to your practice. They sign in to the DentalFynd provider experience with the email and password you set (or that your office provides separately).
POST https://api.dentalfynd.com/api/v1/practice/api-key/sub-accounts
X-Practice-Api-Key: <key>
Content-Type: application/json
{
"email": "[email protected]",
"password": "secure-password-min-6-chars",
"fullName": "Dr. Jane Smith",
"isEmailVerified": true,
"sendWelcomeEmail": true,
"sendSetPasswordEmail": false
}sendWelcomeEmail(optional): welcomes the user; explains login with practice-provided credentials. Password is not included in the email.sendSetPasswordEmail(optional): sends a link to set a new password on the DentalFynd website.
4. List sub-accounts
GET https://api.dentalfynd.com/api/v1/practice/api-key/sub-accounts X-Practice-Api-Key: <key>
5. Disassociate a sub-account
POST https://api.dentalfynd.com/api/v1/practice/api-key/sub-accounts/disassociate
X-Practice-Api-Key: <key>
Content-Type: application/json
{
"providerIds": ["<provider _id from list response>"]
}6. Procedures (fixed-price offerings)
Multi-location practices can manage two kinds of procedures via API key:
- Practice-wide — omit
providerId; stored withassociatedPracticeId. Visible on every sub-account provider profile and for patient booking. - Sub-account only — include
providerIdfromGET practice/api-key/sub-accounts; stored on that provider only. Other sub-accounts do not see it.
When cost is set, a Stripe product/price may be created. Use the same X-Practice-Api-Key header as other routes.cost is in cents (e.g. 15000 = $150.00), same as patient checkout and provider profiles.
List procedures
GET https://api.dentalfynd.com/api/v1/practice/api-key/procedure-list?skip=0&limit=50 X-Practice-Api-Key: <key> Accept: application/json # Optional: only procedures for one sub-account (+ practice-wide) GET https://api.dentalfynd.com/api/v1/practice/api-key/procedure-list?skip=0&limit=50&providerId=<sub-account _id>
Response data.procedures includes providerId when the row is sub-account-specific.
Add procedure
POST https://api.dentalfynd.com/api/v1/practice/api-key/add-procedure
X-Practice-Api-Key: <key>
Content-Type: application/json
# Practice-wide (all sub-accounts)
{
"title": "New patient exam",
"cost": 15000
}
# One sub-account only
{
"title": "Dr. Smith — implant consult",
"cost": 20000,
"providerId": "<provider _id from sub-accounts>"
}Edit procedure
POST https://api.dentalfynd.com/api/v1/practice/api-key/edit-procedure
X-Practice-Api-Key: <key>
Content-Type: application/json
{
"id": "<procedure _id>",
"title": "Updated exam name",
"cost": 17500
}Delete procedure
POST https://api.dentalfynd.com/api/v1/practice/api-key/delete-procedure
X-Practice-Api-Key: <key>
Content-Type: application/json
{
"id": "<procedure _id>"
}UI login (sub-accounts and practice owners)
End users log in through the DentalFynd web app using email and password. Integrations that embed login use the unified login endpoint with app credentials issued by DentalFynd (contact [email protected] for partner onboarding).
POST https://api.dentalfynd.com/api/v1/guest/login
Authorization: Basic <app-client-credentials>
Content-Type: application/json
{
"email": "[email protected]",
"password": "secure-password-min-6-chars",
"deviceType": "web",
"deviceToken": ""
}Successful sub-account login returns userType: "provider".
Common errors
| HTTP | Meaning |
|---|---|
401 | Missing or invalid API key |
403 | Invalid request body |
404 | Practice not found, or disassociate found no matching sub-accounts |
412 | Practice not multi-location, or not approved |
Security
- Treat the practice API key like a password; regenerate it in the portal if exposed.
- Use HTTPS only in production.
- Do not embed API keys in public front-end code.
Need help?

DentalFynd Partner Support
For production API access, client credentials for embedded login, or practice onboarding questions, contact [email protected].
