API features

GipoNext APIs share a set of cross-cutting behaviours that apply to all endpoints, regardless of the resource you use. Knowing them before writing code helps you build a more robust integration and avoid production issues.

This section collects the common operational rules every integrator should consider:

• Tenant — what a tenant is, how to obtain tenantId, how to handle the medical centre filter and the sandbox environment.
• Authentication and authorization — how OAuth flows work, which scopes to request, and how to handle user consent.
• Error handling — HTTP status codes returned by the APIs, error body format, and strategies to distinguish recoverable from non-recoverable errors.
• Pagination — how to scroll through resource lists without overloading the server, using offset, limit, and hasMore.
• Rate limiting — request limits per time window, how to read response headers, and how to implement retry with backoff.
• TLS — minimum protocol version and supported cipher suites for secure connections.
• Change management — how APIs evolve over time, what additive changes are, and how to design a client that does not break when new fields arrive.

Each page is intended to be read independently, but if you are starting from scratch we recommend scanning them all at least once: many situations that appear as bugs in production are actually documented behaviours in these pages.