Overview

Introduction

Flow overview

Requirements

Versionning

Authentication

Server authentication

Incoming APIs

Overview

Provision user

Create encounter

Refresh encounter URL

Outgoing APIs

Overview

Callback authentication (HMAC)

Response protocol

Callback types

Reference

Changelog

Incoming APIs are API calls Nabla expects to receive from your backend—for example creating an encounter, refreshing its launch URL, or upserting a provider user.

🔗 The <baseUrl> for all APIs is https://<region>.api.nabla.com/v1/connect/server — <region> is us or eu

Authentication

All incoming API requests must be authenticated with a server access token generated by Nabla.

To get this access token, follow the server authentication flow using OAuth clients:

1. Nabla associates a JWKS URL or public key with your organization
2. You send a POST <baseUrl>/oauth/token request with a JWT signed by your private key
3. Nabla verifies the JWT using your public key
4. Nabla issues an access token you use to authenticate subsequent requests

For full details, see Server authentication.

Endpoints

POST /users — Create or update provider user

See User provisioning for upserting a provider by external_provider_id, optionally applying specialty and speech locale settings before an encounter.

POST /encounters — Create encounter (primary)

See Create encounter for the full request/response documentation, including payload schemas for the legacy format and the 2026-02-13 version.

POST /encounter remains available as a deprecated alias with the same behavior.

POST /encounters/url — Refresh encounter URL (primary)

See Refresh encounter URL for documentation on generating a fresh one-time URL for an existing encounter.

POST /encounter/url remains available as a deprecated alias with the same behavior.