If you are trying to connect a third-party application to your practice database so it can automatically pull patient information or sync appointments, you need to configure open dental API authentication. This process establishes a secure, authorized link between your office data and the external software, ensuring that only approved applications can access your patient records.
Prerequisites
Before you can begin, you must ensure your office meets the technical requirements for API communication:
- eConnector: Your office must have the Open Dental eConnector service installed and running. This service acts as the bridge between your local database and the outside world.
- Developer Portal Access: If you are the developer, you must have an account on the Open Dental Developer Portal. If you are a practice owner, your software vendor should provide you with the necessary keys.
- API Keys: You need two specific keys to authenticate:
- Developer API Key: Unique to the software developer.
- Customer API Key: Unique to your specific dental office, generated by the developer and entered into your software.
- Permissions: Ensure your office has the appropriate API access tier enabled. Contact vendor relations if you are unsure about your current subscription level.
Implementation
Authentication is handled via Basic Auth. Every request you send to the API must include an Authorization header in the following format: Authorization: ODFHIR {DeveloperKey}/{CustomerKey}.
Below is a simple example using JavaScript (Node.js) with the axios library to fetch a list of patients:
const axios = require('axios');
// Replace these with your actual keys
const developerKey = 'YOUR_DEVELOPER_KEY';
const customerKey = 'YOUR_CUSTOMER_KEY';
const config = {
method: 'get',
url: 'https://api.opendental.com/api/v1/patients',
headers: {
'Authorization': `ODFHIR ${developerKey}/${customerKey}`,
'Content-Type': 'application/json'
}
};
axios(config)
.then(response => {
console.log(JSON.stringify(response.data));
})
.catch(error => {
console.error('Error fetching data:', error);
});
To enable this in your office, go to Setup > Advanced Setup > API. Click Add Key in the lower left, paste the Customer Key provided by your vendor, and ensure the Enabled checkbox is checked.
Common Errors
- 401 Unauthorized: This usually means your keys are incorrect, expired, or the API is not enabled in your Setup > Advanced Setup > API window. Double-check that you have copied the keys exactly as provided.
- 403 Forbidden: The API key you are using does not have the required permissions to access the specific resource you are requesting.
- 503 Service Unavailable: This often indicates that the eConnector service on your server is stopped or cannot reach the internet. Check your Tools > Misc Tools > Service Manager to ensure the eConnector is running.
Limitations
- Rate Limits: Requests are throttled to ensure system stability. If you do not have specific API permissions enabled, you may be limited to one request per second.
- Data Restrictions: The API only exposes data that is explicitly defined in the API documentation. You cannot perform arbitrary SQL queries against your database via the API.
- Security: Always ensure you have a signed Business Associate Agreement (BAA) with any third-party developer accessing your data, as they will be handling Protected Health Information (PHI).
Don't want to build your own dashboard? DentalCanvas already connects to your Open Dental data and shows you everything in a visual interface.
This article is provided by opendentalsupport.com, an independent community resource. We are not affiliated with Open Dental Software, Inc.