All protected routes require Authorization: Bearer <token> and Content-Type: application/json.
Quick start
POST https://www.leukotrack.widespheres.com/auth/verify-otp
{
"phone": "+966501234567",
"otp": "123456"
}
| Method |
Path |
Auth |
Role |
Description |
POST |
/auth/send-otp |
No |
— |
Send OTP to phone |
POST |
/auth/verify-otp |
No |
— |
Verify OTP → token + user |
POST |
/patient/profile |
Yes |
patient |
Create/update profile |
GET |
/patient/profile |
Yes |
patient |
Get profile |
GET |
/patient/me/qr |
Yes |
patient |
QR payload |
GET |
/admin/profile |
Yes |
admin |
Admin profile |
POST |
/ai/predict |
Yes |
admin |
AI diagnosis on vitals |
POST |
/measurements |
Yes |
admin |
Save measurement |
GET |
/measurements/my-history |
Yes |
patient |
Patient history |
GET |
/measurements/{id} |
Yes |
patient/admin |
Single measurement |
AI Predict example
POST https://www.leukotrack.widespheres.com/ai/predict
Authorization: Bearer <admin_token>
{
"patient_id": "uuid",
"hr": 84,
"spo2": 96,
"temperature": 37.8
}