Updates

Changelog

Release notes and updates for the xCures API and Portal.

May 13, 2026

What's New

The xCures Public API now supports direct PDF downloads for patient documents. A new endpoint returns a signed URL to download the PDF version of any document stored in the platform:

New GET /api/v1/patient-registry/document/{documentId}/pdf endpoint returns a fileName and a time-limited signedUrl for downloading the PDF version of a document.
Signed URLs are valid for 15 minutes from the time of the request.
The endpoint requires a valid ProjectId header and a Bearer token, consistent with all other document endpoints.

Why It Matters

Previously, retrieving a rendered PDF required navigating the document detail response and constructing download logic on the client side. This endpoint provides a direct, purpose-built path to a downloadable PDF, simplifying workflows that surface documents to end users, generate audit artifacts, or integrate with external document management systems.

What You Need to Do

No changes are required to existing integrations. To use the new endpoint, call GET /api/v1/patient-registry/document/{documentId}/pdf with your project credentials. Retrieve and use the signedUrl from the response within 15 minutes, as the URL expires after that window.

May 8, 2026

What's New

The xCures Public API is being updated to decouple Subject (Patient) Creation from Network Querying. Previously, a single call to POST /api/v1/patient-registry/subject or POST /api/v2/patient-registry/subject automatically triggered a network query. As an interim step toward full decoupling, both subject creation endpoints now accept an optional flag that lets you opt out of the implicit query.

Both POST /api/v1/patient-registry/subject and POST /api/v2/patient-registry/subject have been updated with an optional options parameter.
options.initiateEhrQuery (boolean) controls whether a network query is automatically initiated on subject creation.
The flag defaults to true when omitted, preserving existing behavior.

Why It Matters

Greater flexibility: Patient creation and query timing can now be managed independently, providing better support for batch processing and other context-driven workflows.
Full auditability: Every action on a patient record is now an intentional, logged API call. Your audit trail shows exactly when a subject was created and when a query was initiated.
Improved error handling: Independent error reporting for each endpoint eliminates silent failures, making it straightforward to distinguish between subject creation and query issues.

What You Need to Do

No immediate action is required. Because options.initiateEhrQuery defaults to true, your existing integration will continue to behave as before without any changes.

To opt out of the automatic EHR query on subject creation (for example, in batch processing scenarios), pass options.initiateEhrQuery: false in your request body:

{
  "firstName": "David",
  "lastName": "Mann",
  "birthDate": "1965-03-12",
  "gender": "M",
  "email": "david.mann@example.com",
  "phoneNumber": "123-456-7890",
  "addressLine1": "123 Main St.",
  "addressLine2": "Apt 4B",
  "addressCity": "Minneapolis",
  "addressState": "MN",
  "addressPostalCode": "55401",
  "options": {
    "initiateEhrQuery": false
  }
}

The same options.initiateEhrQuery flag is also available on POST /api/v1/patient-registry/subject.

March 25, 2026

What's New

Checklists now include Thumbs Up / Thumbs Down rating and a Report message option directly on each result and justification response.

Thumbs Up / Thumbs Down: indicate whether a checklist response was accurate and helpful
Report a response: flag a result for high-stakes clinical review by the xCures team

Why It Matters

Checklists are only as useful as they are accurate. These controls give users a direct way to flag a result when something is off, whether the cause is missing clinical context, an incorrect qualification, or a justification that does not match the response.

Every piece of feedback feeds back into result quality, making checklists more reliable for the workflows that depend on them.

Questions or assistance: contact the xCures support team at help@xcures.com.

February 20, 2026

What's New

This release expands the public xCures API to make the platform easier to integrate with. The following capabilities are now supported, based on customer feedback:

New timestamp parameters on the Search Queries endpoint: createdFrom and createdTo
A Document Update endpoint that updates a limited set of properties on existing documents (document date, document location, and document name)
OpenAPI specification updates for the Document Search endpoint, in support of the next-generation Document Classifications release:
- informationTypes was previously typed as an array of strings
- It is now typed as Document Classifications (still an array of strings)

Why It Matters

This release consolidates API references, full request and response examples, user guides, and real-world use-case examples on a single site. The new documentation serves both technical and operational audiences. It reduces onboarding friction, clarifies workflow automation, and broadens adoption across healthcare applications.

For more information, contact your Customer Success Manager.

December 18, 2025

What's New

This release launches the public xCures API documentation site at https://docs.xcures.com. Legacy documentation now routes to the new site automatically.

Why It Matters

The new site consolidates API references, full request and response examples, user guides, and real-world use-case examples in one place. It serves both technical and operational audiences, reduces onboarding friction, and supports broader adoption across healthcare applications. Contact your Customer Success Manager for more information.

December 4, 2025

What's New

xCures now supports self-service API credential and token management for connected client applications.

New OAuth endpoint released
Self-service API Credential Management released

Why It Matters

The new API credential management lets xCures customers self-manage API credentials and tokens for their connected client applications through the UI, in a more secure way
Existing customer credentials remain active for now, but the previous OAuth endpoint is no longer in public documentation. Existing credentials continue to work only with the previous OAuth endpoint
New credentials created with this release work only with the new /oauth/token endpoint. Provision new credentials with the self-service tool by following the steps below before January 2026. All pre-existing credentials are deactivated after that date.