Nutrition Portal API (v1)
Overview
The Nutrition Portal API provides endpoints for nutrition clients to access their data, log food diaries, track progress, and view their meal plans through a dedicated client portal.
Base URL
/api/v1/nutrition/portal/:slug
Where :slug is the specialist's unique portal slug configured in their nutrition settings.
Authentication
Login
Clients authenticate using their username and password:
POST /api/v1/nutrition/portal/:slug/login
Returns a JWT token that must be included in subsequent requests:
Authorization: Bearer <portal_token>
Token Type
Portal tokens are specifically scoped to the nutrition client portal:
- Token type:
nutrition_portal_access - Token expiry: 30 days
- Role:
nutrition_client
Endpoints
Authentication
- Login - Authenticate client
- Change Password – Update password (coming soon)
Client Data
- Get Me – Get current client info (coming soon)
- Get Today - Get today's summary
- Get Active Plan – Get current meal plan (coming soon)
Food Diary
- Get Diary – Get diary for date (coming soon)
- Create Diary – Log food intake (coming soon)
Progress
- Get Progress – Get progress history (coming soon)
- Create Progress – Log measurements (coming soon)
Sessions
- Get Sessions – View appointments (coming soon)
Public Endpoints
These endpoints don't require authentication:
Portal Info
GET /api/v1/nutrition/portal/:slug/info
Returns the portal's branding and configuration.
Response Format
{
"data": { ... },
"error": { "message": "..." }
}
Error Handling
Must Change Password
When mustChangePassword is true on the client account, all endpoints except /change-password will return:
{
"error": {
"message": "Password change required",
"details": {
"code": "MUST_CHANGE_PASSWORD"
}
}
}
The client must change their password before accessing other endpoints.
Security
- Clients can only access their own data
- All queries are scoped by both
workspaceIdandclientIdfrom the token - Private notes are never exposed to clients
- Portal slug is validated against workspace settings