🧪 LIMS Integration Guide

Poveon API Documentation

A complete reference for integrating with the Poveon laboratory request platform. All endpoints follow REST conventions and return JSON (unless noted).

Base URL:https://poveon.com

Protocol:HTTPS only

Format:JSON / FormData

Auth:Cookie / API Key

Overview

The Poveon API enables healthcare systems and LIMS to automate lab request management. You can create requests programmatically, track their lifecycle, deliver results, and manage laboratory accounts — all through a clean REST interface.

📝

Request Creation

Doctors or integrated systems submit patient test requests without a login.

📡

Real-time Status

Poll or webhook-trigger status checks as patients progress through the lab.

📄

Result Delivery

Attach PDF results or share secure links directly to doctors and patients.

🏥

Lab Management

Admin APIs let you provision and manage multiple lab accounts.

Authentication

The API supports three access levels. Lab endpoints accept either a session cookie (for human users logging in via the portal) or an X-Poveon-Api-Key header (for LIMS and server integrations). Public endpoints require no credentials.

🔑LIMS / Server Authentication (API Key)

For machine-to-machine integrations, generate an API key from the Admin Dashboard → Labs → Dev panel. Pass it in every request as a header. Keys are hashed server-side — the raw value is only shown once at generation time.

# All lab endpoints accept this header instead of a session cookie:
X-Poveon-Api-Key: pvn_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

// Node.js example
const res = await fetch("https://poveon.com/api/requests/retrieve", {
  method: "POST",
  headers: {
    "Content-Type": "application/json",
    "X-Poveon-Api-Key": process.env.POVEON_API_KEY,
  },
  body: JSON.stringify({ code: "CDL-A3X9B1" }),
});

🌐Public

No authentication required. Any client can call these endpoints.

/api/labs/api/requests/create

🔬Lab Auth

Pass either a session cookie (portal login) or an X-Poveon-Api-Key header. Both grant the same access scoped to your lab.

/api/lab/requests/api/requests/retrieve/api/requests/update-status/api/requests/send-results

🔐Admin Auth

Requires a Supabase session for a verified AdminUser record. Only Poveon staff accounts qualify.

/api/admin/*

Custom Lab Email Branding

By default, all system emails — order confirmations, patient tracking codes, and result deliveries — are sent from Poveon's address (notifications@poveon.com). Labs can optionally have these emails sent from their own address instead.

✉️How It Works

When a lab has a notification_email configured (e.g. no-reply@apexdiagnostics.com), every email in the flow — including LIMS-triggered results — goes out from that address under the lab's name. Recipients see the lab's brand, not Poveon's.

📝

Order confirmation

Sent to doctor when a request is created

🔑

Patient tracking code

Sent to patient if email was provided at creation

👁

Patient arrived notice

Sent to doctor when lab retrieves the order

📄

Results delivery

Sent to doctor and patient when lab sends results

⚠️Activation Required

Custom lab email addresses must be verified in Resend before they can be used. This is a one-time setup done by the Poveon team — labs cannot self-serve this step. Contact support@poveon.com with your desired sending address to get onboarded.

•Unverified addresses will cause email delivery to silently fail.
•Each lab can have one notification_email configured.
•The domain (e.g. apexdiagnostics.com) must be verified — not just the address.

From Address — Before vs. After

Default (no custom email set)

From: Poveon <notifications@poveon.com>

With custom email configured

From: Apex Diagnostics <no-reply@apexdiagnostics.com>

Request Status Workflow

Every lab request moves through three stages. Transitions are strictly enforced server-side.

📥IncomingCreated by doctor

▶

👁SeenPatient arrived

▶

✅DoneResults sent

Transition	Trigger	Email Sent
`incoming → seen`	Lab retrieves request by code	Doctor: patient arrived notification
`seen → done`	Lab updates status or sends results	Doctor + Patient: tests completed / results ready

🌐

Public Endpoints

🔬

Lab Authenticated

⚙️

Admin Endpoints

HTTP Status Codes

All error responses include a JSON body with success: false and an error message string. Always check success before using the response data.

200

Request succeeded

400

Bad Request

Validation failed or invalid input

401

Unauthorized

No valid session cookie or X-Poveon-Api-Key header present, or key is expired/revoked

403

Forbidden

Authenticated but insufficient permissions (e.g. member role lacks the required permission)

404

Not Found

Resource does not exist

429

Too Many Requests

Rate limit exceeded (e.g. 20 requests per doctor email per hour on /api/requests/create)

500

Server Error

Unexpected internal error

Error Response Format

{
  "success": false,
  "error": "Validation failed: patient_name is required"
}

Rate Limiting

Some endpoints enforce hard rate limits. The limits below are actively enforced — requests that exceed them receive a 429 response.

📝Request Creation

20 requests per doctor email per hour

Enforced server-side. Returns 429 when exceeded. Resets on a rolling 1-hour window.

📡Status Polling

Poll at most once every 30 seconds

Not enforced but please follow this guideline. Continuous polling may be throttled.

📄File Uploads

Max 5 files · 10 MB each (results) / 5 MB (logos)

Enforced server-side. Returns 400 for oversized or too many files.

If your integration requires higher throughput, contact us at support@poveon.com.

🚀

Ready to integrate?

Contact the Poveon team to get API credentials and onboard your LIMS or healthcare system.

Get in touch