StudiesDocsSign inCreate account
docs/Reference/API
for the builders

API.

Samply exposes a REST API for programmatic study management and advanced integrations.

Samply exposes two API surfaces: a REST API for programmatic study management (the researcher API), and two integration hooks used by survey tools to signal completion and trigger ad-hoc notifications. Both run on the same host as the dashboard.

Base URL

The researcher REST API is mounted at /webapi/v1. All endpoints below are relative to that prefix. The completion and notify endpoints are mounted directly at the root and are documented separately.

Authentication

All researcher API endpoints (except the token endpoint itself) require a JWT passed in the x-auth-token request header. Obtain a token by posting your researcher credentials:

Token
POST/webapi/v1/authExchange email + password for a JWT.

Request body

FieldTypeDescription
emailstringResearcher account email.
passwordstringResearcher account password.

Response

FieldDescription
tokenJWT valid for 14 days. Pass it as x-auth-token on subsequent requests.

Rate limits

All API paths are subject to rate limiting. Requests that exceed a limit receive a 429 Too Many Requests response. The three tiers are:

LimitPaths
20 requests / 15 min/webapi/v1/auth, login, account-creation, and password-reset endpoints
30 requests / 1 min/api/notify
100 requests / 15 minAll other /api/* and /webapi/* paths

The active study

Most researcher API endpoints operate on the active study — a single study selected on the researcher account. Before calling participant, notification, or job endpoints, select the study you want to work with:

Study selection
GET/webapi/v1/auth/studiesList all studies you own or are a member of.
GET/webapi/v1/auth/studies/selectedReturn the currently active study.
POST/webapi/v1/auth/select/studySet the active study.
GET/webapi/v1/auth/study/:idGet a specific study by its MongoDB ID.
PATCH/webapi/v1/auth/study/:idUpdate fields on a study.

POST /webapi/v1/auth/select/study expects { "id": "<study_id>" } in the request body. The selection is stored on your researcher account and persists across requests until changed.

PATCH body (update study)

Only the following fields are accepted; all others are ignored:

name, description, currentlyActive, public, welcomeMessage, codeMessage, groupMessage, messageAfterJoin, completionMessage, geofencingInstruction, settings

Participants

These endpoints manage participants in the active study. Participants created via the API are initially deactivated — they receive a JWT invitation token that activates them when they open the Samply Research app.

Participants — /webapi/v1/participants
GET/webapi/v1/participantsList all participants in the active study.
GET/webapi/v1/participants/:idGet one participant by Samply ID.
POST/webapi/v1/participantsCreate and enrol a participant.
PATCH/webapi/v1/participants/:idUpdate participant fields.
DELETE/webapi/v1/participants/:idRemove a participant from the study.

POST body (create participant)

FieldRequiredDescription
nameyesDisplay name — not shown to other participants.
emailyesEmail used to create the Samply account.
codenoParticipant code stored as username and available via %PARTICIPANT_CODE%.
expiresInnoHow long the invitation JWT remains valid (e.g. "7d"). Maximum 30 days — larger values are silently capped.
informationnoFreeform JSON object for arbitrary participant metadata.

Response (create participant)

FieldDescription
samplyidThe auto-generated Samply ID for the new participant.
tokenJWT invitation token. Send this to the participant; the app uses it to activate their account.

PATCH body (update participant)

FieldDescription
usernameParticipant code / display name.
deactivatedBoolean — set to true to stop notifications for this participant.
groupGroup assignment string.

All other fields sent in the body are ignored.

Schedules (notifications)

The notifications endpoints manage schedule definitions — the rules that expand into queue rows. Creating a schedule via the API triggers the same queue expansion as submitting the dashboard form.

Schedules — /webapi/v1/notifications
GET/webapi/v1/notificationsList all schedule definitions in the active study.
GET/webapi/v1/notifications/:idGet one schedule definition.
POST/webapi/v1/notificationsCreate a schedule and expand it into the queue.
PATCH/webapi/v1/notifications/:idUpdate a schedule definition.
DELETE/webapi/v1/notifications/:idDelete a schedule and cancel its pending queue rows.

The POST body mirrors the schedule form fields. The routing key is the combination of schedule (one-time or repeat) and target (fixed-times, fixed-intervals, or user-specific), which maps to the same internal handlers used by the dashboard form.

PATCH body (update schedule)

Only the following fields are accepted; all others are ignored:

title, message, url, schedule, target, randomize, startDate, endDate, startTime, endTime, interval, intervalMax, timezone, expireIn, reminders, userid, groupid

Queue (jobs)

The jobs endpoints expose individual queue rows — the expanded sends generated from schedule definitions.

Queue rows — /webapi/v1/jobs
GET/webapi/v1/jobsList all queue rows for the active study.
GET/webapi/v1/jobs/:notificationidList queue rows for a specific schedule.
GET/webapi/v1/jobs/:notificationid/:jobidGet one specific queue row.
PATCH/webapi/v1/jobs/:notificationid/:jobidUpdate a queue row.
DELETE/webapi/v1/jobs/:notificationid/:jobidDelete a queue row.

Completion callback

These endpoints are called by survey tools to register a completion event. On success, Samply marks the result as completed and cancels all pending reminders for that send. No authentication is required — the message ID serves as the shared secret.

Completion — no auth required
GET/studies/:study/done/:messageidRegister completion and show a confirmation page (use as end-of-survey redirect).
POST/studies/:study/done/:messageidRegister completion silently (use as a webhook from your survey tool).
:study
The study URL slug shown in the dashboard address bar.
:messageid
The message ID from the %MESSAGE_ID% placeholder, passed through your survey URL to the end-of-survey redirect or webhook. See Reminders for the full setup walkthrough.

The POST endpoint returns 200 on success and 400 if no matching result record is found for the given message ID.

Notify hook

The notify hook sends an immediate ad-hoc push notification to participants in a study — without creating a schedule or queue row. Intended for event-triggered notifications from external systems (a REDCap alert, a lab system event, etc.). Authentication uses a per-study notify token rather than the researcher JWT.

Ad-hoc notification — token auth
POST/api/notifyFire an immediate notification to participants in a study.

Request body

FieldRequiredDescription
tokenyesStudy notify token. Regenerate it from Edit study → Notify token.
projectIDyesThe study MongoDB ID.
titleyesNotification title.
messageyesNotification body text.
urlnoSurvey URL. Supports the same %TOKEN% placeholders as scheduled notifications.
participantIDnoSend to one specific participant (Samply ID). Omit to send to all.
groupIDnoSend to all members of a group except the triggering participant. Typically used when one participant's action should notify their group.
expireInnoLink expiry in milliseconds from send time.

If both groupID and participantID are provided, Samply sends to all group members except the named participant. If only participantID is given, only that participant is notified. If neither is provided, all study participants receive the notification.

Error responses

StatusMeaning
200Success.
400Bad request — missing or invalid fields, or no active study set on the account.
401Missing or expired x-auth-token header.
429Rate limit exceeded. Back off and retry after a short delay.
500Internal server error. The response body contains the fixed string "Internal server error"; detailed diagnostics are logged server-side only.