Authentication and Verification

The Doximity API allows partners to utilize Doximity’s clinician verification engine to verify the identity of a user and allow the user to authenticate using her Doximity credentials. That’s right, one less username and password for a doctor to remember, less friction during registration and confirmation that the user is a clinician.

OAuth Authorization

Doximity uses the server-side flow of the OAuth2.0 specification to authenticate a user and verify her identity against the Doximity national directory of healthcare providers.

Note: All requests must be sent over HTTPS.

Step 1 - Redirect the user to the Doximity OAuth Dialog

  1. GET https://www.doximity.com/oauth/authorize?
  2. client_id=YOUR_APP_ID
  3. &response_type=code
  4. &redirect_uri=https://yourapp.com/callback
  5. &scope=basic%20colleagues
  6. &type=verify
  7. &state=SOME_ARBITRARY_BUT_UNIQUE_STRING

The “scope” parameter is optional and takes a space delimited list of available scopes. We recommend that you use the smallest possible scope to minimize the friction of registration for your site. The available scopes are currently:

  • Basic: Returns the user’s profile via the profile API. This is also the default scope if no other scopes are declared.
  • Colleages: Returns the colleagues list via the colleages API.
  • Email: Returns the user’s registered email address. The user must explicitly approve this access during OAuth confirmation.

The optional “type” parameter controls which of two landing pages is presented to the user. The value “verify” can be used in cases where emphasis is on using Doximity’s identity verification engine. We provide the following graphic for use with the verify landing page:

Doximity button verify Doximity button verify dark

The value “login” is the default for the “type” parameter and can be used in cases when a user is expected to login frequently. The OAuth flow remains the same in both cases, only the landing page changes. We provide the following graphic for use with the login landing page:

Doximity button login Doximity button login dark

Step 2 - The user is prompted to authorize your application

If the user does not yet have a Doximity account, they will be taken through Doximity’s verification process to create credentials and verify their identity as a clinician. If the user has a Doximity account but is not logged in, they will login using their existing credentials. If the user is already logged in to Doximity, they will be presented with the authorization screen. The user must approve your sites access to his or her Doximity account.

Step 3 - The user is redirected back to your site

If the user authorized your application, the user will be redirected to:

  1. GET YOUR_REDIRECT_URI?
  2. state=YOUR_STATE_VALUE
  3. &code=DOXIMITY_GENERATED_CODE

If the user did NOT authorize your application, the user will be redirect to:

  1. GET YOUR_REDIRECT_URI?
  2. error_reason=user_denied
  3. &error=access_denied
  4. &error_description=The+user+denied+your+request.

Step 4 - Exchange the code for a User Access Token

After the user has authorized your application, you can make a server-side request to exchange the code you received in step 3 for an user access token. You make this request through a post call including the following parameters:

  • grant_type: always “authorization_code”
  • code: the code you received in step 3
  • redirect_uri: this must be the EXACT same value from step 1
  • client_id: this is the client id issued by Doximity, same as step 1
  • client_secret: this is the secret key issued by Doximity. You cannot share this key with anyone or make it available on an server that is accessible to unauthorized personnel.

Here is an example of a call:

  1. POST /oauth/token HTTP/1.1
  2. Host: www.doximity.com
  3. Content-Type: application/x-www-form-urlencoded;charset=UTF-8
  4.  
  5. grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA&redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb&client_id=123455678&client_secret=KJHGAJ981JaslkjasdlkjLKJ230hsdkjljkl230a

The server will respond with the access token in the following format.

  1. HTTP/1.1 200 OK
  2. Content-Type: application/json;charset=UTF-8
  3. Cache-Control: no-store
  4. Pragma: no-cache
  5. {
  6. "access_token":"2YotnFZFEjr1zCsicMWpAA",
  7. "token_type":"bearer",
  8. "expires_in":3600,
  9. "refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA",
  10. }

Step 5 - Make requests to the Doximity API

Once you have an access token for a specific user from step 4, you can query against the Doximity API. For example:

  1. GET https://www.doximity.com/api/v1/users/current
  2. Authorization: Bearer YOUR_ACCESS_TOKEN

Profile

No one enjoys filling out long web forms, particularly busy clinician. The Doximity API allows you to pull in a clinician’s Doximity Profile, her “digital CV”, instantly, removing one more barrier to the registration process.

The profile API is included in the default scope and does not need to be requested explicitly.

Note: All requests must be sent over HTTPS.

URL

  1. https://www.doximity.com/api/v1/users/current

Returns:

  • id: Unique Doximity ID
  • npi: National Provider Identifier
  • first_name: user’s first name
  • middle_name: user’s middle name
  • last_name: user’s last name
  • maiden_name: user’s maiden name, if one exists
  • full_name (e.g. Joel H Davis, MD)
  • gender, i.e. “M” or “F”
  • state (two char abbreviation)
  • lat: office location (+/- floats)
  • lon: office location (+/- floats)
  • city: office city location
  • zip: office zip code
  • additional_locations: List of additional addresses
  • phone: office phone
  • fax: office fax
  • address_1: line 1 of address
  • address_2: line 2 of address
  • credentials: user’s professional credentials, i.e. MD, DO, etc.
  • specialty: user’s specialty, e.g. Orthopaedic Surgery
  • specialty_details: abbreviation, code, credential_id, name, id
  • hospitals: a list of affiliated hospitals and AHA IDs
  • subspecialties: a list of the user’s subspecialties, i.e. Hip & Knee Reconstructive Surgery, Orthopedic Trauma, etc.
  • medical_school: where the user attended medical school
  • residencies: the list of institutions where the user attended residency
  • profile_photo: the url for the user’s profile photo
  • colleague_count: number of contacts on the user’s colleague list
  • verified: True or false, indicates whether the user is has successfully passed Doximity verification. Typically a user is verified instantly, however some users will fall into a manual queue which can take up to three days to process.

Example

Call:

  1. GET https://www.doximity.com/api/v1/users/current
  2. Authorization: Bearer YLKJHIH3yHKJ72378dasdfsD98DKLJ8

Returns:

  1. {
  2. "id": 41993552342,
  3. "npi": 1952635229,
  4. "firstname": "John",
  5. "middlename": "Henry",
  6. "maiden_name": null,
  7. "lastname": "Smith",
  8. "full_name": "Ahmed S Belal, MD",
  9. "gender": "M",
  10. "city": "San Francisco",
  11. "state": "CA",
  12. "zip": "94107",
  13. "phone": "(650) 200-3901",
  14. "fax": "888-416-8572",
  15. "address_1": "500 3rd St.",
  16. "address_2": "Suite 510",
  17. "lat": 42.3663926,
  18. "lon": -71.051395,
  19. "additional_locations":
[
  20. {
  21. "address_1": "12 Main st",
  22. "address_2": null,
  23. "city": "Cambridge",
  24. "state": "MA",
  25. "phone": "555-555-5555",
  26. "fax": null,
  27. "zip": "02138"
  28. }
  29. ],
  30. "credentials": "MD",
  31. "verified": true,
  32. "description": "Chief of Cardiology",
  33. "medical_school": "UCSF School of Medicine",
  34. "residencies": ["Stanford Medical Center", "Mt Sinai Hospital"],
  35. "specialty": "Cardiology",
  36. "specialty_details":
 {
  37. "abbr": "Cards",
  38. "code": "CA00",
  39. "credential_id": 4,
  40. "name": "Cardiology",
  41. "id": "CA00"
  42. },
  43. "hospitals": [
  44. {
  45. "name": "Mills-Peninsula Health Services",
  46. "aha_id": "6930315"
  47. }
  48. ],
  49. "subspecialties": ["General Cardiology", "Cardiac Disease"],
  50. "profile_photo": "https://s3.amazonaws.com/doximity_prod_uploads/profile_photos/7969/normal/profile.png",
  51. "colleague_count": 142
  52. }

Colleagues

Medicine is a social, collaborative profession, but that doesn’t mean you need to recreate a clinician’s professional network. The Doximity Colleagues API can be used to return a full list of a user’s colleague graph, complete with photo, location and specialty. You can use this information to highlight professional connections on your own platform and tap into the power of http://en.wikipedia.org/wiki/Social_proof.

Note: All requests must be sent over HTTPS.

URL

  1. https://www.doximity.com/api/v1/colleagues

Parameters

Call:

  • page: the requested page, defaults to 1
  • per_page: results per page, defaults to 30

Returns:

Pagination info: - total_entries: - current_page: - total_pages: - per_page:

Plus a list containing the following data for each colleague: - id: Unique Doximity ID - npi: https://nppes.cms.hhs.gov/NPPES/Welcome.do

  • first_name: colleague’s first name
  • middle_name: colleague’s middle name
  • last_name: colleague’s last name
  • credentials: colleague’s professional credentials, i.e. MD, DO, etc.
  • specialty: colleague’s specialty, e.g. Orthopaedic Surgery
  • zip: office zip code
  • profile_photo: the url for the colleague’s profile photo

Example

Call:

  1. GET https://www.doximity.com/api/v1/colleagues
  2. Authorization: Bearer YLKJHIH3yHKJ72378dasdfsD98DKLJ87g

Returns:

  1. {
  2. "total_entries": 73,
  3. "current_page": 2,
  4. "total_pages": 8,
  5. "per_page": 10,
  6. "items": [
  7. {
  8. "id": 41993552341,
  9. "npi": 1952635229,
  10. "firstname": "John",
  11. "middlename": "Appleton",
  12. "lastname": "Smith",
  13. "credentials": "MD",
  14. "specialty": "Orthopaedic Surgery",
  15. "zip": "94401",
  16. "profile_photo": "https://s3.amazonaws.com/doximity_prod_uploads/profile_photos/7969/normal/profile.png"
  17. },
  18. ...
  19. {
  20. "id": 41993552342,
  21. "npi": 1578532370,
  22. "firstname": "Frank",
  23. "middlename": "C.",
  24. "lastname": "Zanetti",
  25. "credentials": "MD",
  26. "specialty": "Emergency Medicine",
  27. "zip": "94401",
  28. "profile_photo": "https://s3.amazonaws.com/doximity_prod_uploads/profile_photos/7970/normal/profile.png"
  29. }
  30. ]
  31. }

Rate Limiting

For requests using session cookies or OAuth, you can make up to 5,000 requests per hour. You can check the returned HTTP headers of any API request to see your current rate limit status. With every request, you will receieve the following headers that outline your current limits.

Header NameDescription
X-Rate-Limit-LimitThe maximum number of requests that the consumer is permitted to make per hour.
X-Rate-Limit-RemainingThe number of requests remaining in the current rate limit window.
X-Rate-Limit-ResetThe time at which the current rate limit window resets in http://en.wikipedia.org/wiki/Unix_time.

Once you go over the rate limit you will receive an error response:

  1. HTTP/1.1 429 Too Many Requests
  2. Date: Mon, 29 Sep 2014 23:55:21 GMT
  3. Status: 429 Too Many Requests
  4. X-Rate-Limit-Limit: 5000
  5. X-Rate-Limit-Remaining: 0
  6. X-Rate-Limit-Reset: 1412034908
  7.  
  8. {
  9. "message": "API rate limit exceeded. Please check the documentation for details.",
  10. "documentation_url": "https://developer.doximity.com/rate-limit.html"
  11. }

You can also check your rate limit status without incurring an API hit at /api/v1/rate_limit. The response contains:

{"limit": 5000,"remaining": 4999,"reset": 1372700873}

Rate limit for OAuth applications

For applications authenticating with the client credentials flow, the same rate limits apply as above but are evaluated in a different context. For many scenarios, you may want to use this additional rate limit pool as a “reserve” for your typical user-based operations.

Staying within the rate limit

If you are using session cookies or OAuth, and you are exceeding your rate limit, you can likely fix the issue by caching API responses or using conditional requests. You may also find that only fetching new data for those users that have recently signed into your site may also reduce the amount of requests you need to make.

If you’re still exceeding your rate limit, please contact us to request a higher rate limit for your OAuth application.

Blacklisting

We ask that you honor the rate limit. If you or your application repeatedly abuses the rate limits we will blacklist it. If you are blacklisted you will be unable to get a response from the Doximity API. If you or your application has been blacklisted and you think there has been an error you can contact the email address on our Support page.</p>


Doximity API Terms of Use

Thank you for helping to build the healthcare web and for using Doximity’s APIs. Doximity makes its application programming interfaces (Doximity APIs” or “APIs”) available to you to facilitate the development of innovative medical applications using Doximity data and developer tools. If you want to use the Doximity APIs outside the scope of these Terms and Conditions, or to build and/or distribute enterprise applications outside your own company (e.g. use the APIs to build an Application that you distribute to other companies), please contact our Business Development Team.

By using one or more of the Doximity APIs, you and, if applicable, the company you represent (collectively, “you”) accept and agree to be bound by the following terms and conditions (the “Terms of Use” or “Terms”). It is important that you read these Terms as they form a legal agreement between you and Doximity, Inc. (“Doximity”, “we”, or “us”).

In addition to the content in this document, the following are incorporated into the Terms (and references to “Terms” shall mean this document and those incorporated by reference):

  1. The Doximity End User License Agreement, which is located at https://www.doximity.com/privacy
  2. The Doximity Privacy Policy, which is located at https://www.doximity.com/privacy
  3. The Platform Guidelines, which are located at the Doximity Developer Portal and
  4. The Branding Guidelines, which are also located at the Developer Portal.

In the event of any conflict between the content in this document and the documents incorporated by reference, this document shall control with respect to your use of the APIs. If you disagree with any of the provisions in these Terms, do not click that you agree to them, and do not accept, access or use the APIs.

Doximity reserves the right, from time to time, with or without notice to you, to change these Terms in our sole and absolute discretion. The most current version of these Terms can be reviewed on the Doximity developer portal at anytime and supersedes all previous versions. By using the Doximity APIs after changes are made to the Terms, you agree to be bound by such changes. Your only recourse if you disagree with the Terms, or changes to the Terms, is to discontinue your use of the APIs. Accordingly, we recommend you review these Terms periodically.

1 Description, Licenses, and Restrictions

1.1 Description of Doximity APIs.

The APIs consist of programmatic web APIs and associated tools and documentation that allow you to create software application(s) or website(s) (your “Application”) using certain data and content from the Doximity website at www.doximity.com (“Website”), made accessible by Doximity in its sole discretion (the “Content”). While Doximity strives to have its APIs available continuously, it cannot guarantee any up-time for any Doximity developer resource, including the APIs.

1.2 Developer Accounts and Access Codes.

To obtain the necessary security keys, secrets, tokens, passwords and/or other credentials to access the APIs (collectively, “Access Codes” or “API Keys”), you must create a account through Doximity’s developer portal at: http://developer.doximity.com or by contacting the Doximity Business Development Team (“Developer Account”). You are responsible for maintaining the secrecy and security of your Access Codes, and all activities that occur using your Access Codes, are your responsibility. In order to maintain accurate information (including a current email address and other required contact information) related your account, you must keep your Developer Account information up-to-date.

1.3 APIs License Grant.

Subject to the terms and conditions in these Terms, we grant you a limited, non-exclusive, non-assignable or non-transferable license under Doximity’s intellectual property rights during the Term to use the APIs to develop, test, and support your Application, and to distribute or allow access to your integration of the APIs within your Application to end users of your Application. You have no right to distribute or allow access to the stand-alone APIs.

1.4 Brand Features License Grant.

Subject to the terms and conditions of these Terms, we grant you a limited, non-exclusive, non-assignable and non-transferable license during the Term to display our trade names, trademarks, service marks, logos and domain names that we make available to you in our discretion via the Branding Guidelines available on our Developer Portal (collectively, “Brand Features”) to promote or advertise your integration of the APIs in your Application. You agree that your use and display of the Brand Features will at all times be consistent with the Branding Guidelines, and any other branding, trademark, or similar guidelines included in the Platform Guidelines. In particular, you agree not to display our Brand Features in any way that is misleading, defamatory, infringing, libelous, disparaging, obscene, or otherwise objectionable to Doximity, or in a way that suggests we have created, sponsored, or endorsed your Application or its content.

1.5 Restrictions.

In addition to other restrictions contained in these Terms, you agree not to do any of the following, unless expressly permitted by Doximity in these Terms or in writing by Doximity:

  1. Use a fraudulent Doximity information to register as a Doximity developer. You must accurately reflect the professional information of the actual developer requesting the license, including an accurate description of the current title and company.
  2. Allow anyone other than you to access your Developer Account.
  3. Sell, transfer, sublicense or otherwise fail to protect the confidentiality of the APIs, Access Codes, or content posted or available in areas of the Developer Portal that require Access Codes.
  4. Modify or attempt to circumvent the Access Codes.
  5. Obtain or use more than twenty-five (25) Access Codes, either through one or multiple developer accounts. Please contact our Business Development Team at: bd@doximity.com to discuss options to exceed this limit.
  6. Require your users to obtain their own Access Code to use your Application.
  7. Use your Developer Account or Access Codes to build and/or distribute enterprise applications outside your own company (e.g. use the APIs to build an Application that you distribute to other companies).
  8. Request or publish information impersonating a Doximity user, misrepresent any user or other third party in requesting or publishing information;
  9. Provide functionality that proxies, requests or collects Doximity user names or passwords; or
  10. Obfuscate or hide your deployment or use of any Doximity buttons, sign-in functionality, consent or authorization flows from your users.
  11. Allow any third party, including other users, to see information obtained from another user’s Doximity network or through another user’s view of our Website or the Content;
  12. Obtain, display or use more data through the APIs than is minimally required to run the Application created using the particular developer key;
  13. Store Doximity user data other than the Member Token or OAuth Token for any Doximity user, with the exception of a user’s profile data when given explicit permission by the owner of the profile as set forth in 3.4, below. User profile data obtained in accordance with this section and 3.4 below may not be updated without the user’s subsequent consent;
  14. Use the APIs or Brand Features for any illegal, unauthorized or otherwise improper purposes, or in any manner that would violate these Terms (or any document incorporated into the Terms), or breach any laws or regulations, or violate any rights of third parties, or expose Doximity or its members to legal liability in your use of the APIs;
  15. Combine content from the APIs with other Doximity data obtained through scraping or any other means outside the official Doximity APIs. This includes acquiring Doximity data from third parties;
  16. Remove any legal, copyright, trademark, watermark or other proprietary rights notices contained in or on materials you receive or access pursuant to these Terms, including the APIs, the materials posted at the Developer Portal, and our Website;
  17. Sell, lease, share, transfer, sublicense any Content obtained through the APIs, directly or indirectly, to any third party, including any data broker, ad network, ad exchange, or other advertising or monetization-related party.
  18. Charge, directly or indirectly, any incremental fees (including any unique, specific, or premium charges) for access to Doximity’s Content or your integration of the APIs in your Application;
  19. Use the Content in any advertisements or for purposes of targeting advertisements (whether such advertisement appear in your Application or elsewhere);
  20. Submit content that falsely expresses or implies that such content is sponsored or endorsed by Doximity;
  21. Use the Content for generating advertising, messages, promotions, offers, or for any other purpose other than, and solely to the extent necessary for, allowing end users to use the returned Content in your Application;
  22. Implement features or business practices that harms the professional reputation, relationships, or professional ecosystem of Doximity members.
  23. Copy, adapt, reformat, reverse-engineer, disassemble, decompile, translate or otherwise modify the APIs, Access Codes, our Website or any Content displayed on it, including the a user’s Public Profile including its URL, or any of our other services, through automated or other means;
  24. Use the APIs in an Application that competes with products or services offered by us;
  25. Interfere with or disrupt Doximity services or servers or networks connected to Doximity services, or disobey any requirements, procedures, policies or regulations of networks connected to Doximity services;
  26. Use any robot, spider, site search/retrieval Application, or other device to retrieve or index any portion of Doximity services or collect information about users for any unauthorized purpose;
  27. Download, scrape, post, or transmit, in any form or by any means, any part of our Website or Content other than Content that you post as part of your Application;
  28. Transmit any viruses, worms, defects, Trojan horses, or any items of a destructive nature through your use of the APIs;
  29. Use the APIs in an Application that contains or displays or promotes any of the following: spyware, adware, or other malicious programs or code, counterfeit goods, items subject to US embargo, hate materials (e.g. Nazi memorabilia) or materials urging acts of terrorism or violence, goods made from protected animal/plant species, recalled goods, any hacking, surveillance, interception, or descrambling equipment, illegal drugs and paraphernalia, unlicensed sale of prescription drugs and medical devices, the sale of tobacco or alcohol to persons under twenty-one (21) years of age, pornography, prostitution, body parts and bodily fluids, stolen products and items used for theft, fireworks, explosives, and hazardous materials, government IDs, police items, unlicensed trade or dealing in stocks and securities, gambling items, professional services regulated by state licensing regimes, non-transferable items such as airline tickets or event tickets, non-packaged food items, or weapons and accessories;
  30. Use the APIs for purposes where their failure could lead to death, personal injury, or severe property or environmental damage;

1.6 Support and Modifications.

We may provide you with support or modifications for the APIs in our sole discretion. We may terminate the provision of such support or modifications to you at any time without notice or liability to you. We may release subsequent versions of the APIs and require that you use such subsequent versions. Your continued use of the APIs following a subsequent release will be deemed your acceptance of modifications.

1.7 Fees.

The APIs are currently provided for free, but Doximity reserves the right to charge for the APIs in the future. If we do charge a fee for use of the APIs or any developer tools and features, you do not have any obligation to continue to use the Doximity’s developer resources.

1.8 Monitoring.

You agree to provide and assist Doximity in verifying your compliance with this Agreement by providing us information about your Application, including providing us access to it and/or other materials related to your use of the APIs. If, in Doximity’s sole discretion, you do not demonstrate full compliance with this Agreement, we may restrict or terminate your access to the APIs.

1.9 Usage Limitations.

Doximity may limit the number of network calls that your Application may make via the APIs, and/or the maximum Content that may be accessed, or anything else about the APIs and the Content it accesses as Doximity deems appropriate in its sole discretion. The usage limitations can be found in the Doximity developer portal at http://developer.doximity.com Doximity may change such usage limits at any time. In addition to its other rights under these Terms, Doximity may utilize technical measures to prevent over-usage and/or stop usage of the APIs by an Application after any usage limitations are exceeded. If no limits are stated in the Platform Guidelines, you nevertheless agree to use the APIs in a manner that, as determined by us in our sole discretion, exceeds reasonable request volume or constitutes excessive or abusive usage.

1.10 Security Measures.

Your networks, operating system and the software of your web server(s), routers, databases, and computer systems (collectively, “System” or “Systems”) must be properly configured to Internet industry standards as required to securely operate your Application. You will not architect or select Systems in a manner to avoid the foregoing obligation. You must promptly report any security deficiencies in or intrusions to your Systems that you discover to Doximity in writing via email to support@Doximity.com or subsequent contact information posted in the Developer Portal. You will work with Doximity to immediately correct any security deficiency, and will disconnect immediately any intrusions or intruder. In the event of security deficiency or intrusion involving the Application, you will make no public statements (i.e. press, blogs, bulletin boards, etc.) without prior written and express permission from Doximity in each instance.

1.11 Doximity Independent Development.

You understand and acknowledge that Doximity may be independently creating applications, content and other products or services that may be similar to or competitive with your Application, and nothing in these Terms will be construed as restricting or preventing Doximity from creating and fully exploiting such applications, content and other items, without any obligation to you.

2 Proprietary Rights

2.1 Doximity Property.

As between you and us, we own all rights, title, and interest, including without limitation all intellectual property rights, in and to, the (i) APIs, and all elements, components, and executables of the APIs; (ii) the Content available from the APIs; (iii) our Website; and (iv) our Brand Features (collectively, the “Doximity Materials”). Except for the express licenses granted in these Terms, Doximity does not grant you any right, title or interest in the Doximity Materials. You agree to take such actions, including, without limitation, execution of affidavits or other documents, as Doximity may reasonably request to effect, perfect or confirm Doximity’s rights to the Doximity Materials.

2.2 Feedback.

You have no obligation to give us any suggestions, comments or other feedback (“Feedback”) relating to the Doximity Materials. However, we may use and include any Feedback that you voluntarily provide to improve the Doximity Materials and/or any other of our products, services or technologies. Accordingly, if you give Feedback, you agree that we may freely use, reproduce, license, and distribute such Feedback. You also agree not to provide Feedback that you know is subject to any intellectual property claim by a third party or any license terms which would require products or services derived from such Feedback to be licensed to or from, or shared with, any third party.

2.3 Application.

You represent and warrant to Doximity that, excluding Doximity Property, you have the right to use, reproduce, transmit, copy, publicly display, publicly perform, and distribute your Application, and that use by Doximity and its users of your Application shall not violate the rights of any third party (e.g., copyright, patent, trademark, or other proprietary right of any person or entity), or any applicable regulation or law, including the laws of any country in which your Application is made available. Except to the extent your Application contains Doximity Property (and then only with respect to the Doximity Property), Doximity claims no ownership or control over your Application. During the term of these Terms you hereby grant to us a paid-up, royalty-free, nonexclusive, worldwide right and license, under all of your intellectual property rights, to: (i) use, perform, and display your Application and its content for purposes of marketing, demonstrating, and making your Application available to users and (ii) link to and direct users to your Application. Following the termination of these Terms, Doximity shall remove all references and links to your Application from the Doximity website and service.

3.1 Doximity’s Privacy Policy.

Doximity’s collection and use of personal information from its users and developers is governed by Doximity’s Privacy Policy, available at https://www.doximity.com/privacy and incorporated by reference into these Terms, with the exception that Doximity may reveal personal information about developers for attribution purposes, handling inquiries from users or potential users, and other purposes Doximity reasonably deems necessary pursuant to these Terms. You understand and agree that Doximity may access, preserve, and disclose your personal information and your developer account details if required to do so by law or in a good faith belief that such access, preservation, or disclosure is reasonably necessary to comply with legal process or protect the rights, property and/or safety of Doximity, its affiliates or partners, its users, or the general public.

You will post a policy complying with the Digital Millennium Copyright Act (DMCA) and respond promptly to notices of alleged copyright infringement involving your Application.

You will (a) maintain your own user agreement and privacy policy applicable to users of the Application (your “Policies”), (b) comply with your Policies, (c) prominently identify and link to your Policies at those locations where users may opt to download or access your Application, and (d) promptly notify us of any breaches of your Policies by you or users of the Application. Your privacy policy will be at least as stringent and user-friendly as Doximity’s. Before obtaining information from your users of the Application, you will obtain their informed consent by informing them what information you collect and how it will be used and/or shared.

3.4 Data Storage and Conversion Limits.

3.4.1 Prohibition on Copying and Storage.

You may not copy, store or cache any Content returned or received through the APIs, including data about users, longer than the current usage session of the user for which it was obtained, except for the alphanumeric user IDs (Member Tokens) which we provide you for identifying users or any individual member’s authentication token (OAuth Token) which we provide you when a Doximity user authenticates your Application to his Doximity account.

3.4.2 Exceptions.

You may store the Member Token and the OAuth Token until the earlier of:

  • Your ceasing using the APIs;
  • The Doximity user uninstalls your application or directs you to delete the user’s information; or,
  • We terminate your use of them for breach of these Terms.

The restrictions of this section do not apply to user profile data received through a one-time call through the APIs that a user explicitly permits you to collect and store, provided that you obtain the user’s consent through the technical and user-interface specifications provided by Doximity, and that any subsequent update to the profile data only be done with the user’s explicit consent. PLEASE NOTE: a) User profile data does not include information about a user’s connections, which may not be copied or stored; and b) you may only use stored profile data for the benefit of the Doximity user that granted you permission to access it.

3.4.4 Removal of Doximity User Data from Your System.

Also, you must remove all data collected with the user’s consent upon request by the user, when the user uninstalls your Application, or when the user closes his or her account with you. The restrictions of this section also do not apply to “Independent Data,” which means data that users provide directly to you and that is separately entered, uploaded, or presented to you by the user of your Application.

4 Marketing and Publicity

4.1 Your Marketing and Publicity.

You may promote your Application, including talking to traditional and online media and your users about your Application, so long as you do so truthfully and without implying that your Application is created or endorsed by Doximity (or otherwise embellishing your relationship with Doximity). However, you may not issue any formal press release via traditional or online media referring to Doximity without Doximity’s prior consent, unless expressly allowed in the Guidelines for Use of Doximity Brand Features.

4.2 Doximity’s Marketing and Publicity.

We may publicly refer to you, orally or in writing, as a licensee of the Doximity APIs and we may publish your name and/or logo (with or without a link to your Application) on our Website, in press releases, and in promotional materials without your prior consent.

5 Confidentiality

The term “Doximity Confidential Information” means any information of or relating to Doximity that becomes known to you through disclosure, observation or otherwise, and that either is designated as confidential by Doximity or that is not generally known or readily ascertainable to the public, including, without limitation, nonpublic information regarding Doximity’s APIs and Doximity’s products, services, programs, features, data, techniques, technology, code, ideas, inventions, research, testing, methods, procedures, know-how, trade secrets, business and financial information and other activities. All Doximity Confidential Information remains the property of Doximity, and no license or other right in any Doximity Confidential Information is granted hereby. You will not disclose any Doximity Confidential Information to any third party, and will take all reasonable precautions to prevent its unauthorized dissemination, both during and after the term of these Terms. If you are a corporate entity, you will limit your internal distribution of Doximity Confidential Information to your employees and agents who have a need to know, and will take steps to ensure that dissemination is so limited. You will not use any Doximity Confidential Information for the benefit of anyone other than Doximity. Upon Doximity’s written request, you will destroy or return to Doximity all Doximity Confidential Information in your custody or control. In addition to the terms of this provision, you and Doximity will continue to be subject to any non-disclosure agreement that you and Doximity have entered into separately. This provision will survive any termination of these Terms.

6 Term and Termination

6.1 Term.

The term of these Terms of Use shall commence on the date upon which you agree to the Terms and shall continue in force thereafter, unless modified or terminated as provided herein.

6.2 Doximity Termination; Suspension; Discontinuance.

We may suspend or terminate your use of all or any of the APIs at any time if we believe you have violated these Terms, the User Agreement, the Platform Guidelines, or, in our sole discretion, we believe the availability of the APIs in your Application is not in our or our users’ best interests. We may discontinue the availability of some or all of the APIs at any time for any reason. We may also impose limits on certain features and services or restrict your access to some or all of the APIs or our Website. All of our rights herein may be exercised without prior notice or liability to you.

6.3 Your Termination.

You may terminate the agreement under these Terms for any reason or no reason at all, at your convenience, by closing your account or ceasing use of the APIs.

6.4 Effect of Termination.

Upon termination of the agreement between you and us under these Terms, (a) all rights and licenses granted to you will terminate immediately, (b) any and all payment obligations, if any, will be due, (c) you will promptly destroy Doximity Confidential Information in your possession or control, and (d) unless we agree otherwise in writing or as stated in these Terms, you must permanently delete all Content or other data which you stored pursuant to your use of the APIs, except as expressly permitted by these Terms of the Platform Guidelines. Doximity may request that you certify in writing your compliance with this section. No liability shall be created for either party by the mere fact of termination of the agreement under these Terms. The following sections of these Terms shall survive termination: Sections 1.5, 1.8, 1.11, 2, 3, and 5-10.

6.5 Remedies.

You acknowledge that your breach of these Terms may cause irreparable harm to Doximity, the extent of which would be difficult to ascertain. Accordingly, you agree that, in addition to any other remedies to which Doximity may be legally entitled, Doximity shall have the right to seek immediate injunctive relief in the event of a breach of these Terms by you or any of your officers, employees, consultants or other agents.

7 WARRANTY DISCLAIMER

THE DOXIMITY MATERIALS ARE PROVIDED “AS IS” WITH NO WARRANTY, EXPRESS OR IMPLIED, OF ANY KIND AND WE EXPRESSLY DISCLAIM ANY AND ALL WARRANTIES AND CONDITIONS, INCLUDING ANY IMPLIED WARRANTY OR CONDITION OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AVAILABILITY, SECURITY, TITLE AND/OR NON-INFRINGEMENT. SOME OF THE DOXIMITY MATERIALS ARE EXPERIMENTAL AND HAVE NOT BEEN TESTED IN ANY MANNER. WE DO NOT REPRESENT, WARRANT OR MAKE ANY CONDITION THAT THE DOXIMITY MATERIALS ARE FREE OF INACCURACIES, ERRORS, BUGS OR INTERRUPTIONS, OR ARE RELIABLE, ACCURATE, COMPLETE OR OTHERWISE VALID. YOUR USE OF THE DOXIMITY MATERIALS IS AT YOUR OWN DISCRETION AND RISK, AND YOU WILL BE SOLELY RESPONSIBLE FOR ANY DAMAGE THAT RESULTS FROM USE OF THE DOXIMITY MATERIALS INCLUDING FOR ANY DAMAGE TO YOUR COMPUTER SYSTEM OR LOSS OF DATA. NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED BY YOU FROM US OR THROUGH OR FROM OUR WEBSITE OR OUR SERVICES SHALL CREATE ANY WARRANTY OR CONDITION NOT EXPRESSLY STATED IN THESE TERMS.

8 LIMITATION OF LIABILITY

YOU AGREE TO THE FOLLOWING LIMITATION OF LIABILITY TO THE EXTENT PERMITTED BY APPLICABLE LAW: YOU EXPRESSLY UNDERSTAND AND AGREE THAT DOXIMITY SHALL NOT BE LIABLE TO YOU FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL OR EXEMPLARY DAMAGES, INCLUDING DAMAGES FOR LOSS OF PROFITS, GOODWILL, USE, DATA OR OTHER INTANGIBLE LOSSES (EVEN IF DOXIMITY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES), RESULTING FROM: (i) THE USE OR THE INABILITY TO USE THE DOXIMITY MATERIALS; (ii) THE COST OF PROCUREMENT OF SUBSTITUTE GOODS AND SERVICES; (iii) UNAUTHORIZED ACCESS TO OR ALTERATION OF YOUR TRANSMISSIONS OR DATA; (iv) STATEMENTS OR CONDUCT OF ANY THIRD PARTY ON OR IN THE DOXIMITY MATERIALS OR ANY DOXIMITY SERVICES; OR (v) ANY OTHER MATTER RELATING TO THE DOXIMITY MATERIALS OR ANY DOXIMITY SERVICES. UNDER NO CIRCUMSTANCES SHALL DOXIMITY’S AGGREGATE, CUMULATIVE LIABILITY TO YOU ARISING OUT OF OR IN CONNECTION WITH THESE TERMS, UNDER ANY THEORY OF LIABILITY, EXCEED U.S. ONE HUNDRED DOLLARS (U.S. $100).

9 Indemnification

You agree to hold harmless and indemnify Doximity, and its affiliates, and their respective directors, officers, agents, and employees, advertisers or partners, from and against any third party claim arising from or in any way related to your use of any Doximity Materials, violation of these Terms of Use or any other actions connected with your use of the Doximity APIs, including any liability or expense arising from all claims, losses, damages (actual and consequential), suits, judgments, litigation costs and reasonable attorneys’ fees, of every kind and nature.

10 General Terms

10.1 Governing Law; Attorneys Fees.

These Terms will be governed by and construed in accordance with the laws of the State of California as such laws apply to contracts between California residents performed entirely within California. Any action or proceeding arising from or relating to these Terms must be brought in a federal court in the Northern District of California or in state court in San Mateo County, California and each party irrevocably submits to the jurisdiction and venue of any such court. In the event of litigation between the parties arising out of or related to these Terms, the prevailing party will be entitled to recover its attorneys’ fees and costs incurred.

10.2 Interpretation.

The term “include” (and all of its variants) when used in these Terms will be interpreted to be followed by the clause “without limitation” in all cases. You agree that Doximity has sole discretion in determining the interpretation of the meaning of these Terms, including determining your compliance with these Terms.

10.3 Export Laws.

You shall comply with applicable export laws and regulations of the United States with respect to any technical materials you receive pursuant to these Terms.

10.4 Waiver.

The failure of Doximity to exercise or enforce any right or provision of these Terms shall not constitute a waiver of such right or provision.

10.5 Severability of Terms.

If any provision of these Terms is found by a court of competent jurisdiction to be invalid, the parties nevertheless agree that the court should endeavor to give effect to the parties’ intentions as reflected in the provision, and the other provisions of these Terms remain in full force and effect

10.6 Applicability and Entirety of Terms.

These Terms do not apply to you if you and Doximity have executed a written API License Agreement, in which case such Agreement applies. In all other cases, these Terms apply to you, they constitute the entire agreement between you and us with respect to the subject matter herein, and they supersede any and all prior proposals (oral and written), understandings, representations and other communications between you and us.

10.7 Relationship Between the Parties.

Nothing in these Terms will be construed as creating a partnership or joint venture of any kind between the parties and neither party will have the authority or power to bind the other party or to contract in the name of or create a liability against the other party in any way or for any purpose.

10.8 Assignment.

You may not assign these Terms, in whole or in part, without Doximity’s prior written consent. Any assignment in violation of this section is null and void.

10.9 Headings.

The section headings in these Terms are for convenience only and have no legal or contractual effect.


Doximity API Branding Guidelines

Doximity permits its third party developers and partners (“you”) to use its name, trademarks, logos, web pages, screenshots and other brand features (the Doximity “Brand Features”, “Marks” or “logos”) only in limited circumstances and as specified in these Guidelines. By using Doximity’s Marks, you agree to adhere to these Guidelines and specifically to the Use Requirements and Terms below. If you have a separate agreement with Doximity that addresses use of the Doximity brand, that agreement shall govern your use of the Doximity Marks.

Our Trademarks

Doximity is a registered trademark of Doximity, Inc.

You should include this attribution, as applicable, with your other trademark and copyright notices.

Use of the “Doximity” Name in Text

When referring to our company, the full name is Doximity, Inc.

When referring to our services, the Doximity name should be written as one word and used as an adjective followed by a description of our services in a form similar to the following examples:

  • Doximity® Profile
  • Doximity® API

The Doximity name should always be accompanied by either the ® or ™ symbol.

Logos For Use By Third Party Developers

You may use the following buttons on your site when linking to the Doximity OAuth authentication flow:

Doximity button login   Doximity button login dark
Doximity button verify   Doximity button verify dark

Additional API logos are pending. Please contact us at bd@doximity.com

Logos For Use By Media

As a member of the media, you may use the logos available here to report on Doximity’s business. These logos may not be altered, combined with other marks or used in a misleading manner. Your use of these logos is subject to your compliance with these Guidelines.

Logos For Use By Partners

If you have a current agreement with Doximity, you may use logos in accordance with the terms of your agreement and these Guidelines. You can download Doximity logos here.

Use Requirements and Terms

All permitted uses of the Doximity Marks must conform to the following guidelines:

No Modification. The Doximity Marks must be used as provided by Doximity with no modifications. Don’t remove, distort or alter any element of the Marks, including changing any colors. Do not shorten, abbreviate, or create acronyms out of the Marks.

No Confusingly Similar Marks. Don’t use the Marks in a manner that might create potential confusion as to the owner of the Doximity Marks or imply that Doximity is the source of your products or services.

No Incorporation. Don’t incorporate the Doximity Marks into your own product name, service names, trademarks, logos, company names, domain names, website title, publication title, application icon, favicon, or the like. Don’t incorporate or use the “d” logo as part of a word.

No Generic Use. Don’t use the Doximity Marks in a way that suggests a common, descriptive, or generic meaning.

No Plural or Possessive Use. Never use the Doximity Marks in the plural or possessive form.

Domain Names. Don’t register the Doximity Marks as domain names or as any part of a domain name.

Trade Dress. Don’t copy or imitate Doximity’s website design, typefaces, distinctive color, graphics designs or imagery.

Endorsement. Don’t display the Doximity Marks in any manner that might imply a relationship or affiliation with, sponsorship, or endorsement by Doximity, or that can be reasonably interpreted to suggest that any content has been authorized by or represents the views or opinions of Doximity or Doximity personnel.

Prominence. Don’t display the Doximity Marks as the primary or most prominent feature on your web page or in any non-Doximity materials.

Disparagement. Do not use the Doximity Marks in a manner that would disparage Doximity, Inc. or its products or services.

Violation of Law. Don’t display the Doximity Marks on any web site that contains or displays adult content, promotes gambling, involves the sale of tobacco or alcohol to persons under twenty-one years of age, or otherwise violates any law or regulation.

Objectionable Use. Don’t display the Doximity Marks in a manner that is in Doximity’s sole opinion misleading, unfair, defamatory, infringing, libelous, disparaging, obscene or otherwise objectionable to Doximity.

Attribution. The Doximity Marks must be accompanied by the appropriate ® or ™ symbol. If you use the Marks outside the United States, please see Use Outside the US below.

Use Outside the US. Trademark rights vary from country to country. Some countries have penalties for improper use of the registration symbol ®. If using the Marks on sites based outside the United States, use the ™ symbol unless otherwise noted in these Guidelines.

Termination. Doximity may ask you to stop using the Marks at any time. You agree to stop using the Marks within a reasonable period of Doximity’s request, but in no situation, more than seven (7) days after Doximity’s request.

Reservation of Rights. Doximity is the owner of all rights in the Marks and reserves all rights save the limited license granted here. Your use of the Marks pursuant to this license shall not be construed as limiting any of Doximity’s rights in the Marks.

DOXIMITY DISCLAIMS ANY WARRANTIES THAT MAY BE EXPRESS OR IMPLIED BY LAW REGARDING THE DOXIMITY MARKS (TO THE EXTENT PERMITTED BY LAW), INCLUDING WARRANTIES AGAINST INFRINGEMENT.

Additional Information

Doximity requires that you conform to these Guidelines in your use of any Brand Features. We may modify these Guidelines at any time and your continued use of the Brand Features will constitute your consent to such modifications. Doximity has complete discretion in determining if your use violates any of the Guidelines.

If you would like to make use of the Brand Features in a manner not within the following Guidelines, you must seek our prior written permission by submitting the Request for Permission Form.

For assistance in understanding these Guidelines, please contact us at pr@doximity.com.


Doximity API Platform Guidelines

We designed the Doximity API platform to allow users to use their Doximity accounts in your applications. By following these guidelines, we can ensure that our common users have the best possible experience with your product. Doximity reserves the right to limit or block your access to the site and the APIs should your application be found to violate these guidelines.

The Big Picture

Here is a summary of the major themes we cover in our rules below. Please refer to our API Terms of Use for details.

  1. Doximity is a professional network. We ask that you do not implement features or business practices that could be harmful to the professional reputations or relationships of Doximity members.
  2. Don’t store Doximity data: The exceptions here are a) storing User ID for subsequent API calls, and b) storing user profile data when the profile owner has given explicit permission through a Doximity-provided interface for obtaining user consent
  3. Don’t share your Access Codes/API Keys with anyone.
  4. Don’t expose Doximity user account/network data with other users: Doximity users that give your application access to their Doximity account should only be able to see data from their own Doximity network.
  5. Don’t use the APIs in conjunction with, or combine any Doximity API content with data scraped by you or other third parties from Doximity. While we are excited that our develop resources are used to create innovative applications, Doximity APIs should be the sole source of Doximity user data.
  6. Show the agreement screen in its own window. The user agreement page where the user grants access to their Doximity account must be presented in a browser window where the URL is clearly visible - it cannot be iframed into the current page. We want it to be clear to the user that the URL is doximity.com
  7. Don’t provide API access to your customres: The use of the Doximity APIs cannot be provided as a feature of your product - we require a direct relationship with any application making API calls.

Dox Etiquette

Here are some rules to keep the use of the APIs running smoothly and efficiently.

  1. If you have a lot of calls to make, submit them over a period of time. Spacing out your API calls to the extent possible - without hurting user experience - will optimize API performance for you and all other developers.
  2. Ask for only the minimum data fields that your application needs to function properly; asking for only necessary fields will result in faster performance times - for you, and for us!

Data Storage

Doximity users own their data and must control it. We ask that you not store the data we return in an API call to respect our users. Here are the details:

  1. You cannot store any data your receive from Doximity APIs with the exception of User IDs you receive.
  2. The exception: you may store the profile of a user if you specifically ask the profile owner to store his/her profile and make it clear that you intend to store it. In this situation, you can only store the data of the person that has granted access, not the data of the person’s colleagues or network.
  3. Doximity data is not transferable.
  4. Content obtained through the Login with Doximity Plugin should not be used to create profiles on your own or a third party site/service/application.

Advertising & Promotions

  1. Doximity data should not be used to determine whether/which ads and promotions should be displayed.
  2. Doximity data should not be used to determine ad/promotion content.
  3. Doximity data cannot be used within an ad.
  4. Ads should not be inserted into displayed Doximity content (profiles, etc.). We want it to be clear to users whether content is coming from Doximity or from your application.

Revenue & Charging

This one is simple: you cannot charge our users for access to Doximity or data imported from Doximity using the API

Attributing content to Doximity

Following these guidelines will help us make sure that our users know where content is coming from.

  1. Use the “d” icon or the Doximity name in text to attribute information to Doximity.
  2. When you display a profile, iRounds post, colleague, groups, or any other Doximity information, in whole or part, it must be made clear that the information came from Doximity.
  3. When you display Doximity content, we ask that you include a link to the same content on Doximity.
  4. When displaying iRounds or groups content represent the post creator and discussion participants accurately; the viewer should be given the option to create a post, leave a comment, like or follow the post, or return to the site

Press and Public Mentions

Doximity does not systematically review and approve the use of our APIs. As such, we ask that you not make statements that indicate that there is a relationship between our companies or products if this is factually incorrect.

  1. Do not indicate that there is any business relationship or partnership of any kind between your company and Doximity.
  2. Do not indicate that your integration is endorsed by Doximity in any way.
  3. Do not include the Doximity name or brand on your partner pages.
  4. Do not indicate that using our APIs gives you visibility or access to the entire Doximity user base or portions of it beyond the user’s own network. No single user has complete visibility to all Doximity data through the APIs - we don’t want there to be any confusion on this.
  5. Do not indicate that your integration allows any user to circumvent Doximity website requirements for visibility or access - our API Terms of Use does not allow for this capability to be built in.

Brand Mark Use

Here is how to use Doximity Brand Marks. Doximity Marks includes any element of the Doximity brand, including the Doximity name, logo, and “d” icon. Other versions of the Doximity brand representation should not be used.

All permitted uses of the Doximity Marks must conform to these guidelines:

  1. Use the iconic “d” graphic to indicate Doximity features where a short, graphical element is required. Do not use the full Doximity logo here.
  2. Use the name “Doximity” in text where you want to refer to the full name. Do not use the Doximity logo.