The API Report CardAPI Index
Medrio

Medrio API

Healthcare/EHR (eClinical / EDC for clinical trials) · medrio.com

Medrio exposes three REST surfaces: the Connect API with public Swagger docs, the mSource API (v1 and v2) for eCOA capture, and a legacy export API behind the customer portal. Auth is OAuth 2.0, but production access requires customer or partner enablement rather than self serve signup.

Last verified: July 2026Healthcare
API GRADE
D+
VERIFIED JUL 2026

SCORECARD

ExistenceGOODThree documented REST surfaces, including public Swagger OpenAPI 3 docs at connectapi.medrio.com; gating affects credentials only.
AccessMIXEDAccess requires customer enablement or the CRO Partner Program; no self-serve signup, though credentialed partners get sandboxes.
CoveragePOORExport oriented: study, subject, form, and audit data comes out, but labs have no bi-directional API, only file loaders.
AuthGOODOAuth 2.0 bearer tokens from Medrio's identity provider; requests also carry an X-Medrio-ClientInfo header with an install ID.
Docs & DXPOORRate limit semantics are undocumented, the legacy export API docs sit behind a customer login, and docs span three surfaces.
StabilityMIXEDmSource V1 and V2 run in parallel, so integrators track two surfaces and Medrio's deprecation timing themselves.
Supergood: Medrio has an API, but using it means gates, contracts, or workarounds. Ours doesn't: stable endpoints, normalized JSON, managed auth.

Frequently asked questions

Medrio scores D+ on the API Report Card. Medrio exposes three REST surfaces: the Connect API with public Swagger docs, the mSource API (v1 and v2) for eCOA capture, and a legacy export API behind the customer portal. Auth is OAuth 2.0, but production access requires customer or partner enablement rather than self serve signup.

Tried to integrate with Medrio?
SOURCES
API access is gated through partner / Professional Services enablement; there is no fully self-serve public developer signup at the level of Castor or open SaaS APIs medrio.com
The mSource API requires the X-Medrio-ClientInfo header (with app name, build version, install ID) on every call; missing/malformed headers reject the request and clients must implement install-ID generation and persistence esource.medrio.com
Two parallel mSource API versions (V1 and V2) are supported simultaneously, forcing integrators to track both surfaces and Medrio's deprecation timing esource.medrio.com
Data-submission endpoints require unique batch IDs for idempotency, clients that mis-handle retries can create duplicate subject records or silently drop forms esource.medrio.com
Rate-limit semantics are not publicly documented in the mSource or Connect API help, so integrators discover throttling behavior empirically in production connectapi.medrio.com
Reviewer requests for richer lab integration imply file-based lab loaders rather than a documented bi-directional Lab API, pushing custom integration onto the customer capterra.com
The legacy Export API documentation sits behind a customer-portal login (identity.medrio.com OAuth gate), making it harder for third-party developers and Supergood-style observability vendors to inspect without an authorized Medrio tenant community.medrio.com
ISV-built connectors (e.g. BA Insight's Medrio-to-Veeva-Vault-CTMS connector) exist because writing the Medrio<>Veeva integration from scratch is non-trivial, strong tell that the API surface has real implementation friction bainsight.com
Reporting features are limited and not as advanced or intuitive as users expect; many teams export to Excel or a warehouse for real analysis g2.com
Lab integration is the most-requested missing capability, users want native bi-directional integration with central and local labs instead of file-based imports capterra.com
Server latency / slow page loads even on fast connections, particularly under heavy form complexity g2.com
No native invoicing / study-financials module, sponsors and CROs still track study finances in spreadsheets or external systems capterra.com
Study-build flexibility hits walls on more complex protocols, adaptive designs, complex randomization, and dynamic edit-check logic require workarounds softwareadvice.com
UI feels dated relative to newer entrants (Castor, TrialKit); some workflows require more clicks than expected for site users g2.com
Documentation gaps for some advanced configuration and API workflows, users report needing to escalate to Medrio Professional Services capterra.com