GETTING STARTED

Get started with Fullscript APIs

introduction

What is Fullscript?

Integration options

Sign up for API key

For AI

HOW TO GUIDES

How-to guides

OAuth overview

OAuth overview

using OAuth

Setup

Request an auth code

Request an access token

Refresh an access token

Revoke an access token

Events overview

For AI

Use this page when you (or an AI coding assistant) are integrating with Fullscript APIs. It lists canonical sources, a recommended reading order, and a copy-paste context block you can drop into any LLM session.

Canonical machine-readable sources

Fetch these URLs directly—do not rely on scraped HTML from the doc portal:

  • OpenAPI spec: https://us.fullscript.com/docs/api/open-api/v1/openapi.json
  • Doc index for LLMs: /llms.txt
  • Technical reference: /technical-reference
  • Integration environments: /integration-environments.json
  • Agent pointer: /agents.md

Environments and URLs

Use these hosts for all OAuth and REST API calls. The same values are published at /integration-environments.json for tools and agents.

EnvironmentAPI baseOAuth authorize (browser redirect)OAuth token
US Sandboxhttps://api-us-snd.fullscript.io/apihttps://api-us-snd.fullscript.io/api/oauth/authorizehttps://api-us-snd.fullscript.io/api/oauth/token
Canada Sandboxhttps://api-ca-snd.fullscript.io/apihttps://api-ca-snd.fullscript.io/api/oauth/authorizehttps://api-ca-snd.fullscript.io/api/oauth/token
US Productionhttps://api-us.fullscript.com/apihttps://api-us.fullscript.com/api/oauth/authorizehttps://api-us.fullscript.com/api/oauth/token
Canada Productionhttps://api-ca.fullscript.com/apihttps://api-ca.fullscript.com/api/oauth/authorizehttps://api-ca.fullscript.com/api/oauth/token

Choose an integration path

Fullscript offers two primary product integrations plus shared REST APIs:

  1. Fullscript Embed — embed the Fullscript UI in your app (fastest path).
  2. Fullscript Redirect — open Fullscript in a new tab for treatment-plan workflows.
  3. REST API — custom backends; all paths require OAuth 2.0 (authorization code flow).

See Integration options for a full comparison.

Authentication essentials

  • Register in the API Dashboard and create an application to obtain client_id and client_secret.
  • Use the authorization code grant; exchange the code for a Bearer access token within 10 minutes.
  • Use the environments table above (or /integration-environments.json) for api_base, oauth_authorize, and oauth_token per region.
  • Each practitioner or staff member needs their own OAuth token for clinic-scoped API calls.

Step-by-step OAuth: SetupAuth codeAccess tokenRefresh.

For a first integration (custom REST + webhooks), read in this order:

  1. What is Fullscript?
  2. Sign up for an API key
  3. OAuth overview
  4. OAuth setup
  5. Request an auth code
  6. Request an access token
  7. Technical reference: Pagination (if present in spec)
  8. Webhooks overview
  9. Webhook security
  10. OpenAPI spec for endpoints you will call

For Embed or Redirect, follow the dedicated how-to guide after OAuth setup.

Common pitfalls for AI-generated code

  • Wrong base URL — use sandbox hosts during development; production requires an approved application.
  • Expired auth codes — exchange within 10 minutes of the redirect.
  • Missing Bearer headerAuthorization: Bearer <access_token> on API calls (not Basic auth with client secret).
  • Webhook verification — verify the Fullscript-Signature HMAC header; see webhook security.
  • Commercial approval — some endpoints are marked restricted in the technical reference (x-requires-commercial-approval in OpenAPI).
  • This dashboard’s /api/dashboard routes — those are for the API Dashboard web app only, not the public partner API.

Copy-paste context for an LLM session

Paste the block below into ChatGPT, Claude, Cursor, or similar tools when starting integration work (URLs use your current doc portal origin):

# Fullscript API integration context You are helping integrate with the Fullscript partner REST API and related products (Embed, Redirect). ## Sources (fetch these; prefer over HTML scraping) - OpenAPI: https://us.fullscript.com/docs/api/open-api/v1/openapi.json - Doc index: https://fullscript.dev/llms.txt - Environments JSON: https://fullscript.dev/integration-environments.json - Human docs: https://fullscript.dev/docs/getting-started/for-ai/overview ## Auth (OAuth 2.0 authorization code) - client_id + client_secret from Fullscript API Dashboard - Authorize (browser redirect, US sandbox): https://api-us-snd.fullscript.io/api/oauth/authorize - Token (US sandbox): POST https://api-us-snd.fullscript.io/api/oauth/token - API base (US sandbox): https://api-us-snd.fullscript.io/api - Canada sandbox API base: https://api-ca-snd.fullscript.io/api - API calls: Authorization: Bearer <access_token> - Auth codes expire in 10 minutes; exchange via POST /oauth/token with grant_type authorization_code ## Integration options - Fullscript Embed (@fullscript/fullscript-js) or Redirect (new tab) OR direct REST - Webhooks: verify Fullscript-Signature HMAC header ## Do not use - /api/dashboard/* routes (internal API Dashboard BFF only) - Hosts from OpenAPI "localhost" servers entries (local dev only)
tip
tip

Bookmark /llms.txt for an up-to-date list of documentation pages on this portal.

Sign up for an API keyHow-to guides

ON THIS PAGE

Canonical machine-readable sources
Environments and URLs
Choose an integration path
Authentication essentials
Recommended reading order
Common pitfalls for AI-generated code
Copy-paste context for an LLM session

RELATED TOPICS