What are webhooks?

If you’re unfamiliar with webhooks, they are a type of API where we push data to your app instead of you pulling it from Fullscript. To do this, you add a web-accessible endpoint to your app (for example https://example.com/myapp/fullscript-webhook) and register that url with us. You tell us which events you want to know about. When any of those events happen, we’ll reach out to your endpoint and give you a payload with the data about the event.

So for example, when a practitioner activates a treatment plan, our webhooks notify your app about it. And you get all the details of the new treatment plan.


Our webhooks include special security features that let your app ascertain a payload is coming from us before acting on it.

Webhook events are sent to your registered application endpoint if and only if:

  1. Your application didn’t directly cause the event by calling our REST APIs
  2. AND, you currently have at least one valid (not revoked) OAuth access token
  3. AND, that token has the correct scopes needed for the event that happened

Find more information on webhooks in this how-to guide, and in our reference docs.


It’s worth reiterating that webhooks are triggered for actions a practitioner takes through the Fullscript Redirect URL. But they’re not triggered for anything you do specifically through the REST API. For example, if you use the patients endpoint to update the spelling of a Fullscript patient’s name, we won’t alert you of this since we’re pretty sure you already know!