All top-level list endpoints can be paginated. They return a meta
tag that contains all pagination data.
Example Request
curl "https://api-us-snd.fullscript.io/api/clinic/patients?page[number]=2&page[size]=20" \
-H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'
Example Response
{
"patients": [
{...}
],
"meta": {
"current_page": 2,
"next_page": null,
"prev_page": 1,
"total_pages": 2,
"total_count": 40
}
}
The maximum page size is 100.
All API requests sent will respond with an X-Request-Id in its response header. This value uniquely identifies each request. If you are having trouble with a particular request please provide the X-Request-Id identifier for the fastest possible resolution.
Example
'x-request-id: 06ded6a2-cb35-43e7-9f83-a4b705e3e588'
The API version you use controls the behaviour of the API. The first time you register to use Fullscript's API you will be assigned the latest version.
The current version for Fullscript's API is Version 2. If we ever make a breaking change to the API we will release a new dated patch_version
with the new behaviour. We do this to avoid breaking any of your code. It's up to you to upgrade if / when you want to.
The latest patch_version
is 2020-02-14
.
The Fullscript API considers the following changes to be backwards compatible (ie. non-breaking changes).
The Fullscript API has safeguards to limit the number of requests that can be made in a given timeframe. This helps maximize the API's stability and reliability when dealing with bursts of incoming traffic.
The current rate limit (across all API endpoints) is 5000 requests in a rolling 5m period.
Applications that send many requests in quick succession may see error responses.
No arguments...
GET
curl "https://api-us-snd.fullscript.io/api/clinic/staff" \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'
email
string
REQUIRED
Unique Email for the staff member
first_name
string
REQUIRED
Staff member's first name
last_name
string
REQUIRED
Staff member's last name
metadata
object
Metadata to be attached to the staff member.
id
string
Your system's unique staff identifier.
POST
curl -X 'POST' "https://api-us-snd.fullscript.io/api/clinic/staff" \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX' \
-d $'{
"email": "string",
"first_name": "string",
"last_name": "string",
"metadata": {
"id": "string"
}
}'
id
string
REQUIRED
Unique ID for the staff member
GET
curl "https://api-us-snd.fullscript.io/api/clinic/staff/{id}" \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'
id
string
REQUIRED
Unique Identifier for the staff member
email
string
Unique Email for the staff member
first_name
string
Staff member's first name
last_name
string
Staff member's last name
metadata
object
Metadata to be attached to the staff member.
id
string
Your system's unique staff identifier.
PATCH
curl -X 'PATCH' "https://api-us-snd.fullscript.io/api/clinic/staff/{id}" \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX' \
-d $'{
"email": "string",
"first_name": "string",
"last_name": "string",
"metadata": {
"id": "string"
}
}'
No arguments...
GET
curl "https://api-us-snd.fullscript.io/api/clinic/practitioners" \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'
practitioner_type_id
string
REQUIRED
Unique Identifier for the Practitioner's Type
email
string
REQUIRED
Unique Email for the Practitioner
first_name
string
REQUIRED
Practitioner's first name
last_name
string
REQUIRED
Practitioner's last name
metadata
object
Metadata to be attached to the practitioner.
id
string
Your system's unique practitioner identifier.
POST
curl -X 'POST' "https://api-us-snd.fullscript.io/api/clinic/practitioners" \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX' \
-d $'{
"practitioner_type_id": "string",
"email": "string",
"first_name": "string",
"last_name": "string",
"metadata": {
"id": "string"
}
}'
id
string
REQUIRED
Unique ID for the Practitioner
GET
curl "https://api-us-snd.fullscript.io/api/clinic/practitioners/{id}" \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'
id
string
REQUIRED
Unique Identifier for the Practitioner
email
string
Unique Email for the Practitioner
first_name
string
Practitioner's first name
last_name
string
Practitioner's last name
metadata
object
Metadata to be attached to the practitioner.
id
string
Your system's unique practitioner identifier.
PATCH
curl -X 'PATCH' "https://api-us-snd.fullscript.io/api/clinic/practitioners/{id}" \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX' \
-d $'{
"email": "string",
"first_name": "string",
"last_name": "string",
"metadata": {
"id": "string"
}
}'
sort_by
string
Accepts a name
argument.
order_by
string
Can take an argument of ASC
or DESC
.
GET
curl "https://api-us-snd.fullscript.io/api/clinic/fullscript_protocols" \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'
practitioner_id
string
REQUIRED
Unique ID for the Practitioner
current_state
string
Takes an argument of active
, draft
or cancelled
to return active
, draft
or cancelled
protocols.
sort_by
string
Accepts one of the following arguments: name
or current_state
.
order_by
string
Ordering defaults to ASC
and can take an argument of ASC
or DESC
.
ownership_type
string
Takes an argument of owned
, shared
or all
to return only protocols created by the practitioner, only protocols shared with the practitioner, or both protocols created by and shared with the practitioner, respectively. If this argument is not included, only protocols created by the practitioner are returned.
GET
curl "https://api-us-snd.fullscript.io/api/clinic/practitioners/{practitioner_id}/protocols" \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'
id
string
REQUIRED
Unique identifier of the protocol.
GET
curl "https://api-us-snd.fullscript.io/api/clinic/protocols/{id}" \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'
practitioner_id
string
REQUIRED
Unique ID for the Practitioner
GET
curl "https://api-us-snd.fullscript.io/api/clinic/practitioners/{practitioner_id}/templates" \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'
id
string
REQUIRED
Unique identifier of the Template.
GET
curl "https://api-us-snd.fullscript.io/api/clinic/templates/{id}" \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'
Metadata allows you to update specific objects in Fullscript with an ID of your choosing. Currently we support updating Patient, Practitioner, Staff, and TreatmentPlan objects with metadata.
Metadata is useful for storing identifiers from your system into Fullscript — making it easier to link up users from your system into ours. For example, you could use metadata to attach your system's user ID to a Practitioner or Patient. Then using the metadata endpoint you can retrieve that same object using the ID's from your system.
id
string
Your system's identifier.
type
object
The type of object. Can be one of patient
, practitioner
, staff
, or treatment_plan
.
GET
curl "https://api-us-snd.fullscript.io/api/clinic/metadata" \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'
No arguments...
GET
curl "https://api-us-snd.fullscript.io/api/clinic/patients" \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'
email
string
REQUIRED
Unique Email for the Patient
first_name
string
REQUIRED
Patient's first name
last_name
string
REQUIRED
Patient's last name
date_of_birth
string
Patient's date of birth in the format yyyy-mm-dd
gender
string
Biological sex of the patient. Valid options are 'male', 'female', or 'x'.
mobile_number
string
Patient's mobile number in the format +12223334444
send_welcome_email
string
Sends a welcome email to the patient upon successful creation. Defaults to true.
discount
string
Patient discount level (in percentage). This discount does not include the clinic discount. Defaults to 0.
metadata
object
Metadata to be attached to the patient.
id
string
Your system's unique patient identifier.
POST
curl -X 'POST' "https://api-us-snd.fullscript.io/api/clinic/patients" \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX' \
-d $'{
"email": "string",
"first_name": "string",
"last_name": "string",
"date_of_birth": "string",
"gender": "string",
"mobile_number": "string",
"send_welcome_email": "string",
"discount": "string",
"metadata": {
"id": "string"
}
}'
id
string
REQUIRED
Unique ID for the Patient
GET
curl "https://api-us-snd.fullscript.io/api/clinic/patients/{id}" \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'
id
string
REQUIRED
Unique ID for the Patient
email
string
Unique Email for the Patient
first_name
string
Patient's first name
last_name
string
Patient's last name
date_of_birth
string
Patient's date of birth in the format yyyy-mm-dd
gender
string
Biological sex of the patient. Valid options are 'male', 'female', or 'x'.
mobile_number
string
Patient's mobile number in the format +12223334444
discount
string
Patient discount level (in percentage). This discount does not include the clinic discount. Defaults to 0.
metadata
object
Metadata to be attached to the patient.
id
string
Your system's unique patient identifier.
PATCH
curl -X 'PATCH' "https://api-us-snd.fullscript.io/api/clinic/patients/{id}" \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX' \
-d $'{
"email": "string",
"first_name": "string",
"last_name": "string",
"date_of_birth": "string",
"gender": "string",
"mobile_number": "string",
"discount": "string",
"metadata": {
"id": "string"
}
}'
query
string
Search for patients matching a query string.
GET
curl "https://api-us-snd.fullscript.io/api/clinic/search/patients" \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'
patient_id
string
REQUIRED
Unique ID for the patient.
GET
curl "https://api-us-snd.fullscript.io/api/clinic/patients/{patient_id}/addresses" \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'
patient_id
string
Filter orders by patient_id
.
treatment_plan_id
string
Filter orders by treatment_plan_id
.
completed_at
string
Filter orders by completed_at
. The date must be formatted as follows yyyy-mm-dd
.
completed_at
date is less than. <yyyy-mm-dd
.completed_at
date is greater than. >yyyy-mm-dd
.completed_at
date is with in a range. yyyy-mm-dd..yyyy-mm-dd
.order_number
string
Filter orders by order_number
.
sort_by
string
Accepts one of the following arguments: patient_id
, treatment_plan_id
, completed_at
and order_number
.
order_by
string
Ordering defaults to ASC
and can take an argument of ASC
or DESC
.
GET
curl "https://api-us-snd.fullscript.io/api/clinic/orders" \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'
id
string
REQUIRED
Unique identifier of the Order.
GET
curl "https://api-us-snd.fullscript.io/api/clinic/orders/{id}" \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'
patient_id
string
REQUIRED
Unique ID for the Patient
GET
curl "https://api-us-snd.fullscript.io/api/clinic/patients/{patient_id}/orders" \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'
treatment_plan_id
string
REQUIRED
Unique ID for the Treatment plan.
PATCH
curl -X 'PATCH' "https://api-us-snd.fullscript.io/api/clinic/treatment_plans/{treatment_plan_id}/activate" \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'
treatment_plan_id
string
REQUIRED
Unique ID for the Treatment plan.
PATCH
curl -X 'PATCH' "https://api-us-snd.fullscript.io/api/clinic/treatment_plans/{treatment_plan_id}/cancel" \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'
patient_id
string
REQUIRED
Unique ID for the Patient
sort_by
string
Accepts one of the following arguments: created_at
or updated_at
.
order_by
string
Ordering defaults to ASC
and can take an argument of ASC
or DESC
.
GET
curl "https://api-us-snd.fullscript.io/api/clinic/patients/{patient_id}/treatment_plans" \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'
patient_id
string
REQUIRED
Unique ID for the Patient.
practitioner_id
string
Unique practitioner ID. Required if the current access token's resource owner type is Staff
or Clinic
. Otherwise defaults to the practitioner who owns the token, but can be specified to create the plan on behalf of a different practitioner.
personal_message
string
A personal message that a practitioner can attach to the treatment plan.
state
string
The state of the treatment plan. Takes an option of draft
or active
. Defaults to active if null. The value draft
allows to create a draft treatment plan. The value active
or null creates an active treatment plan.
recommendations
array
REQUIRED
Rx plan for a product.
variant_id
string
REQUIRED
Unique ID for the Variant.
units_to_purchase
string
REQUIRED
Quantity (number of units) of variant to recommend.
refill
string
Send refill reminders?
dosage
object
Dosage information for the for the recommednation.
amount
string
The dose to take. Expects numbers but can include a range or a fraction (e.g. 1
, or 1-2
, or 1/2
are all valid).
frequency
string
The frequency with which to take the dose. This can be any of the following strings: once per day
, twice per day
, three times per day
, four times per day
, every morning
, or every night
.
duration
string
The period for which to take the dose. This can be the number of days (e.g. 120
for 4 months
) or it can be any of the following strings: as needed
, until symptoms resolve
, or ongoing
.
additional_info
string
Extra instructions for taking dose (e.g. With meals).
format
string
Format of the recommended dose. This can be any of the following strings: capsule
, chewable
, gel
, liquid
, lozenge
, packet
, pellet
, drops
, powder
, strip
, suppository
, or tablet
.
metadata
object
Metadata to be attached to the treatment_plan.
id
string
Your system's unique treatment_plan identifier.
POST
curl -X 'POST' "https://api-us-snd.fullscript.io/api/clinic/patients/{patient_id}/treatment_plans" \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX' \
-d $'{
"practitioner_id": "string",
"personal_message": "string",
"state": "string",
"recommendations": [
{
"variant_id": "string",
"units_to_purchase": "string",
"refill": "string",
"dosage": {
"amount": "string",
"frequency": "string",
"duration": "string",
"additional_info": "string",
"format": "string"
}
}
],
"metadata": {
"id": "string"
}
}'
id
string
REQUIRED
Unique ID for the Treatment Plan
GET
curl "https://api-us-snd.fullscript.io/api/clinic/treatment_plans/{id}" \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'
id
string
REQUIRED
Unique ID for the Treatment plan.
personal_message
string
A personal message that a practitioner can attach to the treatment plan.
recommendations
array
REQUIRED
Rx plan for a product.
variant_id
string
REQUIRED
Unique ID for the Variant.
units_to_purchase
string
REQUIRED
Quantity (number of units) of variant to recommend.
refill
string
Send refill reminders?
dosage
object
Dosage information for the for the recommednation.
amount
string
The dose to take. Expects numbers but can include a range or a fraction (e.g. 1
, or 1-2
, or 1/2
are all valid).
frequency
string
The frequency with which to take the dose. This can be any of the following strings: once per day
, twice per day
, three times per day
, four times per day
, every morning
, or every night
.
duration
string
The period for which to take the dose. This can be the number of days (e.g. 120
for 4 months
) or it can be any of the following strings: as needed
, until symptoms resolve
, or ongoing
.
additional_info
string
Extra instructions for taking dose (e.g. With meals).
format
string
Format of the recommended dose. This can be any of the following strings: capsule
, chewable
, gel
, liquid
, lozenge
, packet
, pellet
, drops
, powder
, strip
, suppository
, or tablet
.
metadata
object
Metadata to be attached to the treatment_plan.
id
string
Your system's unique treatment_plan identifier.
PATCH
curl -X 'PATCH' "https://api-us-snd.fullscript.io/api/clinic/treatment_plans/{id}" \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX' \
-d $'{
"personal_message": "string",
"recommendations": [
{
"variant_id": "string",
"units_to_purchase": "string",
"refill": "string",
"dosage": {
"amount": "string",
"frequency": "string",
"duration": "string",
"additional_info": "string",
"format": "string"
}
}
],
"metadata": {
"id": "string"
}
}'
The in_office_checkout
object takes a treatment_plan
. It uses the patient from the treatment_plan
to:
a) clear out anything in the patient's cart.
b) populate the patient's cart with the treatment plan.
c) return a url on Fullscript so that a practitioner can fullfill an in-office checkout.
treatment_plan_id
string
REQUIRED
Unique ID for the Treatment Plan
POST
curl -X 'POST' "https://api-us-snd.fullscript.io/api/clinic/treatment_plans/{treatment_plan_id}/in_office_checkout" \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'
No arguments...
GET
curl "https://api-us-snd.fullscript.io/api/clinic/dynamic_links/treatment_plans" \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'
Returns a redirect_url
for a draft treatment. It will optionally find or create a patient for use in the treatment plan.
You must have the patients:write
OAuth scope if the request you make creates a patient. To access the endpoint you must also have the clinic:write
OAuth scope.
treatment_plan
object
REQUIRED
Treatment plan information for dynamic link.
practitioner_id
string
REQUIRED
Practitioner's id used to create the draft treatment_plan
.
patient
object
Find or create a Patient.
email
string
Unique Email for the Patient.
first_name
string
Patient's first name.
last_name
string
Patient's last name.
date_of_birth
string
Patient's date of birth in the format yyyy-mm-dd
.
gender
string
Biological sex of the patient. Valid options are 'male', 'female', or 'x'.
mobile_number
string
Patient's mobile number in the format +12223334444
.
discount
string
Patient discount level (in percentage). This discount does not include the clinic discount. Defaults to 0.
send_welcome_email
string
Sends a welcome email upon successful patient creation and treatment plan creation. Defaults to true.
POST
curl -X 'POST' "https://api-us-snd.fullscript.io/api/clinic/dynamic_links/treatment_plans" \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX' \
-d $'{
"treatment_plan": {
"practitioner_id": "string"
},
"patient": {
"email": "string",
"first_name": "string",
"last_name": "string",
"date_of_birth": "string",
"gender": "string",
"mobile_number": "string",
"discount": "string",
"send_welcome_email": "string"
}
}'
id
string
REQUIRED
Unique ID for the Treatment Plan
GET
curl "https://api-us-snd.fullscript.io/api/clinic/dynamic_links/treatment_plans/{id}" \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'
No arguments...
GET
curl "https://api-us-snd.fullscript.io/api/catalog/products" \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'
id
string
REQUIRED
Unique identifier for the Product
practitioner_id
string
Unique Practitioner ID. Include to retrieve a specific practitioner's custom dosage instructions for the product. Defaults to the practitioner who owns current access token, if applicable (access token's resource owner type is Practitioner
). Custom dosage is returned in the custom_dosage
object.
GET
curl "https://api-us-snd.fullscript.io/api/catalog/products/{id}" \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'
product_id
string
REQUIRED
Unique identifier for the Product
GET
curl "https://api-us-snd.fullscript.io/api/catalog/products/{product_id}/similar" \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'
category_id
string
REQUIRED
Unique ID for the Category
GET
curl "https://api-us-snd.fullscript.io/api/clinic/categories/{category_id}/products" \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'
id
string
REQUIRED
Unique identifier of the Category.
GET
curl "https://api-us-snd.fullscript.io/api/clinic/categories/{id}" \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'
This resource allows you to search for products using Fullscript's elasticsearch implementation. This endpoint takes into consideration brand segmentation (not all clinics have access to all brands) and will only show products and brands that your clinic has available to them.
Note: Filter arguments that accept an array can be specified in the query string like this:
?allergen_ids[]=id_1&allergen_ids[]=id_2
query
string
Search for products matching a query string.
allergen_ids
string
Provide an array of allergen ids to filter results.
brand_id
string
Search for products by brand_id.
ingredient_ids
string
Provide an array of ingredient ids to filter results.
supplement_type_ids
string
Provide an array of supplement type ids to filter results.
third_party_certification_ids
string
Provide an array of third party certification ids to filter results.
GET
curl "https://api-us-snd.fullscript.io/api/catalog/search/products" \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'
Attributes about a product as they relate specifically to ingredients known to cause allergic reactions / ingredients known to want to be avoided (e.g. 'Peanut free'). They are not attested by third parties.
The allergen
object contains details for all allergens listed on the Fullscript platform. The API allows you to list all allergens and find individual allergens.
No arguments...
GET
curl "https://api-us-snd.fullscript.io/api/catalog/allergens" \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'
id
string
REQUIRED
Unique ID for the allergen
GET
curl "https://api-us-snd.fullscript.io/api/catalog/allergens/{id}" \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'
available
string
Takes an argument of true
to return brands that have available products.
clinic_permitted
string
Takes an argument of true
to return brands the current clinic has access to.
GET
curl "https://api-us-snd.fullscript.io/api/catalog/brands" \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'
No arguments...
GET
curl "https://api-us-snd.fullscript.io/api/catalog/ingredients" \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'
id
string
REQUIRED
Unique ID for the ingredient
GET
curl "https://api-us-snd.fullscript.io/api/catalog/ingredients/{id}" \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'
No arguments...
GET
curl "https://api-us-snd.fullscript.io/api/catalog/supplement_types" \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'
id
string
REQUIRED
Unique ID for the supplement type
GET
curl "https://api-us-snd.fullscript.io/api/catalog/supplement_types/{id}" \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'
Third party certifications are product level filters that are assessed by a party external to the manufacturer (e.g. 'Certified Halal').
The third party certification
object contains details for all third party certifications listed on the Fullscript platform.
The API allows you to list all third party certifications and find individual third party certifications.
No arguments...
GET
curl "https://api-us-snd.fullscript.io/api/catalog/third_party_certifications" \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'
id
string
REQUIRED
Unique ID for the third party certification
GET
curl "https://api-us-snd.fullscript.io/api/catalog/third_party_certifications/{id}" \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'
id
string
REQUIRED
Unique identifier for the Variant.
GET
curl "https://api-us-snd.fullscript.io/api/catalog/variants/{id}" \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'
Webhooks allow your application to stay informed with what’s happening on Fullscript. You can subscribe to events and be notified when they happen. Let’s say one of your clinics updates a patient or creates a treatment plan; webhooks allow you to know about those events and take action if needed.
You can register a single webhook URL through the API Dashboard and subscribe to multiple event types.
When the event occurs—say a treatment plan is created, a patient is updated, or a clinic key is revoked, etc.—Fullscript creates an Event
. This Event
contains all the relevant information about what just happened. It includes the event's type (ex: treatment_plan.created
) and any relevant data to that event.
Once the event is created, Fullscript will send out a payload with the event data via an HTTP POST request to the webhook url that you defined in your account. Note that we only send events to a single endpoint per environment.
Webhooks are configured through the API Dashboard. For each environment that you have setup, you can enter a URL to receive events. This should be a dedicated URL on your server that is setup to receive webhook notifications.
All urls need to use HTTPS. We will validate that your connection is secure and HIPAA compliant before sending any webhook data. For this to work, your server needs to be setup to support HTTPS with a valid certificate.
To acknowledge that you received a webhook notification, your endpoint needs to respond with either a 200
or 201
HTTP status code. Any response codes outside of this range will tell us that the webhook has not been received and will be treated as a failure.
Your endpoint's body must also respond with your challenge token (available in the API Dashboard). This is a security measure to ensure that you own the url in question and it hasn't been hijacked. A successful response could look something like this:
HTTP 200 OK
Content-type: application/json
{ "challenge": "your-secret-challenge-token" }
We will attempt to deliver your webhooks up to 6 times with exponential back off. Webhooks cannot manually be retried, however you can make a query to the events endpoint to reconcile data in case of any missed events.
We will attempt to send event deliveries in order, however that is not a guarantee. We will also attempt to deliver webhooks within 30 minutes from when the event was created. In most cases however, this should be close to instantaneous.
The webhook deliveries endpoint has all the information you need to check how many times we’ve attempted to deliver an event, what the response received was, the status code, and other relevant information.
We set aggressive time-outs for webhook deliveries. If you have to do a bunch of complex logic with the event data, or need to make network requests, it’s possible that the delivery attempt will time-out before we receive a 2xx
HTTP status code. To mitigate this, you may want to respond immediately with a 2xx
HTTP status code, and then perform your complex logic afterwards.
Each event payload comes with both a clinic_id
and an integration_id
(if relevant). The clinic key is the unique identifier for the clinic. Any clinic events (patient, practitioner, treatment plan, etc.) will be scoped to that clinic through the clinic_id
.
Because it's possible for clinics to have multiple integrations enabled, the exact same events will be sent for each integration that a clinic has enabled with you. To mitigate unwanted duplication of events, the integration has to be activated before any webhook events will be sent. This means that it’s been used as least once with a valid X-FS-Clinic-Key
and the key has not been revoked. The integration_id
allows you to scope events to the relevant integration that is enabled.
Both the clinic_id
and integration_id
can be retrieved through the API at the clinic endpoint.
In some circumstances we will disable your endpoint and stop trying to deliver events to it. This can happen when: we receive a 410
HTTP status code or if the delivery attempts are consistently failing for more than 24 hours. In that case your webhook endpoint may be disabled and we will no longer send events to that url.
Re-enabling a disabled webhook can be done through the API Dashboard once you have resolved the issues.
You can see the status (both failed and successful delivery attempts) through the webhook deliveries endpoint.
Webhook events follow the same logic as our versioning scheme in the API and it respects the patch_version
that you’re on.
Fullscript-Signature
headerFullscript sends a header in the webhook request that can be used in conjunction with your Webhook Secret Key
to verify the payload. Here is an example of the header:
Fullscript-Signature: t=1591826856,v1=0c262932b0ac6b4952e2fe24fdf419313984a66f6f442e0b8ec4cb87f2a107ad
This represents the format: t=<timestamp>,v1=<signature>
The signature
is generated using a hash-based message authentication code (HMAC) with SHA-256.
This hash is generated using 3 things:
timestamp
request_body
(The POST message's JSON payload string)Webhook Secret Key
The timestamp
and request_body
are combined to create the payload provided to the hash function. The Webhook Secret Key
is used as the key.
The same hash can be computed and compared to the signature
to verify the request.
timestamp
and signature
from the header.payload
by combining the timestamp
and request_body
with a single .
Example: payload = '1591826856.{"event":{...<more_json>}}'
Webhook Secret Key
as the key. Use the payload
string as the message.signature
.Note: The timestamp is generated directly before we send the payload. It is included in the hash payload in order to help prevent replay attacks. We recommend using this to verify the age of a request with a reasonable tolerance. 5 minutes is usually a good default.
attempted_at
string
Filter by attempted_at
date. The date must be formatted as follows yyyy-mm-dd
.
attempted_at
date is less than. <yyyy-mm-dd
.attempted_at
date is greater than. >yyyy-mm-dd
.attempted_at
date is within a range. yyyy-mm-dd..yyyy-mm-dd
.event_id
string
Filter webhook deliveries by event_id
.
successfully_delivered
string
Filter webhook deliveries by whether they have been successfully delivered or not. Accepts a string of true
or false
sort_by
string
Accepts one of the following arguments: event_id
attempted_at
.
order_by
string
Ordering defaults to ASC
and can take an argument of ASC
or DESC
.
GET
curl "https://api-us-snd.fullscript.io/api/webhooks/deliveries" \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'
Events allow your integration to stay informed with what’s happening on Fullscript. Let’s say one of your clinics updates a patient, or creates a treatment plan. In each case an Event
will be created which allows you to take action if need be.
This Event
has all of the relevant information about what just happened. It includes the event's type (say treatment_plan.created
) and any relevant data to that event.
Note that we only keep a record of events for the past 30 days.
Also know that events are never created for actions made through the API. We assume that, since you initiated the event, you already know about it! 😀
This endpoint lists all clinic_key
events from the last 30 days.
A clinic_key.revoked
event happens when a clinic revokes access to your integration.
A clinic_key.activated
event happens when the first request is made through the API with a valid X-FS-Clinic-Key
—activating the integration.
created_at
string
Filter by created_at
date. The date must be formatted as follows yyyy-mm-dd
.
created_at
date is less than. <yyyy-mm-dd
.created_at
date is greater than. >yyyy-mm-dd
.created_at
date is within a range. yyyy-mm-dd..yyyy-mm-dd
.event_type
string
Filter events by event_type
.
sort_by
string
Accepts one of the following arguments: event_type
created_at
.
order_by
string
Ordering defaults to ASC
and can take an argument of ASC
or DESC
.
GET
curl "https://api-us-snd.fullscript.io/api/events/clinic_keys" \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'
id
string
REQUIRED
Unique identifier of the Event
GET
curl "https://api-us-snd.fullscript.io/api/events/{id}" \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'
created_at
string
Filter by created_at
date. The date must be formatted as follows yyyy-mm-dd
.
created_at
date is less than. <yyyy-mm-dd
.created_at
date is greater than. >yyyy-mm-dd
.created_at
date is within a range. yyyy-mm-dd..yyyy-mm-dd
.event_type
string
Filter events by event_type
.
sort_by
string
Accepts one of the following arguments: event_type
created_at
.
order_by
string
Ordering defaults to ASC
and can take an argument of ASC
or DESC
.
GET
curl "https://api-us-snd.fullscript.io/api/events/orders" \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'
created_at
string
Filter by created_at
date. The date must be formatted as follows yyyy-mm-dd
.
created_at
date is less than. <yyyy-mm-dd
.created_at
date is greater than. >yyyy-mm-dd
.created_at
date is within a range. yyyy-mm-dd..yyyy-mm-dd
.event_type
string
Filter events by event_type
.
sort_by
string
Accepts one of the following arguments: event_type
created_at
.
order_by
string
Ordering defaults to ASC
and can take an argument of ASC
or DESC
.
GET
curl "https://api-us-snd.fullscript.io/api/events/patients" \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'
This endpoint lists all product
events from the last 30 days.
A product.created
event happens when a product is created.
A product.updated
event happens when a product or one of its variants is updated.
A product.description.updated
event happens when a product's description is updated.
created_at
string
Filter by created_at
date. The date must be formatted as follows yyyy-mm-dd
.
created_at
date is less than. <yyyy-mm-dd
.created_at
date is greater than. >yyyy-mm-dd
.created_at
date is within a range. yyyy-mm-dd..yyyy-mm-dd
.event_type
string
Filter events by event_type
.
sort_by
string
Accepts one of the following arguments: event_type
created_at
.
order_by
string
Ordering defaults to ASC
and can take an argument of ASC
or DESC
.
GET
curl "https://api-us-snd.fullscript.io/api/events/products" \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'
This endpoint lists all treatment_plan
events from the last 30 days.
A treatment_plan.created
event happens when a Treatment Plan is created.
A treatmen_plan.updated
event happens when a Treatment Plan is updated.
A treatmen_plan.recommendation.updated
event happens when a Treatment Plan's recommendation is updated.
created_at
string
Filter by created_at
date. The date must be formatted as follows yyyy-mm-dd
.
created_at
date is less than. <yyyy-mm-dd
.created_at
date is greater than. >yyyy-mm-dd
.created_at
date is within a range. yyyy-mm-dd..yyyy-mm-dd
.event_type
string
Filter events by event_type
.
sort_by
string
Accepts one of the following arguments: event_type
created_at
.
order_by
string
Ordering defaults to ASC
and can take an argument of ASC
or DESC
.
GET
curl "https://api-us-snd.fullscript.io/api/events/treatment_plans" \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'