Fullscript API Reference

This is the RESTful API for the Fullscript Dispensary.

There are a couple endpoints available depending on your integration needs. We have separate accounts for the U.S. and Canada. Both have production environments, and we have one sandbox environment than can be used for testing either U.S. or Canada integrations.

Throughout the API documentation we use the sandbox environment for all the examples. The url will be different depending on which region / environment you want.

Root URLs

These are the urls available (dependent on your specific integration needs). Note that all calls to the API need to be made over https. Calls made over http will error.

U.S. API endpoint

  
    "https://api-us.fullscript.io/api/"

Canada API endpoint

  
    "https://api-ca.fullscript.io/api/"

U.S. Sandbox (Testing) API endpoint

  
    "https://api-us-snd.fullscript.io/api/"

Canada Sandbox (Testing) API endpoint

  
    "https://api-ca-snd.fullscript.io/api/"

🇺🇸 U.S. Production

https://api-us.fullscript.io/api/

🇨🇦 Canada Production

https://api-ca.fullscript.io/api/

💡🇺🇸 U.S. Sandbox (Testing)

https://api-us-snd.fullscript.io/api/

💡🇨🇦 Canada Sandbox (Testing)

https://api-ca-snd.fullscript.io/api/

OAuth Authentication

When developing a Fullscript integration, your app’s Fullscript API interactions are done on behalf of Fullscript users. Until your app is authorized by at least one Fullscript user, there’s very little you can do with our APIs. Fullscript uses the OAuth 2.0 protocol with role-based access control. So, one of the first things set up in your app is the OAuth flow.

We support the standard authorization code flow grant type. In this scheme, you obtain an authorization code from our API endpoint by asking each user to authorize your app to access their Fullscript private data. Your app then exchanges this authorization code for a secure access token that is used to access all the other APIs on behalf of the authorizing user.

Don’t worry if you’re not familiar with OAuth. We’ve got you covered with step-by-step instructions below.

Note: Applications created before August 26, 2021 use OAuth 2.0 with clinic level authorization instead of role-based access control. The sections below outline differences (if any) for apps using clinic level authorization. Look for note blocks like this one.

Getting started

To get started with OAuth you you need your App’s client ID (client_id) and client secret (client_secret). These identify to our server that your app’s requests are coming from you.

If you don’t already have an App created with Fullscript, sign in to the Fullscript API Dashboard and click Create Application (or continue to sign up if you’re brand new to us!). You’ll need an application name (currently used for your information only), and a redirect uri where we will send users once they have authorized your app’s request to access their Fullscript data.

Tip: Both the application name and redirect url can be edited later, so there’s no need to agonize over those decisions now.

To find your App’s client ID and client secret, locate your App in the Fullscript API Dashboard and click Show more details. Your client ID is at the top of the page, and your secret key is masked below it. Hover your mouse over the Reveal button to see and copy your secret key.

Tip: Your client secret is masked to remind you to keep this value a secret and handle it as you would handle any other important password.

By default, your application is set up to request only some basic read information from the user’s Fullscript data. Configure scopes next.

Scopes

Scopes limit which pieces of the user’s data you have access to, and what you can do with it.

When a user is authorizing your app’s access to Fullscript, they see the scopes you’ve set. It’s up to them to decide if they want to authorize access to these scopes. We suggest you limit your application to the scopes that you need rather than ask for read/write access to everything.

Use the Fullscript API Dashboard to configure the scopes needed for each App you create.

Important: Adding new scopes to your application invalidates access tokens (and respective refresh tokens) obtained with the previous scoping. API requests made with an invalidated token result in an unauthorized error. If you broaden scopes, update your app to prompt each user to re-authorize your application with the new scopes, then generate a new access token on their behalf.

Name	Description
`catalog:read`	Grants read-only access to the Fullscript catalog. This includes the brand, product, and variant endpoints. This is a default scope that all apps must request access to.
`clinic`
`clinic:read`	Grants read access to clinic’s account and practitioner information.
`clinic:write`	Grants access to a clinic’s account. Can add or edit users and can perform actions on behalf of the clinic's practitioners. When this scope is paired with `patients:read`, treatment plans can be created.
`patients`
`patients:read`	Grants access to read a patient’s data. This includes read access to any treatment plans made through the API. (Read access to treatment plans made through the Fullscript App, regardless of when they were created, requires the `patients:treatment_plan_history` scope.)
`patients:write`	Grants access to create and update a patient’s information.
`patients:treatment_plan_history`	Grants read access to a patient’s historical treatment plan data. Needed to access treatment plans created via the Fullscript App.
`patients:order_history`	Grants read access to a patient’s order history. Use this data to show patient adherence to the treatment plan.

OAuth Flow

Let’s take a closer look at the OAuth authorization code flow. It can be broken down into 3 steps.

Users grant access: Fullscript users (practitioners and office staff) are asked to grant your application access to their Fullscript account
Redirect back to your app: Fullscript redirects the user back to your site with a temporary auth code
Token exchange (the OAuth dance 🕺): Behind the scenes, your app exchanges the temporary auth code for an access token and can then access the Fullscript API

1. Users grant access

The first step is to add a place in your app where users will trigger the authorization process to connect their Fullscript account. Depending on your design, this can be a button in a special settings section, or it can be triggered via your app’s usual “add a Fullscript treatment plan” flow. For your convenience, we offer these pre-created button images that you can use.

When the link is clicked by a user who hasn’t completed authorization or doesn’t have a valid access or refresh token, redirect them to our OAuth page using one of the four urls below (depending where your App was created in the Fullscript API Dashboard).

Fullscript OAuth Authorization urls:

🇺🇸 U.S. Sandbox (testing)

https://us-snd.fullscript.io/oauth/authorize?client_id=YOUR_CLIENT_ID&redirect_uri=YOUR_APPLICATIONS_REDIRECT_URI&response_type=code

🇺🇸 U.S. Production

https://api-us.fullscript.io/oauth/authorize?client_id=YOUR_CLIENT_ID&redirect_uri=YOUR_APPLICATIONS_REDIRECT_URI&response_type=code

🇨🇦 Canada Sandbox (testing)

https://ca-snd.fullscript.io/oauth/authorize?client_id=YOUR_CLIENT_ID&redirect_uri=YOUR_APPLICATIONS_REDIRECT_URI&response_type=code

🇨🇦 Canada Production

https://api-ca.fullscript.io/oauth/authorize?client_id=YOUR_CLIENT_ID&redirect_uri=YOUR_APPLICATIONS_REDIRECT_URI&response_type=code

Be sure to include your App’s client_id and the exact same redirect_uri you configured through the Fullscript API Dashboard. Your request will return 404 if there’s any mismatch.

Tip: There’s no need to add scopes to the request; any scopes added this way are ignored. Scopes you configured via the Fullscript API Dashboard are automatically applied to your request.

When redirected to our OAuth flow, users who aren’t already signed in to Fullscript are prompted to sign in or sign up for a Fullscript account. Once signed in, they are shown a detailed list of the access scopes your application is requesting, and they are asked to authorize your application. They can either authorize or cancel the transaction. If they authorize your app, they are redirected back to your redirect_uri.

2. Redirect back to your app

If the practitioner authorizes your application, they're sent to your redirect_uri with a one-time-use authorization code in the url query parameters. You have 10 minutes to exchange this authorization code for a secure access token (else the authorization code expires and you’ll need to start back at step 1).

The redirect url with authorization code looks something like this:

YOUR_APPLICATIONS_REDIRECT_URI?code=476x028x13xxxx52xx4x2xx87x472x735xxx893570x89xx48x9496xxx2418052

Tip: You need to create the redirect_uri page in your app. Generally, app developers don't show the user this page. They store the authorization code, then immediately redirect the user to another spot in the app.

3. Token exchange (the OAuth dance)

Now it's up to you to do the OAuth dance 🕺! The temporary authorization code can now be exchanged for an OAuth access token. Detailed reference information about creating an OAuth token can be found below but the gist is: you make an API request with your OAuth application credentials and the authorization code. If successful, our server generates an OAuth token and includes it in the response.

OAuth access tokens expire in 2 hours. But they also come with a non-expiring refresh token so you can refresh an expired token when needed. Store the access_token, refresh_token, the user’s Fullscript ID and user type (also returned with the token) alongside other private user profile info in your app.

Once you've successfully received and stored the OAuth token, your app uses it to interact with the Fullscript API on behalf of that authorizing user. A unique OAuth token is required for every user (both practitioners and office staff). To make a request on behalf of a user, just include their token in your header of your request, like so:

{ "Authorization" => "Bearer 96x5x67x09168xx64x4x8xx5xx541xxxxx38x10071xx1xxx24x66x0xxxxxxx74" }

And that's it!

Note: Applications created before August 26, 2021 use OAuth 2.0 with clinic level authorization instead of role-based access control. For those apps, there’s no requirement to create and store an OAuth token per user, but it’s still good practice to do so. If your app allows users to connect their own Fullscript clinic accounts, you may already be doing this.

Request an Authorization Code

Requests an authorization code on behalf of a Fullscript user (practitioner or clinic staff member).

Note: authorize is different from other parts of our API. Instead of calling it programatically, configure a link or button in your app to redirect the user's browser to the Fullscript authorize url when clicked.

When the user's browser arrives at the Fullscript authorize url, it prompts them to create and/or authenticate to a Fullscript account. The browser is redirected back to your specified redirect_uri when the process is complete. Your app needs to make the redirect_uri available, and should be prepared to retrieve the query parameters from the url to proceed with the rest of the OAuth process.

Tip: After your app processes the query parameters, you may wish to redirect the user again (away from the redirect_uri) to another page with a clean url.

https://api-us-snd.fullscript.io/api/oauth/authorize

Query Parameters

Example

  
https://api-us-snd.fullscript.io/api/oauth/authorize
  ?client_id=83x92x21xx29x643xx9954x8x2xx651xxx87x66521x08x9x2x408x26x801x394
  &redirect_uri=https://example.com/redirect
  &response_type=code

Resulting redirect URI

  
https://www.example.com/redirect
  ?code=476x028x13xxxx52xx4x2xx87x472x735xxx893570x89xx48x9496xxx2418052

Example with state

  
https://api-us-snd.fullscript.io/api/oauth/authorize
  ?client_id=83x92x21xx29x643xx9954x8x2xx651xxx87x66521x08x9x2x408x26x801x394
  &redirect_uri=https://example.com/redirect
  &response_type=code
  &state=some-state-data-that-my-app-needs

Resulting redirect URI (with state)

  
https://www.example.com/redirect
  ?code=476x028x13xxxx52xx4x2xx87x472x735xxx893570x89xx48x9496xxx2418052
  &state=some-state-data-that-my-app-needs

Name	Description
`client_id` Required	The App’s client ID, a unique value found in the details section for this App in the Fullscript API Dashboard.
`redirect_uri` Required	The uri to which users are directed after they authorize your App access to their Fullscript Data. It must match the Redirect URI value configured for this App in the Fullscript API Dashboard.
`response_type` Required	The only supported type is `code`.
`state`	A place for you pass additional app data to your `redirect_uri`. The `state` query parameter is not processed, it's returned to you as-is.

OAuth Token

Attributes

access_token string

The secret token to use when making a request on behalf of the authorizing Fullscript User. The access token is sensitive information that’s similar to a user’s name and password in a single value.
token_type string

The type of token. Default is Bearer. This value is used along with the access token when requesting API access.
expires_in string

The number of seconds before the token expires. The seconds start counting from the token's created_at timestamp. All tokens expire in 2 hours.
refresh_token string

A code used to generate a fresh access token without requiring a user to re-authorize your app when their token expires. The refresh token never expires, but is invalidated if/when authorization is revoked.
scope string

The scopes assigned to the token. Based on your application settings.
resource_owner hash

Details about the Fullscript user who authorized your app's access.
show child attributes
- id string
  
  The resource owner’s unique Fullscript identifier (uid).
- type string
  
  Type of resource object. One of Practitioner or Staff. Older Apps will see Clinic.
created_at string

Timestamp (in utc) when the token was created.

Create an OAuth Token

Creates a new role-based OAuth token (from the user’s authorization code) or refreshes an expired token.

Note: Applications created before August 26, 2021 use OAuth 2.0 with clinic level authorization instead of role-based access control. In that case, the OAuth authorization code, access token, and refresh token are on behalf of a clinic or store, not a user, and the resource owner type is Clinic in the response.

To take advantage of everything role-based access control offers, contact your account manager for our migration guide.

Example Request

  
curl -X "POST" "https://api-us-snd.fullscript.io/api/oauth/token" \
  -H 'Content-Type: application/json' \
  -d $'{
  "grant_type": "authorization_code",
  "client_id": "83x92x21xx29x643xx9954x8x2xx651xxx87x66521x08x9x2x408x26x801x394",
  "client_secret": "5305x72xxx6xx7xx4848xxxxx040x4xx4xx965xx566x662xxxxx6x7xxx5x730x",
  "code": "x8x9xx06x9138x41x0x4xx3xxx726x0x2749xxx798x1x7x3x46x902x4068664x",
  "redirect_uri": "https://fullscript.io/api"
}'

Example Response

  
{
  "oauth": {
    "access_token": "96x5x67x09168xx64x4x8xx5xx541xxxxx38x10071xx1xxx24x66x0xxxxxxx74",
    "token_type": "Bearer",
    "expires_in": 7200,
    "refresh_token": "xxxx4x98xxxx7x03xxxxxx73x95x2514x0xx2x9xx15882xx7947496376x343x9",
    "scope": "catalog:read",
    "created_at": "2018-10-16T04:00:00.000Z",
    "resource_owner": {
      "id": "xx7x357x-9x36-xxxx-x553-7x3xx398xxx",
      "type": "Clinic"
    }
  }
}

HTTP Request

POST https://api-us-snd.fullscript.io/api/oauth/token

Arguments

client_id required

The App’s client ID, a unique value found in the details section for this App in the Fullscript API Dashboard.
client_secret required

The App’s secret token, found in the Fullscript API Dashboard details for this App.
redirect_uri required

Must match the Redirect URI value configured for this App in the Fullscript API Dashboard.
grant_type required

The type of OAuth grant you are requesting. Use authorization_code if you're getting the token for the first time. Use refresh_token to refresh a stale token.
code required

The Fullscript user’s temporary authorization code obtained from the authorize endpoint. This one-time use code is exchanged for an OAuth access token. (This parameter is required when using the authorization_code grant_type, but not if refreshing the token.)
refresh_token required

The refresh token that was returned with this user’s access token. Include this in the request when your access token is expired and you’re requesting a fresh one. (This parameter is required when using the refresh_token grant_type, but not when requesting an OAuth token from the auth code.)

Revoke an OAuth Token

Revokes a user’s OAuth token (and associated refresh token). This user will need to authorize your app again before you can access Fullscript APIs and data on their behalf.

Tip: You can revoke an expired access token, no need to refresh it first.

Example Request

  
curl "https://api-us-snd.fullscript.io/api/oauth/revoke" \
  -H 'Content-Type: application/json' \
  -d $'{
  "client_id": "83x92x21xx29x643xx9954x8x2xx651xxx87x66521x08x9x2x408x26x801x394",
  "client_secret": "5305x72xxx6xx7xx4848xxxxx040x4xx4xx965xx566x662xxxxx6x7xxx5x730x",
  "token": "xx7xxxxx7xxxx3xxxx5xxx9xx4xxxxxx1xxxx3x9xxx"
}'

Example Response

{
}

HTTP Request

https://api-us-snd.fullscript.io/api/oauth/revoke

Arguments

client_id required

The App’s client ID, a unique value found in the details section for this App in the Fullscript API Dashboard.
client_secret required

The App’s secret token, found in the Fullscript API Dashboard details for this App.
token required

The OAuth access token to be revoked (it can be an expired token).

Quick Integration

Fullscript offers a way to implement quick integration, it allows you to integrate with fullscript while spending minimal time on development. Quick integration consists of implementing a button in your EHR which will call a dynamic link endpoint. This endpoint will return a redirect_url on the fullscript platform to let a practitioner take an action. You must open a new tab with the url value of the redirect_url provided by the endpoint.

This will let the practitioner take essential actions without the need to make a custom integration that is embedded in your EHR.

You can couple this with webhook events to be notfied of actions taken with in fullscript and then reflect these changes in your EHR.

Please do not hard code these urls, instead use the endpoint to get the redirect_url. We will be adding the ability to pass in arguments and based on these arguments the value of redirect_url will change.

Dynamic link

This resource will return a redirect_url on the fullscript platform for a treatment_plan.

Attributes

redirect_url string

Absolute url for a treatment plan in fullscript.
treatment_plan hash

Treatment plan information for dynamic link.
show child attributes
- id string
  
  Unique identifier of the treatment plan.
- state string
  
  The state of the treatment plan. It will have a value of draft or active.
- available_at string
  
  The date when the treatment plan was sent to the patient either through an email or text message.
patient hash

Patient information for dynamic_link.
show child attributes
- id string
  
  Unique identifier of the patient.
- first_name string
  
  First name of the patient.
- last_name string
  
  Last name of the patient.
- email string
  
  Unique email of the patient.
- archived boolean
  
  If true, patient is no longer active and can not sign in to Fullscript.
- date_of_birth string
  
  Patient's date of birth in the format yyyy-mm-dd.
- gender string
  
  Gender of the patient. Valid options are 'male', 'female', or 'x'.
- discount number
  
  Patient discount level (in percentage). This discount does not include the clinic discount. This discount, in addition to any clinic discount, will be applied to all of the patient's orders.
- total_discount number
  
  Total patient discount level (in percentage). This discount includes the clinic discount and the patient discount. This discount is applied to all of the patient's orders.
- mobile_number string
  
  Patient's mobile number in the format +12223334444.
- text_message_notification boolean
  
  true or false of whether the patient has elected to receive text message notifications from Fullscript.

Retrieve a Treatment Plan Link

Returns a redirect_url for editing an existing treatment plan. The treatment plan provided must have a state of draft or active.

Example Request

  
curl "https://api-us-snd.fullscript.io/api/clinic/dynamic_links/treatment_plans/x1x01x6x-5615-4874-xxx4-48x459180x09" \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'

Example Response

  
{
  "dynamic_links": {
    "redirect_url": "https://api-us-snd.fullscript.io/p/treatment_plans/101010/edit",
    "treatment_plan": {
      "id": "x1x01x6x-5615-4874-xxx4-48x459180x09",
      "state": "active",
      "available_at": "2019-10-16"
    },
    "patient": {
      "id": "x1x0196x-5615-4874-xxe4-48x459180x09",
      "first_name": "Example",
      "last_name": "Patient",
      "email": "patient@example.com",
      "archived": false,
      "date_of_birth": null,
      "gender": null,
      "discount": 0,
      "total_discount": 0,
      "mobile_number": "",
      "text_message_notification": 0
    }
  }
}

HTTP Request

GET https://api-us-snd.fullscript.io/api/clinic/dynamic_links/treatment_plans/:id

Arguments

id required

Unique ID for the Treatment Plan

Retrieve a new Treatment Plan link

Returns a redirect_url for a new treatment plan.

Example Request

  
curl "https://api-us-snd.fullscript.io/api/clinic/dynamic_links/treatment_plans" \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'

Example Response

  
{
  "redirect_url": "https://api-us-snd.fullscript.io/p/treatment_plans/new?client_id=83x92x21xx29x643xx9954x8x2xx651xxx87x66521x08x9x2x408x26x801x394"
}

HTTP Request

GET https://api-us-snd.fullscript.io/api/clinic/dynamic_links/treatment_plans

Arguments

No arguments ...

Create a Draft Treatment Plan Link

Returns a redirect_url for a draft treatment. It will optionally find or create a patient for use in the treatment plan.

You must have the patients:write OAuth scope if the request you make creates a patient. To access the endpoint you must also have the clinic:write OAuth scope.

Example Request

  
curl -X "POST" "https://api-us-snd.fullscript.io/api/clinic/dynamic_links/treatment_plans" \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX' \
  -d $'{
  "patient": {
    "email": "johndoe@fakemail.com"
  },
  "treatment_plan": {
    "practitioner_id": "x1x0196x-5615-4874-xxx4-48x459180x09"
  }
}'

Example Response

  
{
  "dynamic_links": {
    "redirect_url": "https://api-us-snd.fullscript.io/p/treatment_plans/101010/edit",
    "treatment_plan": {
      "id": "x1x01x6x-5615-4874-xxx4-48x459180x09",
      "state": "draft",
      "available_at": null
    },
    "patient": {
      "id": "x1x0196x-5615-4874-xxe4-48x459180x09",
      "first_name": "Example",
      "last_name": "Patient",
      "email": "johndoe@fakemail.com",
      "archived": false,
      "date_of_birth": null,
      "gender": null,
      "discount": 0,
      "total_discount": 0,
      "mobile_number": "",
      "text_message_notification": 0
    }
  }
}

HTTP Request

POST https://api-us-snd.fullscript.io/api/clinic/dynamic_links/treatment_plans

Arguments

treatment_plan required object

Treatment plan information for dynamic link.
show child attributes
- practitioner_id required
  
  Practitioner's id used to create the draft treatment_plan.
patient object

Find or create a Patient.
show child attributes
- email
  
  Unique Email for the Patient.
- first_name
  
  Patient's first name.
- last_name
  
  Patient's last name.
- date_of_birth
  
  Patient's date of birth in the format yyyy-mm-dd.
- gender
  
  Gender of the patient. Valid options are 'male', 'female', or 'x'.
- mobile_number
  
  Patient's mobile number in the format +12223334444.
- discount
  
  Patient discount level (in percentage). This discount does not include the clinic discount. Defaults to 0.
- send_welcome_email
  
  Sends a welcome email upon successful patient creation and treatment plan creation. Defaults to true.

Request IDs

Example

  
    'x-request-id: 06ded6a2-cb35-43e7-9f83-a4b705e3e588'

All API requests sent will respond with an X-Request-Id in its response header. This value uniquely identifies each request. If you are having trouble with a particular request please provide the X-Request-Id identifier for the fastest possible resolution.

Pagination

All top-level list endpoints can be paginated. They return a meta tag that contains all pagination data.

Example Request

  
curl "https://api-us-snd.fullscript.io/api/clinic/patients?page[number]=2&page[size]=20" \
  -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX' \

Example Response

  
{
  "patients": [
    {...}
  ],
  "meta": {
    "current_page": 2,
    "next_page": null,
    "prev_page": 1,
    "total_pages": 2,
    "total_count": 40
  }
}

Attributes

current_page number

The current page number of the API response.
next_page number

Then next page number (if available).
prev_page number

The previous page number (if available).
total_pages number

Total number of pages that are available in the API response.
total_count number

Total number of records available in the resource.

Arguments

page hash

Page object
show child attributes
- number optional
  
  The page number that you want to access.
- size defaults to 50
  
  The number of records that you want to return in the request. Max size is 100.

Versioning

The API version you use controls the behaviour of the API. The first time you register to use Fullscript's API you will be assigned the latest version.

The current version for Fullscript's API is Version 2. If we ever make a breaking change to the API we will release a new dated patch_version with the new behaviour. We do this to avoid breaking any of your code. It's up to you to upgrade if / when you want to.

The latest patch_version is 2020-02-14.

Backwards compatible changes

The Fullscript API considers the following changes to be backwards compatible (ie. non-breaking changes).

Adding new API resources
Adding new optional request parameters to an existing resource
Adding new keys/attributes to existing API responses
Changing the order of parameters in an existing API response
Changing the format or length of IDs or strings

Upgrading

Upgrading from Version 1 to Version 2 can be done on an endpoint-by-endpoint basis. V1 is soft-deprecated, which means that no new features are going to be added. However, you can continue to use V1 endpoints for as long as you want. Documentation for V1 can be found on swaggerhub.

However, if you are running an older version and want to take advantage of new features and faster response times, then consider upgrading! Going from V1 to V2 is fairly straightforward and you can start using V2 features by requesting the endpoints listed in this documentation.

To see which version you are on, or if you wish to upgrade your patch_version please see the documentation for the Versions endpoint.

Catalog

Allergens

Attributes about a product as they relate specifically to ingredients known to cause allergic reactions / ingredients known to want to be avoided (e.g. 'Peanut free'). They are not attested by third parties.

The allergen object contains details for all allergens listed on the Fullscript platform. The API allows you to list all allergens and find individual allergens.

Attributes

id string

Unique identifier of the allergen.
name string

Name of the allergen.

List all allergens

This resource allows you to list all allergens.

Example Request

  
curl "https://api-us-snd.fullscript.io/api/catalog/allergens" \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'

Example Response

  
{
  "allergens": [
    {
      "id": "x5x447x4-x904-4060-83xx-26x5xx9819x7",
      "name": "Sugar Free"
    }
  ],
  "meta": {
    "current_page": 1,
    "next_page": null,
    "prev_page": null,
    "total_pages": 1,
    "total_count": 1
  }
}

HTTP Request

GET https://api-us-snd.fullscript.io/api/catalog/allergens

Arguments

No arguments ...

Retrieve an allergen

Retrieves details for an existing allergen.

Example Request

  
curl "https://api-us-snd.fullscript.io/api/catalog/allergens/x5x447x4-x904-4060-83xx-26x5xx9819x7" \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'

Example Response

  
{
  "allergen": {
    "id": "x5x447x4-x904-4060-83xx-26x5xx9819x7",
    "name": "Sugar Free"
  }
}

HTTP Request

GET https://api-us-snd.fullscript.io/api/catalog/allergens/:id

Arguments

id required

Unique ID for the allergen

Brands

The brand object contains details for all brands on the Fullscript platform. The API allows you to list all brands and find individual brands.

Attributes

id string

Unique identifier of the brand.
name string

Commercial name of the brand.
status string

The current state of a brand's products which return two possible values: available and unavailable. available means that this brand has some products that are in-stock and available to be ordered. unavailable means that this brand does not have any products in-stock. Note that this does not take into account product segmentation (where only certain practitioners have access to some brands) Please use the product search endpoint for tailored products that are available to your practitioner.
prefix string

Unique prefix for the brand.

List all brands

This resource allows you to list all brands.

Example Request

  
curl "https://api-us-snd.fullscript.io/api/catalog/brands?available=true" \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'

Example Response

  
{
  "brands": [
    {
      "id": "x0x50x8x-711x-43xx-85xx-5xx80365xxxx",
      "name": "BioBrand",
      "prefix": "BIO",
      "status": "available"
    }
  ],
  "meta": {
    "current_page": 1,
    "next_page": null,
    "prev_page": null,
    "total_pages": 1,
    "total_count": 1
  }
}

HTTP Request

GET https://api-us-snd.fullscript.io/api/catalog/brands

Arguments

available optional

Takes an argument of true to return brands that have available products.
clinic_permitted optional

Takes an argument of true to return brands the current clinic has access to.

Retrieve a brand

Retrieves details for an existing brand.

Example Request

  
curl "https://api-us-snd.fullscript.io/api/catalog/brands/x0x50x8x-711x-43xx-85xx-5xx80365xxxx" \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'

Example Response

  
{
  "brand": {
    "id": "x0x50x8x-711x-43xx-85xx-5xx80365xxxx",
    "name": "BioBrand",
    "prefix": "BIO",
    "status": "unavailable"
  }
}

HTTP Request

GET https://api-us-snd.fullscript.io/api/catalog/brands/:id

Arguments

id required

Unique ID for the Brand

Ingredients

Supplement ingredients that make up the product (e.g. 'Curcumin').

The ingredient object contains details for all ingredients listed on the Fullscript platform. The API allows you to list all ingredients and find individual ingredients.

Attributes

id string

Unique identifier of the ingredient.
name string

Name of the ingredient.

List all Ingredients

This resource allows you to list all ingredients.

Example Request

  
curl "https://api-us-snd.fullscript.io/api/catalog/ingredients" \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'

Example Response

  
{
  "ingredients": [
    {
      "id": "x5x447x4-x904-4060-83xx-26x5xx9819x7",
      "name": "Vitamin A"
    }
  ],
  "meta": {
    "current_page": 1,
    "next_page": null,
    "prev_page": null,
    "total_pages": 1,
    "total_count": 1
  }
}

HTTP Request

GET https://api-us-snd.fullscript.io/api/catalog/ingredients

Arguments

No arguments ...

Retrieve an ingredient

Retrieves details for an existing ingredient.

Example Request

  
curl "https://api-us-snd.fullscript.io/api/catalog/ingredients/x5x447x4-x904-4060-83xx-26x5xx9819x7" \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'

Example Response

  
{
  "ingredient": {
    "id": "x5x447x4-x904-4060-83xx-26x5xx9819x7",
    "name": "Vitamin A"
  }
}

HTTP Request

GET https://api-us-snd.fullscript.io/api/catalog/ingredients/:id

Arguments

id required

Unique ID for the ingredient

Practitioner Types

The practitioner type object contains details for all the practitioner types available. The API allows you to list all practitioner types.

Attributes

id string

Unique identifier of the practitioner type.
code string

Short code for the practitioner type.
description string

Description for the practitioner type.

List all practitioner types

This resource allows you to list all practitioner types.

Example Request

  
curl "https://api-us-snd.fullscript.io/api/catalog/practitioner_types" \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'

Example Response

  
{
  "practitioner_types": [
    {
      "id": "xx55x681-5340-425x-x212-4954xxx92x7x",
      "code": "ND",
      "description": "Naturopathic Doctor"
    }
  ],
  "meta": {
    "current_page": 1,
    "next_page": null,
    "prev_page": null,
    "total_pages": 1,
    "total_count": 1
  }
}

HTTP Request

GET https://api-us-snd.fullscript.io/api/catalog/practitioner_types

Arguments

No arguments ...

Products

The product object contains details for all products on the Fullscript platform. The API allows you to list all products and find individual products.

Attributes

id string

Unique identifier of the product.
name string

Name of the product.
status string

Status of the Product. Has 3 possible values. If any of the product variants are available, then status is available. If none of the product variants are available, but any 1 of the product variants is backordered then status is backordered. If none of the product variants are available or backordered then status is unavailable.
variant_count integer

The number of variants that exist for this product.
brand hash

Brand information for the product.
show child attributes
- id string
  
  Unique identifier of the brand.
- name string
  
  Commercial name of the brand.
- prefix string
  
  Unique prefix for the brand.
description_html string

HTML description of the product (if available).
variants array

All available variants for the product.
show child attributes
- id string
  
  Unique identifier for the variant.
- sku string
  
  Unique SKU for the variant used by Fullscript.
- units integer
  
  Number of units in the variant (e.g. 90 capsules or 250 mL).
- unit_of_measure string
  
  Units of measure (e.g. capsules).
- upc string
  
  UPC, EAN-13, or scannable bar code.
- msrp string
  
  The MSRP (suggested selling price) for the product. (e.g. 19.99)
- supplier_sku string
  
  The Supplier SKU.
- status string
  
  Returns the current status of the variant. (e.g. available, discontinued, backordered, unavailable, or vendor backorder)
- availability string
  
  Returns the availability of the variant. (e.g. In Stock)
primary_variant hash

The primary variant for the product.
show child attributes
- id string
  
  Unique identifier for the variant.
- sku string
  
  Unique SKU for the variant used by Fullscript.
- units integer
  
  Number of units in the variant (e.g. 90 capsules or 250 mL).
- unit_of_measure string
  
  Units of measure (e.g. capsules).
- upc string
  
  UPC, EAN-13, or scannable bar code.
- msrp string
  
  The MSRP (suggested selling price) for the product. (e.g. 19.99)
- supplier_sku string
  
  The Supplier SKU.
- status string
  
  Returns the current status of the variant. (e.g. available, discontinued, backordered, unavailable, or vendor backorder)
- availability string
  
  Returns the availability of the variant. (e.g. In Stock)
- primary boolean
  
  Reveals whether the variant is the primary (main one used for display purposes) or not.
- image_url_small string
  
  Thumbnail-sized image url of the variant.
- image_url_medium string
  
  Medium-sized image url of the variant.
- image_url_large string
  
  Large-sized image url of the variant.
dosage hash

Dosage information for the product.
show child attributes
- recommended_amount string
  
  The recommended dose to take in terms of the dosage format.
- recommended_frequency string
  
  The recommended frequency with which to take the dose. This can be any of the following strings: once per day, twice per day, three times per day, four times per day, every morning, or every night.
- recommended_duration string
  
  The recommended period for which to take the dose. This can be the number of days (e.g. 120 for 4 months) or it can be any of the following strings: as needed, until symptoms resolve, or ongoing.
- format string
  
  Format of the dose. This can be any of the following strings: capsule, chewable, gel, liquid, lozenge, packet, pellet, drops, powder, strip, suppository, or tablet.
- additional_info string
  
  Recommended instructions for taking a dose (e.g. With meals).
custom_dosage hash

Custom dosage information for the product, created by a specific practitioner. In the event that a custom dosage is not set for a product, custom_dosage will be null
show child attributes
- recommended_amount string
  
  The recommended dose to take in terms of the dosage format.
- recommended_frequency string
  
  The recommended frequency with which to take the dose. This can be any of the following strings: once per day, twice per day, three times per day, four times per day, every morning, or every night.
- recommended_duration string
  
  The recommended period for which to take the dose. This can be the number of days (e.g. 120 for 4 months) or it can be any of the following strings: as needed, until symptoms resolve, or ongoing.
- format string
  
  Format of the dose. This can be any of the following strings: capsule, chewable, gel, liquid, lozenge, packet, pellet, drops, powder, strip, suppository, or tablet.
- additional_info string
  
  Recommended instructions for taking a dose (e.g. With meals).

List all products

This resource allows you to list all products.

Example Request

  
curl "https://api-us-snd.fullscript.io/api/catalog/products" \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'

Example Response

  
{
  "products": [
    {
      "id": "113741x6-224x-4xx8-xx5x-80629x155192",
      "name": "Vitamin C",
      "brand": {
        "id": "x0x50x8x-711x-43xx-85xx-5xx80365xxxx",
        "name": "BioBrand",
        "prefix": "BIO"
      },
      "primary_variant": {
        "id": "xx2688x2-4303-4278-xx73-x7083x6146x2",
        "sku": "819d1ab3abc0a21cffd798ec925ba50d",
        "primary": true,
        "units": null,
        "unit_of_measure": null,
        "availability": "n/a",
        "status": "unavailable",
        "upc": null,
        "msrp": "19.99",
        "supplier_sku": null,
        "image_url_small": "/assets/noimage/product.png",
        "image_url_medium": "/assets/noimage/product.png",
        "image_url_large": "/assets/noimage/product.png"
      },
      "variant_count": 1,
      "status": "unavailable"
    }
  ],
  "meta": {
    "current_page": 1,
    "next_page": null,
    "prev_page": null,
    "total_pages": 1,
    "total_count": 1
  }
}

HTTP Request

GET https://api-us-snd.fullscript.io/api/catalog/products

Arguments

No arguments ...

Retrieve a product

Retrieves an existing product. If the practitioner has set custom dosage instructions for the product, the custom_dosage object is included in the response. Specify the pracitioner with practitioner_id (defaults to current practitioner, when applicable).

Example Request

  
curl "https://api-us-snd.fullscript.io/api/catalog/products/113741x6-224x-4xx8-xx5x-80629x155192" \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'

Example Response

  
{
  "product": {
    "id": "113741x6-224x-4xx8-xx5x-80629x155192",
    "name": "Vitamin C",
    "description_html": "Easy to swallow vitamin c capsules.",
    "brand": {
      "id": "x0x50x8x-711x-43xx-85xx-5xx80365xxxx",
      "name": "BioBrand",
      "prefix": "BIO"
    },
    "variants": [
      {
        "id": "xx2688x2-4303-4278-xx73-x7083x6146x1",
        "sku": "20xx9193488",
        "primary": true,
        "units": null,
        "unit_of_measure": null,
        "availability": "In Stock",
        "status": "available",
        "upc": null,
        "msrp": "19.99",
        "supplier_sku": null
      }
    ],
    "dosage": {
      "recommended_amount": "10-60",
      "recommended_frequency": "four times per day",
      "recommended_duration": "as needed",
      "format": "drop",
      "additional_info": "with meals"
    },
    "custom_dosage": null
  }
}

HTTP Request

GET https://api-us-snd.fullscript.io/api/catalog/products/:id

Arguments

id required

Unique identifier for the Product
practitioner_id optional

Unique Practitioner ID. Include to retrieve a specific practitioner's custom dosage instructions for the product. Defaults to the practitioner who owns current access token, if applicable (access token's resource owner type is Practitioner). Custom dosage is returned in the custom_dosage object.

Search for products

This resource allows you to search for products using Fullscript's elasticsearch implementation. This endpoint takes into consideration brand segmentation (not all clinics have access to all brands) and will only show products and brands that your clinic has available to them.

Note: Filter arguments that accept an array can be specified in the query string like this:
?allergen_ids[]=id_1&allergen_ids[]=id_2

Example Request

  
curl "https://api-us-snd.fullscript.io/api/catalog/search/products?query=BioBrand" \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'

Example Response

  
{
  "products": [
    {
      "id": "113741x6-224x-4xx8-xx5x-80629x155192",
      "name": "Vitamin C",
      "brand": {
        "id": "x0x50x8x-711x-43xx-85xx-5xx80365xxxx",
        "name": "BioBrand",
        "prefix": "BIO"
      },
      "primary_variant": {
        "id": "xx2688x2-4303-4278-xx73-x7083x6146x2",
        "sku": "819d1ab3abc0a21cffd798ec925ba50d",
        "primary": true,
        "units": null,
        "unit_of_measure": null,
        "availability": "In Stock",
        "status": "available",
        "upc": null,
        "msrp": "19.99",
        "supplier_sku": null,
        "image_url_small": "/assets/noimage/product.png",
        "image_url_medium": "/assets/noimage/product.png",
        "image_url_large": "/assets/noimage/product.png"
      },
      "variant_count": 1,
      "status": "available"
    }
  ],
  "meta": {
    "current_page": 1,
    "next_page": null,
    "prev_page": null,
    "total_pages": 1,
    "total_count": 1
  }
}

HTTP Request

GET https://api-us-snd.fullscript.io/api/catalog/search/products

Arguments

query optional

Search for products matching a query string.
allergen_ids optional

Provide an array of allergen ids to filter results.
brand_id optional

Search for products by brand_id.
ingredient_ids optional

Provide an array of ingredient ids to filter results.
supplement_type_ids optional

Provide an array of supplement type ids to filter results.
third_party_certification_ids optional

Provide an array of third party certification ids to filter results.

List similar products

This endpoint allows you to list similar products that have been curated by Fullscript's licensed health professionals. It is in order from most to least popular.

Example Request

  
curl "https://api-us-snd.fullscript.io/api/catalog/products/113741x6-224x-4xx8-xx5x-80629x155192/similar" \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'

Example Response

  
{
  "products": [
    {
      "id": "x1x50x8x-711x-43xx-85xx-5xx80365xxxx",
      "name": "Vitamin C plus",
      "brand": {
        "id": "x0x50x8x-711x-43xx-85xx-5xx80365xxxx",
        "name": "BioBrand",
        "prefix": "BIO"
      },
      "primary_variant": {
        "id": "xx2688x2-4303-4278-xx73-x7083x6146x2",
        "sku": "819d1ab3abc0a21cffd798ec925ba50d",
        "primary": true,
        "units": null,
        "unit_of_measure": null,
        "availability": "n/a",
        "status": "unavailable",
        "upc": null,
        "msrp": "19.99",
        "supplier_sku": null,
        "image_url_small": "/assets/noimage/product.png",
        "image_url_medium": "/assets/noimage/product.png",
        "image_url_large": "/assets/noimage/product.png"
      },
      "variant_count": 1,
      "status": "unavailable"
    }
  ],
  "meta": {
    "current_page": 1,
    "next_page": null,
    "prev_page": null,
    "total_pages": 1,
    "total_count": 1
  }
}

HTTP Request

GET https://api-us-snd.fullscript.io/api/catalog/products/:product_id/similar

Arguments

product_id required

Unique identifier for the Product

Supplement Types

Groups of products based on similar attributes (e.g. 'Multivitamins').

The supplement type object contains details for all supplement types listed on the Fullscript platform. The API allows you to list all supplement types and find individual supplement types.

Attributes

id string

Unique identifier of the supplement type.
name string

Name of the supplement type.

List all supplement types

This resource allows you to list all supplement types.

Example Request

  
curl "https://api-us-snd.fullscript.io/api/catalog/supplement_types" \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'

Example Response

  
{
  "supplement_types": [
    {
      "id": "x5x447x4-x904-4060-83xx-26x5xx9819x7",
      "name": "vitamins"
    }
  ],
  "meta": {
    "current_page": 1,
    "next_page": null,
    "prev_page": null,
    "total_pages": 1,
    "total_count": 1
  }
}

HTTP Request

GET https://api-us-snd.fullscript.io/api/catalog/supplement_types

Arguments

No arguments ...

Retrieve a supplement type

Retrieves details for an existing supplement type.

Example Request

  
curl "https://api-us-snd.fullscript.io/api/catalog/supplement_types/x5x447x4-x904-4060-83xx-26x5xx9819x7" \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'

Example Response

  
{
  "supplement_type": {
    "id": "x5x447x4-x904-4060-83xx-26x5xx9819x7",
    "name": "vitamins"
  }
}

HTTP Request

GET https://api-us-snd.fullscript.io/api/catalog/supplement_types/:id

Arguments

id required

Unique ID for the supplement type

Third Party Certifications

Third party certifications are product level filters that are assessed by a party external to the manufacturer (e.g. 'Certified Halal').

The third party certification object contains details for all third party certifications listed on the Fullscript platform. The API allows you to list all third party certifications and find individual third party certifications.

Attributes

id string

Unique identifier of the third party certification.
name string

Name of the third party certification.

List all third party certifications

This resource allows you to list all third party certifications.

Example Request

  
curl "https://api-us-snd.fullscript.io/api/catalog/third_party_certifications" \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'

Example Response

  
{
  "third_party_certifications": [
    {
      "id": "x5x447x4-x904-4060-83xx-26x5xx9819x7",
      "name": "Certified Halal"
    }
  ],
  "meta": {
    "current_page": 1,
    "next_page": null,
    "prev_page": null,
    "total_pages": 1,
    "total_count": 1
  }
}

HTTP Request

GET https://api-us-snd.fullscript.io/api/catalog/third_party_certifications

Arguments

No arguments ...

Retrieve a third party certification

Retrieves details for an existing third party certification.

Example Request

  
curl "https://api-us-snd.fullscript.io/api/catalog/third_party_certifications/x5x447x4-x904-4060-83xx-26x5xx9819x7" \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'

Example Response

  
{
  "third_party_certification": {
    "id": "x5x447x4-x904-4060-83xx-26x5xx9819x7",
    "name": "Certified Halal"
  }
}

HTTP Request

GET https://api-us-snd.fullscript.io/api/catalog/third_party_certifications/:id

Arguments

id required

Unique ID for the third party certification

Variants

The variant object contains details about product variants. The API allows you to find individual variants.

Attributes

id string

Unique identifier for the variant.
sku string

Unique SKU for the variant used by Fullscript.
units integer

Number of units in the variant (e.g. 90 capsules or 250 mL).
unit_of_measure string

Units of measure (e.g. capsules).
upc string

UPC, EAN-13, or scannable bar code.
msrp string

The MSRP (suggested selling price) for the product. (e.g. 19.99)
supplier_sku string

The Supplier SKU.
status string

Returns the current status of the variant. (e.g. available, discontinued, backordered, unavailable, or vendor backorder)
availability string

Returns the availability of the variant. (e.g. In Stock)
primary boolean

Reveals whether the variant is the primary (main one used for display purposes) or not.
image_url_small string

Thumbnail-sized image url of the variant.
image_url_medium string

Medium-sized image url of the variant.
image_url_large string

Large-sized image url of the variant.
product hash

The variant's product.
show child attributes
- id string
  
  Unique identifier of the product.
- name string
  
  Name of the product.
- brand hash
  
  The variant's brand information.

Retrieve a variant

Retrieves an existing variant.

Example Request

  
curl "https://api-us-snd.fullscript.io/api/catalog/variants/xx2688x2-4303-4278-xx73-x7083x6146x1" \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'

Example Response

  
{
  "variant": {
    "id": "xx2688x2-4303-4278-xx73-x7083x6146x1",
    "sku": "819d1ab3abc0a21cffd798ec925ba50c",
    "primary": true,
    "units": null,
    "unit_of_measure": null,
    "availability": "In Stock",
    "status": "available",
    "upc": null,
    "msrp": "19.99",
    "supplier_sku": null,
    "image_url_small": "/assets/noimage/product.png",
    "image_url_medium": "/assets/noimage/product.png",
    "image_url_large": "/assets/noimage/product.png",
    "product": {
      "id": "113741x6-224x-4xx8-xx5x-80629x155192",
      "name": "Vitamin C",
      "brand": {
        "id": "x0x50x8x-711x-43xx-85xx-5xx80365xxxx",
        "name": "BioBrand",
        "prefix": "BIO"
      }
    }
  }
}

HTTP Request

GET https://api-us-snd.fullscript.io/api/catalog/variants/:id

Arguments

id required

Unique identifier for the Variant.

Clinic

This endpoints retrieves information about the clinic provided from the X-FS-Clinic-Key.

Attributes

id string

Unique identifier of the clinic.
name string

Name of the clinic.
patient_count number

Number of patients that belong to the clinic.
practitioner_count number

Number of practitioners that belong to the clinic.
discount number

Discount level of the clinic. This discount (in percentage) is the global discount level of the clinic that will be applied to all patient orders (in addition to any patient-level discount).
dispensary_url string

Patient-facing dispensary url.
integration_id string

Unique identifier for the clinic's integration.
integration_activated_at string

Moment in time when a clinic's integration is considered active. This happens on the very first request made using a valid X-FS-Clinic-Key.

Retrieve a clinic

This endpoints retrieves information about the clinic provided from the X-FS-Clinic-Key.

Example Request

  
curl "https://api-us-snd.fullscript.io/api/clinic" \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'

Example Response

  
{
  "clinic": {
    "id": "xx7x357x-9x36-xxxx-x553-7x3xx398xxx",
    "name": "Dr. Example's Clinic",
    "patient_count": 0,
    "practitioner_count": 1,
    "discount": 0,
    "dispensary_url": "https://api-us-snd.fullscript.io/login/drexamplesclinic",
    "integration_id": "x1x0196x-5615-4874-xxx4-48x459180x09",
    "integration_activated_at": "2018-10-10T04:00:00.000Z"
  }
}

HTTP Request

GET https://api-us-snd.fullscript.io/api/clinic

Arguments

No arguments ...

Address

The address object contains a record of all addresses that a patient has made. In this API you can look up the address on an individual patient.

Attributes

id string

Unique identifier of the address.
address1 string

Street Address of the address.
address2 string

Apartment/Floor/Suite or Building # of the address.
zipcode string

Zipcode (US) or Postal Code (Canada) of the address.
city string

City of the address.
state number

State (US) or Province (Canada) of the address.
country number

The country of the address.

List All Patient Addresses

The address object contains a record of all addresses that belong to a patient.

Example Request

  
curl "https://api-us-snd.fullscript.io/api/clinic/patients/x1x0196x-5615-4874-xxe4-48x459180x09/addresses" \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'

Example Response

  
{
  "addresses": [
    {
      "id": "c7323855-3e77-4829-b1ec-83cd14e09ea2",
      "address1": "8445 E. Hartford Dr.",
      "address2": null,
      "zipcode": "85255",
      "city": "Scottsdale",
      "state": "AZ",
      "country": "US"
    }
  ],
  "meta": {
    "current_page": 1,
    "next_page": null,
    "prev_page": null,
    "total_pages": 1,
    "total_count": 1
  }
}

HTTP Request

GET https://api-us-snd.fullscript.io/api/clinic/patients/:patient_id/addresses

Arguments

patient_id required

Unique ID for the patient.

Orders

The order object contains a record of all completed or refunded orders that a patient has made.

Attributes

id string

Unique identifier of the order.
order_number string

Public order ID.
completed_at string

Timestamp for when the order was completed.
msrp_total string

Current total amount of an order before taxes / shipping costs.
item_total string

Current total amount of an order before taxes / shipping costs but including any patient or clinic discounts (if applied).
payment_total string

Current total amount of an order including any taxes, shipping costs, and refunds.
variant_ids array

Unique identifiers for the order's variants.
treatment_plan_ids array

Unique identifiers for the order's treatment plans.
line_items array

Individual line items on an order.
show child attributes
- variant_id string
  
  Unique ID for the variant.
- quantity integer
  
  Quantity of the variant.
patient_id string

Unique identifier for the order's patient.

List all patient orders

The patient order object contains a record of all completed or refunded orders that belong to a patient.

Example Request

  
curl "https://api-us-snd.fullscript.io/api/clinic/patients/x1x0196x-5615-4874-xxe4-48x459180x09/orders" \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'

Example Response

  
{
  "orders": [
    {
      "id": "391xx4xx-67x5-44x2-8x2x-8886x20x083x",
      "order_number": "R000000000",
      "completed_at": "2018-03-02T13:26:02.000-05:00",
      "treatment_plan_ids": [
        "xx45x0xx-x840-41xx-9922-98xx6001507x"
      ],
      "variant_ids": [
        "xx2688x2-4303-4278-xx73-x7083x6146x1"
      ]
    }
  ],
  "meta": {
    "current_page": 1,
    "next_page": null,
    "prev_page": null,
    "total_pages": 1,
    "total_count": 1
  }
}

HTTP Request

GET https://api-us-snd.fullscript.io/api/clinic/patients/:patient_id/orders

Arguments

patient_id required

Unique ID for the Patient

Retrieve an Order

Retrieves an existing Order.

Example Request

  
curl "https://api-us-snd.fullscript.io/api/clinic/orders/391xx4xx-67x5-44x2-8x2x-8886x20x083x" \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'

Example Response

  
{
  "order": {
    "id": "391xx4xx-67x5-44x2-8x2x-8886x20x083x",
    "order_number": "R000000000",
    "completed_at": "2018-03-02T13:26:02.000-05:00",
    "treatment_plan_ids": [
      "xx45x0xx-x840-41xx-9922-98xx6001507x"
    ],
    "patient_id": "x1x0196x-5615-4874-xxe4-48x459180x09",
    "item_total": "59.97",
    "msrp_total": "59.97",
    "payment_total": "64.96",
    "line_items": [
      {
        "variant_id": "xx2688x2-4303-4278-xx73-x7083x6146x1",
        "quantity": 3
      }
    ]
  }
}

HTTP Request

GET https://api-us-snd.fullscript.io/api/clinic/orders/:id

Arguments

id required

Unique identifier of the Order.

List all orders

This resource returns all orders for the clinic and can be filtered by the following attributes.

Example Request

  
curl "https://api-us-snd.fullscript.io/api/clinic/orders?patient_id=x1x0196x-5615-4874-xxe4-48x459180x09&completed_at=>2017-01-01" \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'

Example Response

  
{
  "orders": [
    {
      "id": "391xx4xx-67x5-44x2-8x2x-8886x20x083x",
      "order_number": "R000000000",
      "completed_at": "2018-03-02T13:26:02.000-05:00",
      "treatment_plan_ids": [
        "xx45x0xx-x840-41xx-9922-98xx6001507x"
      ],
      "variant_ids": [
        "xx2688x2-4303-4278-xx73-x7083x6146x1"
      ],
      "patient_id": "x1x0196x-5615-4874-xxe4-48x459180x09"
    }
  ],
  "meta": {
    "current_page": 1,
    "next_page": null,
    "prev_page": null,
    "total_pages": 1,
    "total_count": 1
  }
}

HTTP Request

GET https://api-us-snd.fullscript.io/api/clinic/orders

Arguments

patient_id string

Filter orders by patient_id.
treatment_plan_id string

Filter orders by treatment_plan_id.
completed_at date

Filter orders by completed_at. The date must be formatted as follows yyyy-mm-dd.
show child attributes
- less than string
  
  Return orders where the completed_at date is less than. <yyyy-mm-dd.
- greater than string
  
  Return orders where the completed_at date is greater than. >yyyy-mm-dd.
- within a range string
  
  Return orders where the completed_at date is with in a range. yyyy-mm-dd..yyyy-mm-dd.
order_number string

Filter orders by order_number.
sort_by string

Accepts one of the following arguments: patient_id, treatment_plan_id, completed_at and order_number.
order_by string

Ordering defaults to ASC and can take an argument of ASC or DESC.

Patients

The patient object contains a record of all available patients that belong to a clinic. The API allows you to create and update patients. It also allows you to list all patients and find individual patients.

Attributes

id string

Unique identifier of the patient.
first_name string

First name of the patient.
last_name string

Last name of the patient.
email string

Unique email of the patient.
archived boolean

If true, patient is no longer active and can not sign in to Fullscript.
date_of_birth string

Date of birth of the patient in the format yyyy-mm-dd.
gender string

Gender of the patient. Valid options are 'male', 'female', or 'x'.
discount number

Patient discount level (in percentage). This discount does not include the clinic discount. This discount, in addition to any clinic discount, will be applied to all of the patient's orders.
total_discount number

Total patient discount level (in percentage). This discount includes the clinic discount and the patient discount. This discount is applied to all of the patient's orders.
mobile_number string

Valid phone number for a patient.
text_message_notification boolean

true or false of whether the patient has elected to receive text message notifications from Fullscript.
metadata object

Metadata that has been attached to the patient.
show child attributes
- id string
  
  Your system's unique patient identifier.

List all patients

This resource allows you to list all of a clinic's patients.

Example Request

  
curl "https://api-us-snd.fullscript.io/api/clinic/patients" \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'

Example Response

  
{
  "patients": [
    {
      "id": "x1x0196x-5615-4874-xxe4-48x459180x09",
      "first_name": "Example",
      "last_name": "Patient",
      "email": "patient@example.com",
      "archived": false
    }
  ],
  "meta": {
    "current_page": 1,
    "next_page": null,
    "prev_page": null,
    "total_pages": 1,
    "total_count": 1
  }
}

HTTP Request

GET https://api-us-snd.fullscript.io/api/clinic/patients

Arguments

No arguments ...

Retrieve a patient

Retrieves an existing patient. You need to supply the unique ID for the patient.

Example Request

  
curl "https://api-us-snd.fullscript.io/api/clinic/patients/x1x0196x-5615-4874-xxe4-48x459180x09" \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'

Example Response

  
{
  "patient": {
    "id": "x1x0196x-5615-4874-xxe4-48x459180x09",
    "first_name": "Example",
    "last_name": "Patient",
    "email": "patient@example.com",
    "archived": false,
    "date_of_birth": null,
    "gender": "female",
    "discount": 0,
    "total_discount": 0,
    "mobile_number": null,
    "text_message_notification": true,
    "metadata": {
      "id": "9999-9999-9999"
    }
  }
}

HTTP Request

GET https://api-us-snd.fullscript.io/api/clinic/patients/:id

Arguments

id required

Unique ID for the Patient

Create a patient

Creates a new patient

Example Request

  
curl -X "POST" "https://api-us-snd.fullscript.io/api/clinic/patients" \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX' \
  -d $'{
  "first_name": "Example",
  "last_name": "Patient",
  "email": "example_patient@fullscript.com",
  "date_of_birth": "1977-01-12",
  "mobile_number": "+12223334444",
  "discount": "10",
  "gender": "female",
  "send_welcome_email": "false",
  "metadata": {
    "id": "9999-9999-9999"
  }
}'

Example Response

  
{
  "patient": {
    "id": "x1x0196x-5615-4874-xxe4-48x459180x09",
    "first_name": "Example",
    "last_name": "Patient",
    "email": "example_patient@fullscript.com",
    "archived": false,
    "date_of_birth": "1977-01-12",
    "gender": "female",
    "discount": 10,
    "total_discount": 10,
    "mobile_number": "+12223334444",
    "text_message_notification": true,
    "metadata": {
      "id": "9999-9999-9999"
    }
  }
}

HTTP Request

POST https://api-us-snd.fullscript.io/api/clinic/patients

Arguments

email required

Unique Email for the Patient
first_name required

Patient's first name
last_name required

Patient's last name
date_of_birth optional

Patient's date of birth in the format yyyy-mm-dd
gender optional

Gender of the patient. Valid options are 'male', 'female', or 'x'.
mobile_number optional

Patient's mobile number in the format +12223334444
send_welcome_email optional

Sends a welcome email to the patient upon successful creation. Defaults to true.
discount optional

Patient discount level (in percentage). This discount does not include the clinic discount. Defaults to 0.
metadata object

Metadata to be attached to the patient.
show child attributes
- id string or null
  
  Your system's unique patient identifier.

Update a patient

Updates a specific patient with the attributes that you pass in. Parameters not provided will remain unchanged.

Example Request

  
curl -X "PATCH" "https://api-us-snd.fullscript.io/api/clinic/patients/x1x0196x-5615-4874-xxe4-48x459180x09" \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX' \
  -d $'{
  "first_name": "Ben",
  "last_name": "Peters",
  "metadata": {
    "id": "9999-9999-9999"
  }
}'

Example Response

  
{
  "patient": {
    "id": "x1x0196x-5615-4874-xxe4-48x459180x09",
    "first_name": "Ben",
    "last_name": "Peters",
    "email": "patient@example.com",
    "archived": false,
    "date_of_birth": null,
    "gender": "female",
    "discount": 0,
    "total_discount": 0,
    "mobile_number": null,
    "text_message_notification": true,
    "metadata": {
      "id": "9999-9999-9999"
    }
  }
}

HTTP Request

PATCH https://api-us-snd.fullscript.io/api/clinic/patients/:id

Arguments

id required

Unique ID for the Patient
email optional

Unique Email for the Patient
first_name optional

Patient's first name
last_name optional

Patient's last name
date_of_birth optional

Patient's date of birth in the format yyyy-mm-dd
gender optional

Gender of the patient. Valid options are 'male', 'female', or 'x'.
mobile_number optional

Patient's mobile number in the format +12223334444
discount optional

Patient discount level (in percentage). This discount does not include the clinic discount. Defaults to 0.
metadata object

Metadata to be attached to the patient.
show child attributes
- id string or null
  
  Your system's unique patient identifier.

Search for patients

This resource allows you to search for patients by first_name, last_name, or by email.

Example Request

  
curl "https://api-us-snd.fullscript.io/api/clinic/search/patients?query=patient@example.com" \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'

Example Response

  
{
  "patients": [
    {
      "id": "x1x0196x-5615-4874-xxe4-48x459180x09",
      "first_name": "Example",
      "last_name": "Patient",
      "email": "patient@example.com",
      "archived": false
    }
  ],
  "meta": {
    "current_page": 1,
    "next_page": null,
    "prev_page": null,
    "total_pages": 1,
    "total_count": 1
  }
}

HTTP Request

GET https://api-us-snd.fullscript.io/api/clinic/search/patients

Arguments

query optional

Search for patients matching a query string.

Practitioners

The practitioner object contains a record of all available practitioners that belong to a clinic. The API allows you to create and update practitioners. It also allows you to list all practitioners and find individual practitioners.

Attributes

id string

Unique identifier of the practitioner.
practitioner_type_id string

Unique Identifier for the Practitioner's Type
first_name string

First name of the practitioner.
last_name string

Last name of the practitioner.
email string

Unique email of the practitioner. Practitioner emails in Fullscript are unique.
metadata object

Metadata that has been attached to the practitioner.
show child attributes
- id string
  
  Your system's unique practitioner identifier.

List all practitioners

This resource allows you to list all of a clinic's practitioners.

Example Request

  
curl "https://api-us-snd.fullscript.io/api/clinic/practitioners" \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'

Example Response

  
{
  "practitioners": [
    {
      "id": "8xx00x67-9684-4679-8x79-xx5fxx12327x",
      "first_name": "Doctor",
      "last_name": "Example",
      "email": "the_doctor@example.com",
      "practitioner_type_id": "xx55x681-5340-425x-x212-4954xxx92x7x",
      "metadata": {
        "id": "9999-9999-9999"
      }
    },
    {
      "id": "x1x0196x-5615-4874-xxx4-48x459180x09",
      "first_name": "Example",
      "last_name": "Practitioner",
      "email": "practitioner@example.com",
      "practitioner_type_id": "xx55x681-5340-425x-x212-4954xxx92x7x",
      "metadata": {
        "id": null
      }
    }
  ],
  "meta": {
    "current_page": 1,
    "next_page": null,
    "prev_page": null,
    "total_pages": 1,
    "total_count": 2
  }
}

HTTP Request

GET https://api-us-snd.fullscript.io/api/clinic/practitioners

Arguments

No arguments ...

Retrieve a practitioner

Retrieves an existing practitioner. You need to supply the unique ID for the practitioner.

Example Request

  
curl "https://api-us-snd.fullscript.io/api/clinic/practitioners/8xx00x67-9684-4679-8x79-xx5fxx12327x" \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'

Example Response

  
{
  "practitioner": {
    "id": "8xx00x67-9684-4679-8x79-xx5fxx12327x",
    "first_name": "Doctor",
    "last_name": "Example",
    "email": "the_doctor@example.com",
    "practitioner_type_id": "xx55x681-5340-425x-x212-4954xxx92x7x",
    "metadata": {
      "id": "9999-9999-9999"
    }
  }
}

HTTP Request

GET https://api-us-snd.fullscript.io/api/clinic/practitioners/:id

Arguments

id required

Unique ID for the Practitioner

Create a practitioner

Creates a new practitioner

Example Request

  
curl -X "POST" "https://api-us-snd.fullscript.io/api/clinic/practitioners" \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX' \
  -d $'{
  "first_name": "Another",
  "last_name": "Doctor",
  "email": "another_doctor@example.com",
  "practitioner_type_id": "xx55x681-5340-425x-x212-4954xxx92x7x",
  "metadata": {
    "id": "123"
  }
}'

Example Response

  
{
  "practitioner": {
    "id": "xx9598xx-x765-xxxx-81x8-847050x15x85",
    "first_name": "Another",
    "last_name": "Doctor",
    "email": "another_doctor@example.com",
    "practitioner_type_id": "xx55x681-5340-425x-x212-4954xxx92x7x",
    "metadata": {
      "id": "123"
    }
  }
}

HTTP Request

POST https://api-us-snd.fullscript.io/api/clinic/practitioners

Arguments

practitioner_type_id required

Unique Identifier for the Practitioner's Type
email required

Unique Email for the Practitioner
first_name required

Practitioner's first name
last_name required

Practitioner's last name
metadata object

Metadata to be attached to the practitioner.
show child attributes
- id string or null
  
  Your system's unique practitioner identifier.

Update a practitioner

Updates a specific practitioner with the attributes that you pass in. Parameters not provided will remain unchanged.

Example Request

  
curl -X "PATCH" "https://api-us-snd.fullscript.io/api/clinic/practitioners/8xx00x67-9684-4679-8x79-xx5fxx12327x" \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX' \
  -d $'{
  "first_name": "Doctor",
  "last_name": "Smith",
  "email": "dr_smith99@example.com",
  "metadata": {
    "id": "123"
  }
}'

Example Response

  
{
  "practitioner": {
    "id": "8xx00x67-9684-4679-8x79-xx5fxx12327x",
    "first_name": "Doctor",
    "last_name": "Smith",
    "email": "dr_smith99@example.com",
    "practitioner_type_id": "xx55x681-5340-425x-x212-4954xxx92x7x",
    "metadata": {
      "id": "123"
    }
  }
}

HTTP Request

PATCH https://api-us-snd.fullscript.io/api/clinic/practitioners/:id

Arguments

id required

Unique Identifier for the Practitioner
email

Unique Email for the Practitioner
first_name

Practitioner's first name
last_name

Practitioner's last name
metadata object

Metadata to be attached to the practitioner.
show child attributes
- id string or null
  
  Your system's unique practitioner identifier.

Protocols

The protocol object contains a record of all treatment plan protocols made by, shared with a practitioner or created by Fullscript. Protocols use a treatment plan as a template that can be re-used when writing prescriptions. Protocols were previously known as templates.

Attributes

id string

Unique identifier of the protocol.
name string

Name of the protocol.
current_state string

The state of the protocol, can be draft, active or cancelled.
practitioner hash

Practitioner who created the protocol.
show child attributes
- id string
  
  Unique identifier of the practitioner.
personal_message string

A personal message that a practitioner can attach to the protocol.
recommendations array

Rx plan for a product.
show child attributes
- variant_id string
  
  Unique ID for the Variant.
- quantity_recommended string
  
  Quantity (number of units) of variant to recommend.
- refill boolean
  
  Send refill reminders?
- dosage_amount string
  
  The dose to take. Expects numbers but can include a range or a fraction (e.g. 1, or 1-2, or 1/2 are all valid).
- dosage_frequency string
  
  The frequency with which to take the dose. This can be any of the following strings: once per day, twice per day, three times per day, four times per day, every morning, or every night.
- dosage_duration string
  
  The period for which to take the dose. This can be the number of days (e.g. 120 for 4 months) or it can be any of the following strings: as needed, until symptoms resolve, or ongoing.
- dosage_permutations string
  
  Extra instructions for taking dose (e.g. With meals).
- dosage_format string
  
  Format of the recommended dose. This can be any of the following strings: capsule, chewable, gel, liquid, lozenge, packet, pellet, powder, strip, suppository, or tablet.
ownership_type string

Specifies whether the protocol was created by, shared with the practitioner or created by Fullscript. This can be one of the following strings: owned, shared or fullscript.

Retrieve a protocol

Retrieves an existing protocol.

Example Request

  
curl "https://api-us-snd.fullscript.io/api/clinic/protocols/2x28xx67-x5xx-408x-8820-x5x00x617148" \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'

Example Response

  
{
  "protocol": {
    "id": "2x28xx67-x5xx-408x-8820-x5x00x617148",
    "name": "Cold and Flu Season",
    "current_state": "active",
    "practitioner": {
      "id": "8xx00x67-9684-4679-8x79-xx5fxx12327x"
    },
    "personal_message": "Take with a meal. Not on an empty stomach.",
    "recommendations": [
      {
        "variant_id": "xx2688x2-4303-4278-xx73-x7083x6146x1",
        "refill": false,
        "dosage_amount": "4",
        "dosage_frequency": "three times per day",
        "dosage_duration": null,
        "dosage_permutations": "with food",
        "dosage_format": "capsule",
        "quantity_recommended": 1
      }
    ]
  }
}

HTTP Request

GET https://api-us-snd.fullscript.io/api/clinic/protocols/:id

Arguments

id required

Unique identifier of the protocol.

List all practitioner protocols

The practitioner protocol object contains a record of all treatment plan protocols that belong to a practitioner.

Example Request

  
curl "https://api-us-snd.fullscript.io/api/clinic/practitioners/x1x0196x-5615-4874-xxx4-48x459180x09/protocols" \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'

Example Response

  
{
  "protocols": [
    {
      "id": "2x28xx67-x5xx-408x-8820-x5x00x617148",
      "name": "Cold and Flu Season",
      "current_state": "active",
      "ownership_type": "owned"
    }
  ],
  "meta": {
    "current_page": 1,
    "next_page": null,
    "prev_page": null,
    "total_pages": 1,
    "total_count": 1
  }
}

HTTP Request

GET https://api-us-snd.fullscript.io/api/clinic/practitioners/:practitioner_id/protocols

Arguments

practitioner_id required

Unique ID for the Practitioner
current_state optional

Takes an argument of active, draft or cancelled to return active, draft or cancelled protocols.
sort_by string

Accepts one of the following arguments: name or current_state.
order_by string

Ordering defaults to ASC and can take an argument of ASC or DESC.
ownership_type optional

Takes an argument of owned, shared or all to return only protocols created by the practitioner, only protocols shared with the practitioner, or both protocols created by and shared with the practitioner, respectively. If this argument is not included, only protocols created by the practitioner are returned.

List all Fullscript protocols

The Fullscript protocol object contains a list of all treatment plan protocols that have been created by Fullscript.

Example Request

  
curl "https://api-us-snd.fullscript.io/api/clinic/fullscript_protocols" \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'

Example Response

  
{
  "protocols": [
    {
      "id": "2x28xx67-x5xx-408x-8820-x5x00x617148",
      "name": "Cold and Flu Season",
      "current_state": "active",
      "ownership_type": "fullscript"
    }
  ],
  "meta": {
    "current_page": 1,
    "next_page": null,
    "prev_page": null,
    "total_pages": 1,
    "total_count": 1
  }
}

HTTP Request

GET https://api-us-snd.fullscript.io/api/clinic/fullscript_protocols

Arguments

sort_by string

Accepts a name argument.
order_by string

Can take an argument of ASC or DESC.

Staff

The staff object contains a record of all available staff members that belong to a clinic. The API allows you to create and update staff members. It also allows you to list all staff and find individual staff members.

Attributes

id string

Unique identifier of the staff member.
first_name string

First name of the staff member.
last_name string

Last name of the staff member.
email string

Unique email of the staff member. Staff emails in Fullscript are unique.
metadata object

Metadata that has been attached to the staff member.
show child attributes
- id string
  
  Your system's unique staff identifier.

List all staff

This resource allows you to list all of a clinic's staff.

Example Request

  
curl "https://api-us-snd.fullscript.io/api/clinic/staff" \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'

Example Response

  
{
  "staff": [
    {
      "id": "xxx00xx-000-xxxx-xxx1-xxx111x0x0x",
      "first_name": "Example",
      "last_name": "Staff",
      "email": "staff@example.com",
      "metadata": {
        "id": "9999-9999-9999"
      }
    },
    {
      "id": "xxx11xx-111-xxxx-xxx0-xxx000x1x1x",
      "first_name": "Other",
      "last_name": "Staff",
      "email": "other.staff@example.com",
      "metadata": {
        "id": null
      }
    }
  ],
  "meta": {
    "current_page": 1,
    "next_page": null,
    "prev_page": null,
    "total_pages": 1,
    "total_count": 2
  }
}

HTTP Request

GET https://api-us-snd.fullscript.io/api/clinic/staff

Arguments

No arguments ...

Retrieve a staff member

Retrieves an existing staff member. You need to supply the unique ID for the staff member.

Example Request

  
curl "https://api-us-snd.fullscript.io/api/clinic/staff/xxx00xx-000-xxxx-xxx1-xxx111x0x0x" \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'

Example Response

  
{
  "staff": {
    "id": "xxx00xx-000-xxxx-xxx1-xxx111x0x0x",
    "first_name": "Example",
    "last_name": "Staff",
    "email": "staff@example.com",
    "metadata": {
      "id": "9999-9999-9999"
    }
  }
}

HTTP Request

GET https://api-us-snd.fullscript.io/api/clinic/staff/:id

Arguments

id required

Unique ID for the staff member

Create a staff member

Creates a new staff member

Example Request

  
curl -X "POST" "https://api-us-snd.fullscript.io/api/clinic/staff" \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX' \
  -d $'{
  "first_name": "Example",
  "last_name": "Staff",
  "email": "example_staff@example.com",
  "metadata": {
    "id": "xx9598xx-x765-xxxx-81x8-846050x15x85"
  }
}'

Example Response

  
{
  "staff": {
    "id": "xx9598xx-x765-xxxx-81x8-846050x15x85",
    "first_name": "Example",
    "last_name": "Staff",
    "email": "example_staff@example.com",
    "metadata": {
      "id": "xx9598xx-x765-xxxx-81x8-846050x15x85"
    }
  }
}

HTTP Request

POST https://api-us-snd.fullscript.io/api/clinic/staff

Arguments

email required

Unique Email for the staff member
first_name required

Staff member's first name
last_name required

Staff member's last name
metadata object

Metadata to be attached to the staff member.
show child attributes
- id string or null
  
  Your system's unique staff identifier.

Update a staff member

Updates a specific staff member with the attributes that you pass in. Parameters not provided will remain unchanged.

Example Request

  
curl -X "PATCH" "https://api-us-snd.fullscript.io/api/clinic/staff/xxx00xx-000-xxxx-xxx1-xxx111x0x0x" \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX' \
  -d $'{
  "first_name": "Updated",
  "last_name": "Name",
  "email": "updatedemail@example.com",
  "metadata": {
    "id": "1234"
  }
}'

Example Response

  
{
  "staff": {
    "id": "xxx00xx-000-xxxx-xxx1-xxx111x0x0x",
    "first_name": "Updated",
    "last_name": "Name",
    "email": "updatedemail@example.com",
    "metadata": {
      "id": "1234"
    }
  }
}

HTTP Request

PATCH https://api-us-snd.fullscript.io/api/clinic/staff/:id

Arguments

id required

Unique Identifier for the staff member
email

Unique Email for the staff member
first_name

Staff member's first name
last_name

Staff member's last name
metadata object

Metadata to be attached to the staff member.
show child attributes
- id string or null
  
  Your system's unique staff identifier.

Templates
Deprecated

The template object contains a record of all treatment plan templates made by a practitioner. Templates use a treatment plan as a template that can be re-used when writing prescriptions. Templates are soon being deprecated and replaced with protocols.

Attributes

id string

Unique identifier of the template.
name string

Name of the template.
current_state string

The state of the template, can be draft, active or cancelled.
practitioner_id string

Unique identifier of the practitioner who made the template.
personal_message string

A personal message that a practitioner can attach to the template.
recommendations array

Rx plan for a product.
show child attributes
- variant_id string
  
  Unique ID for the Variant.
- quantity_recommended string
  
  Quantity (number of units) of variant to recommend.
- refill boolean
  
  Send refill reminders?
- dosage_amount string
  
  The dose to take. Expects numbers but can include a range or a fraction (e.g. 1, or 1-2, or 1/2 are all valid).
- dosage_frequency string
  
  The frequency with which to take the dose. This can be any of the following strings: once per day, twice per day, three times per day, four times per day, every morning, or every night.
- dosage_duration string
  
  The period for which to take the dose. This can be the number of days (e.g. 120 for 4 months) or it can be any of the following strings: as needed, until symptoms resolve, or ongoing.
- dosage_permutations string
  
  Extra instructions for taking dose (e.g. With meals).
- dosage_format string
  
  Format of the recommended dose. This can be any of the following strings: capsule, chewable, gel, liquid, lozenge, packet, pellet, powder, strip, suppository, or tablet.

Retrieve a template
Deprecated

Retrieves an existing template.

Example Request

  
curl "https://api-us-snd.fullscript.io/api/clinic/templates/2x28xx67-x5xx-408x-8820-x5x00x617148" \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'

Example Response

  
{
  "template": {
    "id": "2x28xx67-x5xx-408x-8820-x5x00x617148",
    "name": "Cold and Flu Season",
    "current_state": "active",
    "practitioner_id": "8xx00x67-9684-4679-8x79-xx5fxx12327x",
    "personal_message": "Take with a meal. Not on an empty stomach.",
    "recommendations": [
      {
        "variant_id": "xx2688x2-4303-4278-xx73-x7083x6146x1",
        "refill": false,
        "dosage_amount": "4",
        "dosage_frequency": "three times per day",
        "dosage_duration": null,
        "dosage_permutations": "with food",
        "dosage_format": "capsule",
        "quantity_recommended": 1
      }
    ]
  }
}

HTTP Request

GET https://api-us-snd.fullscript.io/api/clinic/templates/:id

Arguments

id required

Unique identifier of the Template.

List all practitioner templates
Deprecated

The practitioner template object contains a record of all treatment plan templates that belong to a practitioner.

Example Request

  
curl "https://api-us-snd.fullscript.io/api/clinic/practitioners/x1x0196x-5615-4874-xxx4-48x459180x09/templates" \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'

Example Response

  
{
  "templates": [
    {
      "id": "2x28xx67-x5xx-408x-8820-x5x00x617148",
      "name": "Cold and Flu Season",
      "current_state": "active"
    }
  ],
  "meta": {
    "current_page": 1,
    "next_page": null,
    "prev_page": null,
    "total_pages": 1,
    "total_count": 1
  }
}

HTTP Request

GET https://api-us-snd.fullscript.io/api/clinic/practitioners/:practitioner_id/templates

Arguments

practitioner_id required

Unique ID for the Practitioner

Treatment Plans

The treatment plan object is the way for practitioners create prescriptions in Fullscript. The API allows you to create treatment plans. It also allows you to list all treatment plans that belong to a patient and find individual treatment plans.

Attributes

id string

Unique ID for the treatment plan.
patient hash

Patient whom the treatment plan belongs to.
show child attributes
- id string
  
  Unique ID for the Patient.
practitioner hash

Practitioner who created the treatment plan.
show child attributes
- id string
  
  Unique identifier of the practitioner.
state string

The state of the treatment plan. It has 3 possible values draft, active or cancelled.
available_at string

The date when the treatment plan was sent to the patient either through an email or text message.
created_at date

Timestamp (in utc) when the Treatment Plan was created.
updated_at date

Timestamp (in utc) when the Treatment Plan was updated.
invitation_url string

Fullscript url for a patient to view their treatment plan.
personal_message string

A personal message that a practitioner can attach to the treatment plan.
recommendations array

Rx plan for a product.
show child attributes
- variant_id string
  
  Unique ID for the Variant.
- units_to_purchase string
  
  Quantity (number of units) of variant to recommend.
- refill boolean
  
  Send refill reminders?
- dosage hash
  
  Dosage information for the for the recommednation.
metadata object

Metadata that has been attached to the treatment_plan.
show child attributes
- id string
  
  Your system's unique treatment_plan identifier.

List all patient treatment plans

This resource allows you to list all of a patient's treatment plans.

Example Request

  
curl "https://api-us-snd.fullscript.io/api/clinic/patients/x1x0196x-5615-4874-xxe4-48x459180x09/treatment_plans" \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'

Example Response

  
{
  "treatment_plans": [
    {
      "id": "xx45x0xx-x840-41xx-9922-98xx6001507x",
      "state": "active",
      "patient": {
        "id": "x1x0196x-5615-4874-xxe4-48x459180x09"
      },
      "practitioner": {
        "id": "x1x0196x-5615-4874-xxx4-48x459180x09"
      },
      "available_at": "2018-03-02",
      "created_at": "2020-01-01T05:00:00.000Z",
      "updated_at": "2020-01-01T05:00:00.000Z"
    },
    {
      "id": "x1x01x6x-5615-4874-xxx4-48x459180x09",
      "state": "active",
      "patient": {
        "id": "x1x0196x-5615-4874-xxe4-48x459180x09"
      },
      "practitioner": {
        "id": "x1x0196x-5615-4874-xxx4-48x459180x09"
      },
      "available_at": "2020-01-01",
      "created_at": "2020-01-01T05:00:00.000Z",
      "updated_at": "2020-01-01T05:00:00.000Z"
    }
  ],
  "meta": {
    "current_page": 1,
    "next_page": null,
    "prev_page": null,
    "total_pages": 1,
    "total_count": 2
  }
}

HTTP Request

GET https://api-us-snd.fullscript.io/api/clinic/patients/:patient_id/treatment_plans

Arguments

patient_id required

Unique ID for the Patient
sort_by string

Accepts one of the following arguments: created_at or updated_at.
order_by string

Ordering defaults to ASC and can take an argument of ASC or DESC.

Create a patient treatment plan

Creates a new Treatment Plan for a patient.

Example Request

  
curl -X "POST" "https://api-us-snd.fullscript.io/api/clinic/patients/x1x0196x-5615-4874-xxe4-48x459180x09/treatment_plans" \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX' \
  -d $'{
  "practitioner_id": "x1x0196x-5615-4874-xxx4-48x459180x09",
  "personal_message": "Take with a meal. Not on an empty stomach. Try to take this at the same time every day for best results.",
  "metadata": {
    "id": "123"
  },
  "recommendations": [
    {
      "variant_id": "xx2688x2-4303-4278-xx73-x7083x6146x1",
      "refill": "true",
      "units_to_purchase": "1",
      "dosage": {
        "amount": "1-2",
        "frequency": "once per day",
        "duration": "as needed",
        "format": "capsule",
        "additional_info": "with food"
      }
    }
  ]
}'

Example Response

  
{
  "treatment_plan": {
    "id": "70x0x171-xxxx-4xx8-xxx6-79391x5xx8xx",
    "state": "active",
    "patient": {
      "id": "x1x0196x-5615-4874-xxe4-48x459180x09"
    },
    "practitioner": {
      "id": "x1x0196x-5615-4874-xxx4-48x459180x09"
    },
    "available_at": "2018-04-11",
    "created_at": "2020-01-01T05:00:00.000Z",
    "updated_at": "2020-01-01T05:00:00.000Z",
    "invitation_url": "https://fullscript.io/welcome/drexample/999999xxxxx",
    "recommendations": [
      {
        "variant_id": "xx2688x2-4303-4278-xx73-x7083x6146x1",
        "refill": true,
        "units_to_purchase": 1,
        "dosage": {
          "amount": "1-2",
          "frequency": "once per day",
          "duration": "as needed",
          "format": "capsule",
          "additional_info": "with food"
        }
      }
    ],
    "personal_message": "Take with a meal. Not on an empty stomach. Try to take this at the same time every day for best results.",
    "metadata": {
      "id": "123"
    }
  }
}

HTTP Request

POST https://api-us-snd.fullscript.io/api/clinic/patients/:patient_id/treatment_plans

Arguments

patient_id required

Unique ID for the Patient.
practitioner_id

Unique practitioner ID. Required if the current access token's resource owner type is Staff or Clinic. Otherwise defaults to the practitioner who owns the token, but can be specified to create the plan on behalf of a different practitioner.
personal_message

A personal message that a practitioner can attach to the treatment plan.
state

The state of the treatment plan. Takes an option of draft or active. Defaults to active if null. The value draft allows to create a draft treatment plan. The value active or null creates an active treatment plan.
recommendations required array

Rx plan for a product.
show child attributes
- variant_id required
  
  Unique ID for the Variant.
- units_to_purchase required
  
  Quantity (number of units) of variant to recommend.
- refill defaults to true
  
  Send refill reminders?
- dosage object
  
  Dosage information for the for the recommednation.
metadata object

Metadata to be attached to the treatment_plan.
show child attributes
- id string or null
  
  Your system's unique treatment_plan identifier.

Retrieve a treatment plan

Retrieves an existing treatment plan. You need to supply the unique ID for the treatment plan.

Example Request

  
curl "https://api-us-snd.fullscript.io/api/clinic/treatment_plans/xx45x0xx-x840-41xx-9922-98xx6001507x" \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'

Example Response

  
{
  "treatment_plan": {
    "id": "xx45x0xx-x840-41xx-9922-98xx6001507x",
    "state": "active",
    "patient": {
      "id": "x1x0196x-5615-4874-xxe4-48x459180x09"
    },
    "practitioner": {
      "id": "x1x0196x-5615-4874-xxx4-48x459180x09"
    },
    "available_at": "2018-03-02",
    "created_at": "2020-01-01T05:00:00.000Z",
    "updated_at": "2020-01-01T05:00:00.000Z",
    "invitation_url": "https://fullscript.io/welcome/drexample/999999xxxxx",
    "recommendations": [
      {
        "variant_id": "xx2688x2-4303-4278-xx73-x7083x6146x1",
        "refill": false,
        "units_to_purchase": 10,
        "dosage": {
          "amount": "1-2",
          "frequency": "once per day",
          "duration": null,
          "format": "capsule",
          "additional_info": "with food"
        }
      }
    ],
    "personal_message": null,
    "metadata": {
      "id": "9999-9999-9999"
    }
  }
}

HTTP Request

GET https://api-us-snd.fullscript.io/api/clinic/treatment_plans/:id

Arguments

id required

Unique ID for the Treatment Plan

Update a treatment plan

Updates a Treatment Plan for a patient.

Example Request

  
curl -X "PATCH" "https://api-us-snd.fullscript.io/api/clinic/treatment_plans/xx45x0xx-x840-41xx-9922-98xx6001507x" \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX' \
  -d $'{
  "personal_message": "Take with a meal. Not on an empty stomach.",
  "metadata": {
    "id": "9999-9999-9999"
  },
  "recommendations": [
    {
      "variant_id": "xx2688x2-4303-4278-xx73-x7083x6146x1",
      "refill": "true",
      "units_to_purchase": "1",
      "dosage": {
        "amount": "1-2",
        "frequency": "once per day",
        "duration": "as needed",
        "format": "capsule",
        "additional_info": "with food"
      }
    }
  ]
}'

Example Response

  
{
  "treatment_plan": {
    "id": "xx45x0xx-x840-41xx-9922-98xx6001507x",
    "state": "active",
    "patient": {
      "id": "x1x0196x-5615-4874-xxe4-48x459180x09"
    },
    "practitioner": {
      "id": "x1x0196x-5615-4874-xxx4-48x459180x09"
    },
    "available_at": "2018-03-02",
    "created_at": "2020-01-01T05:00:00.000Z",
    "updated_at": "2020-01-01T05:00:00.000Z",
    "invitation_url": "https://fullscript.io/welcome/drexample/999999xxxxx",
    "recommendations": [
      {
        "variant_id": "xx2688x2-4303-4278-xx73-x7083x6146x1",
        "refill": false,
        "units_to_purchase": 1,
        "dosage": {
          "amount": "1-2",
          "frequency": "once per day",
          "duration": "as needed",
          "format": "capsule",
          "additional_info": "with food"
        }
      }
    ],
    "personal_message": "Take with a meal. Not on an empty stomach.",
    "metadata": {
      "id": "9999-9999-9999"
    }
  }
}

HTTP Request

PATCH https://api-us-snd.fullscript.io/api/clinic/treatment_plans/:id

Arguments

id required

Unique ID for the Treatment plan.
personal_message

A personal message that a practitioner can attach to the treatment plan.
recommendations required array

Rx plan for a product.
show child attributes
- variant_id required
  
  Unique ID for the Variant.
- units_to_purchase required
  
  Quantity (number of units) of variant to recommend.
- refill defaults to true
  
  Send refill reminders?
- dosage object
  
  Dosage information for the for the recommednation.
metadata object

Metadata to be attached to the treatment_plan.
show child attributes
- id string or null
  
  Your system's unique treatment_plan identifier.

Cancel a treatment plan

Cancels an active Treatment Plan for a patient.

Example Request

  
curl -X "PATCH" "https://api-us-snd.fullscript.io/api/clinic/treatment_plans/xx45x0xx-x840-41xx-9922-98xx6001507x/cancel" \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'

Example Response

  
{
  "treatment_plan": {
    "id": "xx45x0xx-x840-41xx-9922-98xx6001507x",
    "state": "cancelled",
    "patient": {
      "id": "x1x0196x-5615-4874-xxe4-48x459180x09"
    },
    "practitioner": {
      "id": "x1x0196x-5615-4874-xxx4-48x459180x09"
    },
    "available_at": "2018-03-02",
    "created_at": "2020-01-01T05:00:00.000Z",
    "updated_at": "2020-01-01T05:00:00.000Z",
    "invitation_url": "https://fullscript.io/welcome/drexample/999999xxxxx",
    "recommendations": [

    ],
    "personal_message": null,
    "metadata": {
      "id": null
    }
  }
}

HTTP Request

PATCH https://api-us-snd.fullscript.io/api/clinic/treatment_plans/:treatment_plan_id/cancel

Arguments

treatment_plan_id required

Unique ID for the Treatment plan.

Activate a treatment plan

Activates a draft Treatment Plan for a patient.

Example Request

  
curl -X "PATCH" "https://api-us-snd.fullscript.io/api/clinic/treatment_plans/xx45x0xx-x840-41xx-9922-98xx6001507x/activate" \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'

Example Response

  
{
  "treatment_plan": {
    "id": "xx45x0xx-x840-41xx-9922-98xx6001507x",
    "state": "active",
    "patient": {
      "id": "x1x0196x-5615-4874-xxe4-48x459180x09"
    },
    "practitioner": {
      "id": "x1x0196x-5615-4874-xxx4-48x459180x09"
    },
    "available_at": "2018-03-02",
    "created_at": "2020-01-01T05:00:00.000Z",
    "updated_at": "2020-01-01T05:00:00.000Z",
    "invitation_url": "https://fullscript.io/welcome/drexample/999999xxxxx",
    "recommendations": [
      {
        "variant_id": "xx2688x2-4303-4278-xx73-x7083x6146x1",
        "refill": false,
        "units_to_purchase": 10,
        "dosage": {
          "amount": "1-2",
          "frequency": "once per day",
          "duration": null,
          "format": "capsule",
          "additional_info": "with food"
        }
      }
    ],
    "personal_message": null,
    "metadata": {
      "id": null
    }
  }
}

HTTP Request

PATCH https://api-us-snd.fullscript.io/api/clinic/treatment_plans/:treatment_plan_id/activate

Arguments

treatment_plan_id required

Unique ID for the Treatment plan.

Create an in-office checkout

The in_office_checkout object takes a treatment_plan. It uses the patient from the treatment_plan to:

a) clear out anything in the patient's cart.

b) populate the patient's cart with the treatment plan.

c) return a url on Fullscript so that a practitioner can fullfill an in-office checkout.

Example Request

  
curl -X "POST" "https://api-us-snd.fullscript.io/api/clinic/treatment_plans/70x0x171-xxxx-4xx8-xxx6-79391x5xx8xx/in_office_checkout" \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'

Example Response

  
{
  "in_office_checkout": {
    "url": "https://fullscript.io/o/patients/11/checkout"
  }
}

HTTP Request

POST https://api-us-snd.fullscript.io/api/clinic/treatment_plans/:treatment_plan_id/in_office_checkout

Arguments

treatment_plan_id required

Unique ID for the Treatment Plan

Metadata

Metadata allows you to update specific objects in Fullscript with an ID of your choosing. Currently we support updating Patient, Practitioner, Staff, and TreatmentPlan objects with metadata.

Metadata is useful for storing identifiers from your system into Fullscript — making it easier to link up users from your system into ours. For example, you could use metadata to attach your system's user ID to a Practitioner or Patient. Then using the metadata endpoint you can retrieve that same object using the ID's from your system.

Attributes

id string

Your system's identifier.
type string

The type of object. Can be one of patient, practitioner, staff, or treatment_plan.
data patient | practitioner | staff | treatment_plan

The object from the Fullscript system will be populated here.

Find objects

To look up objects by your system's identifier. The object type and ID can be provided to filter results.

Example Request

  
curl "https://api-us-snd.fullscript.io/api/clinic/metadata?id=9999-9999-9999&type=patient" \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'

Example Response

  
{
  "metadata": [
    {
      "id": "9999-9999-9999",
      "type": "patient",
      "data": {
        "id": "x1x0196x-5615-4874-xxe4-48x459180x09",
        "first_name": "Example",
        "last_name": "Patient",
        "email": "patient@example.com",
        "archived": false,
        "date_of_birth": null,
        "gender": null,
        "discount": 0,
        "total_discount": 0,
        "mobile_number": null,
        "text_message_notification": true,
        "metadata": {
          "id": "9999-9999-9999"
        }
      }
    }
  ],
  "meta": {
    "current_page": 1,
    "next_page": null,
    "prev_page": null,
    "total_pages": 1,
    "total_count": 1
  }
}

HTTP Request

GET https://api-us-snd.fullscript.io/api/clinic/metadata

Arguments

id

Your system's identifier.
type patient | practitioner | staff | treatment_plan

The type of object. Can be one of patient, practitioner, staff, or treatment_plan.

Events

Events allow your integration to stay informed with what’s happening on Fullscript. Let’s say one of your clinics updates a patient, or creates a treatment plan. In each case an Event will be created which allows you to take action if need be.

This Event has all of the relevant information about what just happened. It includes the event's type (say treatment_plan.created) and any relevant data to that event.

Note that we only keep a record of events for the past 30 days.

Also know that events are never created for actions made through the API. We assume that, since you initiated the event, you already know about it! 😀

Attributes

id string

Unique identifier of the event.
type string

The type of event that was created.
created_at datetime

Timestamp (in utc) when the event was created.
clinic_id string

Unique identifier of the clinic that this event is scoped to (if applicable).
data object

The data attribute holds all the information for the event's object (if applicable). For example, when retrieving a patient.created event, the data attribute will have a complete patient object nested inside.

Retrieve an Event

This endpoint retrieves details from an Event. Note that event's can only be retrieved if they were made within the last 30 days.

Example Request

  
curl "https://api-us-snd.fullscript.io/api/events/99x67086-x10x-11x8-8x83-186590xxx6x1" \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'

Example Response

  
{
  "event": {
    "id": "99x67086-x10x-11x8-8x83-186590xxx6x1",
    "type": "treatment_plan.created",
    "created_at": "2018-10-17T04:00:00.000Z",
    "clinic_id": "xx7x357x-9x36-xxxx-x553-7x3xx398xxx",
    "data": {
      "treatment_plan": {
        "id": "99x67086-x10x-11x8-8x83-186590xxx6x1",
        "state": "active",
        "patient": {
          "id": "99x67086-x10x-11x8-8x83-186590xxx6x1"
        },
        "practitioner": {
          "id": "99x67086-x10x-11x8-8x83-186590xxx6x1"
        },
        "available_at": "2018-10-16T04:00:00.000Z",
        "recommendations": [
          {
            "variant_id": "xx2688x2-4303-4278-xx73-x7083x6146x1",
            "refill": false,
            "units_to_purchase": 10,
            "dosage": {
              "recommended_amount": "1-2",
              "recommended_frequency": "once per day",
              "recommended_duration": null,
              "format": "capsule",
              "additional_info": "with food"
            }
          }
        ]
      }
    }
  }
}

HTTP Request

GET https://api-us-snd.fullscript.io/api/events/:id

Arguments

id required string

Unique identifier of the Event

List All ClinicKey Events

This endpoint lists all clinic_key events from the last 30 days.

A clinic_key.revoked event happens when a clinic revokes access to your integration.
A clinic_key.activated event happens when the first request is made through the API with a valid X-FS-Clinic-Key—activating the integration.

Example Request

  
curl "https://api-us-snd.fullscript.io/api/events/clinic_keys" \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'

Example Response

  
{
  "events": [
    {
      "id": "3x302630-xx40-11x8-xxx3-186590xxx6b1",
      "type": "clinic_key.activated",
      "created_at": "2018-10-16T04:00:00.000Z",
      "clinic_id": "xx7x357x-9x36-xxxx-x553-7x3xx398xxx"
    }
  ],
  "meta": {
    "current_page": 1,
    "next_page": null,
    "prev_page": null,
    "total_pages": 1,
    "total_count": 1
  }
}

HTTP Request

GET https://api-us-snd.fullscript.io/api/events/clinic_keys

Arguments

created_at date

Filter by created_at date. The date must be formatted as follows yyyy-mm-dd.
show child attributes
- less than string
  
  Return events where the created_at date is less than. <yyyy-mm-dd.
- greater than string
  
  Return events where the created_at date is greater than. >yyyy-mm-dd.
- within a range string
  
  Return events where the created_at date is within a range. yyyy-mm-dd..yyyy-mm-dd.
event_type string

Filter events by event_type.
sort_by string

Accepts one of the following arguments: event_type created_at.
order_by string

Ordering defaults to ASC and can take an argument of ASC or DESC.

List All Patient Events

This endpoint lists all patient events from the last 30 days.

A patient.created event happens when a patient is created.
A patient.updated event happens when a patient is updated.

Example Request

  
curl "https://api-us-snd.fullscript.io/api/events/patients" \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'

Example Response

  
{
  "events": [
    {
      "id": "84562974-4x0x-1128-3x3x-1x86x5x836x2",
      "type": "patient.created",
      "created_at": "2018-10-16T04:00:00.000Z",
      "clinic_id": "xx7x357x-9x36-xxxx-x553-7x3xx398xxx"
    }
  ],
  "meta": {
    "current_page": 1,
    "next_page": null,
    "prev_page": null,
    "total_pages": 1,
    "total_count": 1
  }
}

HTTP Request

GET https://api-us-snd.fullscript.io/api/events/patients

Arguments

created_at date

Filter by created_at date. The date must be formatted as follows yyyy-mm-dd.
show child attributes
- less than string
  
  Return events where the created_at date is less than. <yyyy-mm-dd.
- greater than string
  
  Return events where the created_at date is greater than. >yyyy-mm-dd.
- within a range string
  
  Return events where the created_at date is within a range. yyyy-mm-dd..yyyy-mm-dd.
event_type string

Filter events by event_type.
sort_by string

Accepts one of the following arguments: event_type created_at.
order_by string

Ordering defaults to ASC and can take an argument of ASC or DESC.

List All TreatmentPlan Events

This endpoint lists all treatment_plan events from the last 30 days.

A treatment_plan.created event happens when a Treatment Plan is created.
A treatmen_plan.updated event happens when a Treatment Plan is updated.
A treatmen_plan.recommendation.updated event happens when a Treatment Plan's recommendation is updated.

Example Request

  
curl "https://api-us-snd.fullscript.io/api/events/treatment_plans" \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'

Example Response

  
{
  "events": [
    {
      "id": "58xx7520-xx46-11x8-x099-186590xxxxx1",
      "type": "treatment_plan.recommendation.updated",
      "created_at": "2018-10-16T04:00:00.000Z",
      "clinic_id": "xx7x357x-9x36-xxxx-x553-7x3xx398xxx"
    }
  ],
  "meta": {
    "current_page": 1,
    "next_page": null,
    "prev_page": null,
    "total_pages": 1,
    "total_count": 1
  }
}

HTTP Request

GET https://api-us-snd.fullscript.io/api/events/treatment_plans

Arguments

created_at date

Filter by created_at date. The date must be formatted as follows yyyy-mm-dd.
show child attributes
- less than string
  
  Return events where the created_at date is less than. <yyyy-mm-dd.
- greater than string
  
  Return events where the created_at date is greater than. >yyyy-mm-dd.
- within a range string
  
  Return events where the created_at date is within a range. yyyy-mm-dd..yyyy-mm-dd.
event_type string

Filter events by event_type.
sort_by string

Accepts one of the following arguments: event_type created_at.
order_by string

Ordering defaults to ASC and can take an argument of ASC or DESC.

List All Order Events

This endpoint lists all order events from the last 30 days.

An order.placed event happens when an order has been placed.

Example Request

  
curl "https://api-us-snd.fullscript.io/api/events/orders" \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'

Example Response

  
{
  "events": [
    {
      "id": "84562974-4x0x-1128-3x3x-1x86x5x836x2",
      "type": "order.placed",
      "created_at": "2018-10-16T04:00:00.000Z",
      "clinic_id": "xx7x357x-9x36-xxxx-x553-7x3xx398xxx"
    }
  ],
  "meta": {
    "current_page": 1,
    "next_page": null,
    "prev_page": null,
    "total_pages": 1,
    "total_count": 1
  }
}

HTTP Request

GET https://api-us-snd.fullscript.io/api/events/orders

Arguments

created_at date

Filter by created_at date. The date must be formatted as follows yyyy-mm-dd.
show child attributes
- less than string
  
  Return events where the created_at date is less than. <yyyy-mm-dd.
- greater than string
  
  Return events where the created_at date is greater than. >yyyy-mm-dd.
- within a range string
  
  Return events where the created_at date is within a range. yyyy-mm-dd..yyyy-mm-dd.
event_type string

Filter events by event_type.
sort_by string

Accepts one of the following arguments: event_type created_at.
order_by string

Ordering defaults to ASC and can take an argument of ASC or DESC.

List All Product Events

This endpoint lists all product events from the last 30 days.

A product.created event happens when a product is created.
A product.updated event happens when a product or one of its variants is updated.
A product.description.updated event happens when a product's description is updated.

Example Request

  
curl "https://api-us-snd.fullscript.io/api/events/products" \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'

Example Response

  
{
  "events": [
    {
      "id": "84562974-4x0x-1128-3x3x-1x86x5x836x2",
      "type": "product.created",
      "created_at": "2018-10-16T04:00:00.000Z"
    }
  ],
  "meta": {
    "current_page": 1,
    "next_page": null,
    "prev_page": null,
    "total_pages": 1,
    "total_count": 1
  }
}

HTTP Request

GET https://api-us-snd.fullscript.io/api/events/products

Arguments

created_at date

Filter by created_at date. The date must be formatted as follows yyyy-mm-dd.
show child attributes
- less than string
  
  Return events where the created_at date is less than. <yyyy-mm-dd.
- greater than string
  
  Return events where the created_at date is greater than. >yyyy-mm-dd.
- within a range string
  
  Return events where the created_at date is within a range. yyyy-mm-dd..yyyy-mm-dd.
event_type string

Filter events by event_type.
sort_by string

Accepts one of the following arguments: event_type created_at.
order_by string

Ordering defaults to ASC and can take an argument of ASC or DESC.

Webhooks

Webhooks allow your application to stay informed with what’s happening on Fullscript. You can subscribe to events and be notified when they happen. Let’s say one of your clinics updates a patient or creates a treatment plan; webhooks allow you to know about those events and take action if needed.

Using webhooks

You can register a single webhook URL through the API Dashboard App and subscribe to multiple event types.

When the event occurs—say a treatment plan is created, a patient is updated, or a clinic key is revoked, etc.—Fullscript creates an Event. This Event contains all the relevant information about what just happened. It includes the event's type (ex: treatment_plan.created) and any relevant data to that event.

Once the event is created, Fullscript will send out a payload with the event data via an HTTP POST request to the webhook url that you defined in your account. Note that we only send events to a single endpoint per environment.

Setting up webhooks

Webhooks are configured through the API Dashboard App. For each environment that you have setup, you can enter a URL to receive events. This should be a dedicated URL on your server that is setup to receive webhook notifications.

All urls need to use HTTPS. We will validate that your connection is secure and HIPAA compliant before sending any webhook data. For this to work, your server needs to be setup to support HTTPS with a valid certificate.

Responding to a webhook

To acknowledge that you received a webhook notification, your endpoint needs to respond with either a 200 or 201 HTTP status code. Any response codes outside of this range will tell us that the webhook has not been received and will be treated as a failure.

Your endpoint's body must also respond with your challenge token (available in the API Dashboard App). This is a security measure to ensure that you own the url in question and it hasn't been hijacked. A successful response could look something like this:

HTTP 200 OK Content-type: application/json { "challenge": "your-secret-challenge-token" }

We will attempt to deliver your webhooks up to 6 times with exponential back off. Webhooks cannot manually be retried, however you can make a query to the events endpoint to reconcile data in case of any missed events.

We will attempt to send event deliveries in order, however that is not a guarantee. We will also attempt to deliver webhooks within 30 minutes from when the event was created. In most cases however, this should be close to instantaneous.

The webhook deliveries endpoint has all the information you need to check how many times we’ve attempted to deliver an event, what the response received was, the status code, and other relevant information.

Time-outs

We set aggressive time-outs for webhook deliveries. If you have to do a bunch of complex logic with the event data, or need to make network requests, it’s possible that the delivery attempt will time-out before we receive a 2xx HTTP status code. To mitigate this, you may want to respond immediately with a 2xx HTTP status code, and then perform your complex logic afterwards.

Handling multiple clinics and integrations

Each event payload comes with both a clinic_id and an integration_id (if relevant). The clinic key is the unique identifier for the clinic. Any clinic events (patient, practitioner, treatment plan, etc.) will be scoped to that clinic through the clinic_id.

Because it's possible for clinics to have multiple integrations enabled, the exact same events will be sent for each integration that a clinic has enabled with you. To mitigate unwanted duplication of events, the integration has to be activated before any webhook events will be sent. This means that it’s been used as least once with a valid X-FS-Clinic-Key and the key has not been revoked. The integration_id allows you to scope events to the relevant integration that is enabled.

Both the clinic_id and integration_id can be retrieved through the API at the clinic endpoint.

Multiple failures

In some circumstances we will disable your endpoint and stop trying to deliver events to it. This can happen when: we receive a 410 HTTP status code or if the delivery attempts are consistently failing for more than 24 hours. In that case your webhook endpoint may be disabled and we will no longer send events to that url.

Re-enabling a disabled webhook can be done through the API Dashboard App once you have resolved the issues.

You can see the status (both failed and successful delivery attempts) through the webhook deliveries endpoint.

Webhook versioning

Webhook events follow the same logic as our versioning scheme in the API and it respects the patch_version that you’re on.

Webhooks Security

Checking the `Fullscript-Signature` header

Fullscript sends a header in the webhook request that can be used in conjunction with your Webhook Secret Key to verify the payload. Here is an example of the header:

Fullscript-Signature: t=1591826856,v1=0c262932b0ac6b4952e2fe24fdf419313984a66f6f442e0b8ec4cb87f2a107ad

This represents the format: t=<timestamp>,v1=<signature>

The signature is generated using a hash-based message authentication code (HMAC) with SHA-256. This hash is generated using 3 things:

A UTC timestamp
The request_body (The POST message's JSON payload string)
Your Webhook Secret Key

The timestamp and request_body are combined to create the payload provided to the hash function. The Webhook Secret Key is used as the key. The same hash can be computed and compared to the signature to verify the request.

To recompute and compare the hash, follow these steps:

Extract the timestamp and signature from the header.
Create the payload by combining the timestamp and request_body with a single .

Example: payload = '1591826856.{"event":{...<more_json>}}'

Compute an HMAC with the SHA256 hash function. Use the Webhook Secret Key as the key. Use the payload string as the message.
Compare the result with the signature.
If they match, the request payload is legitimate.

Note: The timestamp is generated directly before we send the payload. It is included in the hash payload in order to help prevent replay attacks. We recommend using this to verify the age of a request with a reasonable tolerance. 5 minutes is usually a good default.

Attributes

id string

Unique identifier of the delivery.
attempt_number integer

Number of attempts that were made for this event.
attempted_at datetime

Timestamp (in utc) when the delivery was attempted.
previous_attempt_at datetime

Timestamp (in utc) when the previous delivery was attempted (if any).
next_attempt_at datetime

Timestamp (in utc) when the next delivery attempt was scheduled (if any).
successfully_delivered boolean

true or false of whether the event has been successfully delivered.
response_body string

The response body that we received from your server.
response_header string

The header that we received from your server.
response_status integer

The http status code that we received from your server.
response_ip_address string

The IP address that we received from your server.
response_errors string

Any error messages that we received while attempting to deliver to your server.
event_payload object

The event object.
show child attributes
- id string
  
  Unique identifier of the event.
- type string
  
  The event's type.
- created_at datetime
  
  Timestamp (in utc) when the event was created.
- clinic_id string
  
  Unique identifier of the event's clinic that this event belongs to.
- integration_id string
  
  Unique identifier of the integration that this event is from (if relevant).
- data string
  
  The event's payload.

List All Webhook Deliveries

This endpoint lists all webhook_deliveries from the last 30 days.

Example Request

  
curl "https://api-us-snd.fullscript.io/api/webhooks/deliveries" \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'

Example Response

  
{
  "webhook_deliveries": [
    {
      "id": "3x0x2147-6x82-49xx-9x59-621xx87x40x2",
      "attempt_number": 1,
      "attempted_at": "2018-10-16T04:01:00.000Z",
      "previous_attempt_at": null,
      "next_attempt_at": null,
      "successfully_delivered": false,
      "response_body": "{\"challenge\"=>\"my-secret-challenge-token\"}",
      "response_header": "{\"Content-type\"=>\"application/json\"}",
      "response_status": 200,
      "response_ip_address": "127.0.0.1",
      "response_errors": null,
      "event_payload": {
        "event": {
          "id": "x5xxxxx8-92x7-4xxx-9x0x-345x404x94x1",
          "type": "patient.updated",
          "created_at": "2018-10-16T04:00:00.000Z",
          "clinic_id": "xx7x357x-9x36-xxxx-x553-7x3xx398xxx",
          "data": {
            "patient": {
              "id": "x1x0196x-5615-4874-xxe4-48x459180x09",
              "first_name": "Example",
              "last_name": "Patient",
              "email": "patient@example.com",
              "date_of_birth": null,
              "gender": null,
              "discount": 0,
              "total_discount": 0,
              "mobile_number": null,
              "text_message_notification": true
            }
          },
          "integration_id": "x1x27xxx-x9x9-49x6-xx62-107x7x051874"
        }
      }
    }
  ],
  "meta": {
    "current_page": 1,
    "next_page": null,
    "prev_page": null,
    "total_pages": 1,
    "total_count": 1
  }
}

HTTP Request

GET https://api-us-snd.fullscript.io/api/webhooks/deliveries

Arguments

attempted_at date

Filter by attempted_at date. The date must be formatted as follows yyyy-mm-dd.
show child attributes
- less than string
  
  Return webhook deliveries where the attempted_at date is less than. <yyyy-mm-dd.
- greater than string
  
  Return webhook deliveries where the attempted_at date is greater than. >yyyy-mm-dd.
- within a range string
  
  Return webhook deliveries where the attempted_at date is within a range. yyyy-mm-dd..yyyy-mm-dd.
event_id string

Filter webhook deliveries by event_id.
successfully_delivered string

Filter webhook deliveries by whether they have been successfully delivered or not. Accepts a string of true or false
sort_by string

Accepts one of the following arguments: event_id attempted_at.
order_by string

Ordering defaults to ASC and can take an argument of ASC or DESC.

Fullscript API Reference

Root URLs

🇺🇸 U.S. Production

🇨🇦 Canada Production

💡🇺🇸 U.S. Sandbox (Testing)

💡🇨🇦 Canada Sandbox (Testing)

OAuth Authentication

Getting started

Scopes

OAuth Flow

1. Users grant access

🇺🇸 U.S. Sandbox (testing)

🇺🇸 U.S. Production

🇨🇦 Canada Sandbox (testing)

🇨🇦 Canada Production

2. Redirect back to your app

3. Token exchange (the OAuth dance)

Request an Authorization Code

Query Parameters

OAuth Token

Attributes

access_token string

token_type string

expires_in string

refresh_token string

scope string

resource_owner hash

id string

type string

created_at string

Create an OAuth Token

HTTP Request

Arguments

client_id required

client_secret required

redirect_uri required

grant_type required

code required

refresh_token required

Revoke an OAuth Token

HTTP Request

Arguments

client_id required

client_secret required

token required

Quick Integration

Dynamic link

Attributes

redirect_url string

treatment_plan hash

id string

state string

available_at string

patient hash

id string

first_name string

last_name string

email string

archived boolean

date_of_birth string

gender string

discount number

total_discount number

mobile_number string

text_message_notification boolean

Retrieve a Treatment Plan Link

HTTP Request

Arguments

id required

Retrieve a new Treatment Plan link

HTTP Request

Arguments

Create a Draft Treatment Plan Link

HTTP Request

Arguments

treatment_plan required object

practitioner_id required

patient object

email

first_name