When a resource is saved/deleted/signed off, an HTTP/POST request is sent to your target URL.

The target URL should accept a JSON string in the POST body of the request.

The content of the POST will look as follow:

{
  "data": {...}, // The object (definition will change per resources)
  "action": "saved", // Actions available: saved, deleted
  "event_id": 1234, // The event id to reference this request
  "event_uuid": "019078c0-4f3a-7abc-9def-0123456789ab", // UUID7 identifier for this event
  "application_id": 12345, // The client id of the oauth2 application
  "resource": "patients", // The resource for this object.
  "resource_url": null // Optional URL to retrieve the resource payload
}

Field	Type	Description
`data`	object	The resource object. The definition varies per resource type.
`action`	string	The type of action that triggered the event. Available values: `saved`, `deleted`.
`event_id`	integer	The event id to reference this request.
`event_uuid`	string	A UUID7 identifier for this event. This field is being introduced as part of a future migration and will eventually replace `event_id`.
`application_id`	integer	The client id of the OAuth2 application.
`resource`	string	The resource type for this object (e.g. `patients`, `appointments`).
`resource_url`	string \| null	An optional URL to retrieve the full resource payload. This will be provided in the future for resources with very large payloads as an alternative to embedding the full object in `data`. When present, clients can make a GET request to this URL to download the resource. When `null`, the full resource is included in `data` as usual.

Events are available for 30 days.