Webhooks allow you to build or set up integrations which subscribe to certain events on the Elation Platform without polling our API for changes. When one of those events is triggered, we'll send a HTTP POST payload to the webhook's configured URL.

You can programmatically register your event listener (e.x. webhook URL) using The Event Subscription API.

📘
Prevent Echo
Note that updates made by an application will not trigger webhook callbacks to the same application.

Supported models

At the moment, you will receive events for the following models:

Model	event name
Appointment	appointments
Allergies	allergies
Bill	bills
Cardiac Orders	cardiac_orders
Clinical Documents	clinical_documents
Delegate Permissions	delegate_permissions
Document Tags	document_tags
Drug Intolerances	drug_intolerances
Imaging Orders	imaging_orders
Immunizations	immunizations
Incoming Files (fax)	incoming_files
Insurance companies	insurance_companies
Insurance plans	insurance_plans
Lab Order Sets	lab_order_sets
Lab Order Tests	lab_order_tests
Lab Order	lab_orders
Lab Vendor Patient Sites	lab_vendor_patient_sites
Lab Vendors	lab_vendors
Letters	letters
Medications	medications
Message Threads	message_threads
Non-visit Notes	non_visit_notes
Office Staff	office_staff
Patient	patients
Patient Photo	patient_photos
Physicians	physicians
Problems	problems
Pulmonary Orders	pulmonary_orders
Referral Orders	referral_orders
Reports	reports
Service Locations	service_locations
Sleep Orders	sleep_orders
Staff Groups	staff_groups
Thread Member	thread_members
Thread Message	thread_messages
Visit Notes	visit_notes
Vitals	vitals
History	histories
Family History	family_histories

Event payload

When an event is triggered, the webhook POST body contains a JSON object with the following fields. See The Event Object for full details.

Field	Type	Description
`data`	object	The resource object.
`action`	string	`saved` or `deleted`.
`event_id`	integer	The event id to reference this request.
`event_uuid`	string	A UUID7 identifier for this event.
`application_id`	integer	The OAuth2 application client id.
`resource`	string	The resource type (e.g. `patients`).
`resource_url`	string \| null	Optional URL to retrieve the resource payload for large resources.

📘
New fields
event_uuid and resource_url are new additions to the webhook payload. event_uuid is a UUID7 identifier that will eventually replace event_id. resource_url will be offered in the future for resources with very large payloads as an alternative to embedding the full object in data.

Acknowledging events

We are expecting status code 200 when we POST the event payload to your webhook URL. We will retry the POST for up to 72 hours until we get a status code 200 response.

Webhook Signatures

Elation’s webhook requests are signed using the Ed25519 digital signature scheme. The base64 encoded signature can be found in the El8-Ed25519-Signature request header. The base64 encoded signing key for your webhook subscription can be in the signing_pub_key field in the response from the Subscription endpoint.

Libraries exist for all common programming languages that support the verification of Ed25519 signatures.

Example Implementation

The following is an example implementation, using Flask and PyNaCl.

from flask import Flask, request

from nacl.signing import VerifyKey
from nacl.encoding import Base64Encoder

# This base64 encoded value is obtained from the Subscription endpoint
verify_key = VerifyKey("8gUqjclkmFz6AFVB05RpWDYwTxR5MzsLzJnwZ9MlYCw=", encoder=Base64Encoder)

app = Flask(__name__)

@app.route("/", methods=["POST"])
def test_verification():
    b64_signature = request.headers["El8-Ed25519-Signature"]
    signature = Base64Encoder.decode(b64_signature)
    message = request.get_data()

    # verify() raises an exception if verification fails
    verify_key.verify(message, signature)
    return "Signature Verified"