Webhooks

Overview

Clinit can POST to any HTTPS endpoint when events occur in your clinic. This lets you integrate with external systems — lab software, insurance platforms, ERP systems, or custom applications.

Webhooks are configured at App Management > Webhooks > + Add Endpoint.

Available events

appointment.created — new appointment booked

appointment.status_changed — appointment transitions status (e.g. to COMPLETED)

appointment.cancelled — appointment cancelled

payment.received — invoice payment recorded

invoice.overdue — invoice crosses due date unpaid

patient.created — new patient registered

lab_order.ready — lab result marked ready

prescription.issued — prescription saved

vaccine.administered — vaccination recorded

session.completed — clinical session saved

Payload format and signature verification

All webhook payloads include signature headers:

X-Clinit-Signature: sha256=<hex digest>

X-Clinit-Event: appointment.created

X-Clinit-Delivery: <unique delivery UUID>

Verifying the signature in Node.js:

const sig = req.headers["x-clinit-signature"]

const expected = "sha256=" + crypto

.createHmac("sha256", process.env.WEBHOOK_SECRET)

.update(JSON.stringify(req.body))

.digest("hex")

if (sig !== expected) return res.status(401).end()

Your endpoint must return HTTP 200 within 10 seconds.

Retries and dead letter queue

Failed deliveries (non-200 response or timeout after 10 seconds) are retried 3 times with exponential backoff:

Attempt 1 — immediate

Attempt 2 — after 5 seconds

Attempt 3 — after 30 seconds

Attempt 4 — after 5 minutes

After all retries fail, the delivery moves to the Dead Letter Queue at App Management > Webhooks > Dead Letter. You can replay individual deliveries manually from there.