Setting up webhooks
Open the Webhooks panel
Go to Webhooks in the Developer Dashboard.
Choose your events
Select the events you want to receive. You can use wildcard patterns like
patient.* or subscribe to all events with *.Event format
Events follow the{resource}.{action} pattern:
Payload structure
Each delivery sends a JSON body to your endpoint:Request headers
ClinikAPI includes these headers on every webhook delivery:| Header | Description |
|---|---|
X-Clinik-Signature | HMAC-SHA256 hex signature of the raw request body |
X-Clinik-Timestamp | Unix timestamp (seconds) when the delivery was sent |
X-Clinik-Event | Event type, e.g. patient.created |
X-Clinik-Delivery-Id | Unique delivery ID — use this for deduplication |
Signature verification
Always verify the signature before processing the event. Usecrypto.timingSafeEqual to prevent timing attacks:
Event subscription patterns
You can subscribe to all events, a resource family, or a single event type:| Pattern | Description |
|---|---|
* | All events across all resource types |
patient.* | All patient events (created, updated, deleted) |
patient.created | Only patient creation events |
Available events
All 14 resource types emit.created, .updated, and .deleted events:
| Resource | Events |
|---|---|
patient | patient.created, patient.updated, patient.deleted |
encounter | encounter.created, encounter.updated, encounter.deleted |
observation | observation.created, observation.updated, observation.deleted |
medication | medication.created, medication.updated, medication.deleted |
appointment | appointment.created, appointment.updated, appointment.deleted |
intake | intake.created, intake.updated, intake.deleted |
consent | consent.created, consent.updated, consent.deleted |
lab | lab.created, lab.updated, lab.deleted |
prescription | prescription.created, prescription.updated, prescription.deleted |
note | note.created, note.updated, note.deleted |
assessment | assessment.created, assessment.updated, assessment.deleted |
document | document.created, document.updated, document.deleted |
practitioner | practitioner.created, practitioner.updated, practitioner.deleted |
practitioner-role | practitioner-role.created, practitioner-role.updated, practitioner-role.deleted |
Retry policy
If your endpoint does not respond with a2xx status within 30 seconds, ClinikAPI retries the delivery with exponential backoff:
| Attempt | Delay after previous failure |
|---|---|
| 1 | 30 seconds |
| 2 | 2 minutes |
| 3 | 8 minutes |
| 4 | 32 minutes |
| 5 | 2 hours |