Connect your shop, your sales tools, or your EMR to MedGrid. A single integration surface — REST for vendors and EMRs, GraphQL for high-volume sync, signed webhooks for asynchronous events.
Every request authenticates with a Frappe API key + secret pair, sent in the Authorization header. Generate yours under My Profile → API Access after you log in. EMRs and vendors with a Custom App may use OAuth2 instead — see the relevant section below.
Authorization: token API_KEY:API_SECRET Content-Type: application/json
https://medgrid.com. Replace API_KEY and API_SECRET with the values from your profile. Treat the secret like a password.If you're a distributor or manufacturer fulfilling orders on MedGrid, these endpoints cover vendor profile registration, stock adjustments, and shop OAuth installation. Most day-to-day vendor work — viewing orders, marking shipments — runs through the Frappe desk and the /portal/vendor dashboard rather than direct API calls.
Programmatically onboard a vendor — creates a Vendor Profile in Pending Approval state for MedGrid admins to review.
curl -X POST \
-H "Authorization: token API_KEY:API_SECRET" \
-H "Content-Type: application/json" \
-d '{
"sales_representative_name": "Skydell Holdings",
"email": "vendor@example.com",
"password": "",
"country": "United States",
"profile_url": "skydell"
}' \
"https://medgrid.com/api/method/medgrid.api.register_vendor"
Adjust on-hand quantity for one of your SKUs. Auto-advances to Requested for vendor-initiated changes; awaits Medgrid Marketplace Officer approval.
curl -X POST \
-H "Authorization: token API_KEY:API_SECRET" \
-H "Content-Type: application/json" \
-d '{
"item": "SKU-1234",
"action": "Add",
"warehouse": "Main Store - MG",
"quantity": 120,
"reason": "Restock from Q2 shipment"
}' \
"https://medgrid.com/api/method/medgrid.api.create_stock_update_request"
Sales totals, recent orders, low-stock SKUs — same data that powers the vendor desk dashboard.
If your shop runs on Shopify (post-2025 Custom Apps), use our OAuth installer to capture your Admin API token automatically — no manual token handling.
https://medgrid.com/api/method/medgrid.exoceuticals.oauth_callback as an allowed redirection URL on your Shopify Custom App page before initiating.Pull rep KPIs, commission breakdowns, and customer attribution into your CRM or sales analytics tool. All endpoints scope automatically to the authenticated user — reps only see their own data, managers see their team, admins see everyone.
Month-to-date sales, commission estimate, tier, level, streak, customer count, badges earned.
curl -H "Authorization: token API_KEY:API_SECRET" \ "https://medgrid.com/api/method/medgrid.rep_dashboard.get_rep_kpis"
Per-team rep + manager totals over the last N days. Manager-only.
curl -H "Authorization: token API_KEY:API_SECRET" \ "https://medgrid.com/api/method/medgrid.team_commission.team_commission_summary?period_days=30"
Onboard a downline rep with a fixed slice of your base MedGrid commission. Auto-creates the User + Sales Person.
curl -X POST \
-H "Authorization: token API_KEY:API_SECRET" \
-H "Content-Type: application/json" \
-d '{
"email": "newrep@example.com",
"full_name": "Casey Brown",
"subrep_pct": 5
}' \
"https://medgrid.com/api/method/medgrid.subrep_team.invite_subrep"
Top reps by MTD sales (or another metric). Use metric=mtd_sales | commission_estimate | streak_days.
Customers attributed to the authenticated rep — Customer.assigned_rep equality.
Sync patient records, transmit electronic prescriptions, and pull order status from MedGrid's PerfectRx-routed pharmacy network. Provider NPIs are validated server-side against NPPES before any e-script is transmitted.
Pass an existing MedGrid Customer name. We create (or look up) the corresponding patient record at PerfectRx and store its ID on the Customer. Idempotent.
curl -X POST \
-H "Authorization: token API_KEY:API_SECRET" \
-H "Content-Type: application/json" \
-d '{
"customer": "CUST-00001234"
}' \
"https://medgrid.com/api/method/medgrid.perfectrx.ensure_patient"
Routes a submitted Sales Order's prescription items through PerfectRx for fulfillment. Validates provider NPI before transmission. Status is then driven asynchronously via the webhook below.
curl -X POST \
-H "Authorization: token API_KEY:API_SECRET" \
-H "Content-Type: application/json" \
-d '{
"sales_order": "SO-MG-001234"
}' \
"https://medgrid.com/api/method/medgrid.perfectrx.sync_to_perfectrx"
Status fallback for when the webhook is missed. Returns Received / Shipped / Delivered + tracking info if available.
One-time setup so PerfectRx pushes order status events back to your MedGrid instance.
curl -X POST \
-H "Authorization: token API_KEY:API_SECRET" \
-H "Content-Type: application/json" \
-d '{
"public_base_url": "https://medgrid.com",
"contact_email": "ops@your-emr.com"
}' \
"https://medgrid.com/api/method/medgrid.perfectrx.register_webhook"
Subscribe to events from MedGrid so you don't have to poll. Every webhook delivery is HMAC-SHA256 signed; verify the signature before acting on the payload.
Fires on: created, paid, partially-shipped, shipped, delivered, refunded, cancelled.
{
"event": "order.shipped",
"sales_order": "SO-MG-001234",
"tracking_number": "1Z999...",
"carrier": "UPS",
"occurred_at": "2026-05-20T17:42:09Z"
}
Fires when a SKU you fulfill drops below its reorder threshold.
{
"event": "inventory.low_stock",
"item_code": "SKU-1234",
"on_hand": 8,
"threshold": 25,
"occurred_at": "2026-05-20T17:42:09Z"
}
Every delivery sends two headers: X-MedGrid-Signature (hex HMAC-SHA256 of the raw body) and X-MedGrid-Timestamp.
# Pseudo-Python verifier
import hmac, hashlib
def verify(raw_body: bytes, signature_hdr: str, timestamp_hdr: str, secret: str) -> bool:
digest = hmac.new(secret.encode(), raw_body, hashlib.sha256).hexdigest()
if not hmac.compare_digest(digest, signature_hdr):
return False
# Reject deliveries older than 5 minutes (replay protection)
return abs(time.time() - int(timestamp_hdr)) < 300
2xx within 5 seconds to acknowledge — anything else is retried with exponential back-off for up to 24 hours.A separate sandbox environment mirrors production schema but runs against test pharmacies and a no-op payment processor.
Use the same auth scheme as production. Sandbox API keys live under My Profile → API Access → Sandbox.
https://sandbox.medgrid.com
Subscribe to incident updates and planned maintenance windows.
https://status.medgrid.com
Our integrations team will pair with you on schema, test data, and webhook subscription.
Contact integrations team