Skip to main content

Overview

The Service Reminder webhook notifies your system when a notification rule is triggered indicating that a service reminder is due for a patient. Oliver sends an HTTP POST request to your configured endpoint with a JSON payload containing the reminder details.

Payload Structure

The webhook payload is sent as a JSON object with the following structure:
practice_id
string
required
Oliver’s unique identifier for the veterinary practice.
id
string
required
A unique identifier for this webhook event.
practice_name
string
required
The name of the veterinary practice associated with the reminder.
client_id
string
required
Oliver’s unique identifier for the client who should be notified.
remote_client_id
string
The unique identifier for the client in the PIMS, if applicable.
patient_id
string
required
Oliver’s unique identifier for the patient (pet) who has services due.
remote_patient_id
string
The unique identifier for the patient in the PIMS, if applicable.
notification_rule_name
string
required
The name of the notification rule that triggered this webhook.
reminders
array
required
An array of service reminder objects for the services that are due.

Example Payload

{
  "practice_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
  "id": "550e8400-e29b-41d4-a716-446655440000",
  "practice_name": "Happy Paws Veterinary Clinic",
  "client_id": "b2c3d4e5-f6a7-8901-bcde-f12345678901",
  "remote_client_id": "12345",
  "patient_id": "c3d4e5f6-a7b8-9012-cdef-123456789012",
  "remote_patient_id": "67890",
  "notification_rule_name": "2 weeks before due",
  "reminders": [
    {
      "code": "svc_001",
      "description": "Annual Wellness Exam",
      "due_at": "2025-01-15T05:00:00Z"
    },
    {
      "code": "svc_002",
      "description": "Rabies Vaccination",
      "due_at": "2025-01-20T05:00:00Z"
    }
  ]
}

Verifying Webhook Signatures

To ensure that webhook requests are genuinely from Oliver and have not been tampered with, each request includes a signature in the X-Webhook-Signature header. You should verify this signature before processing the payload.

Signature Verification Process

  1. Extract the X-Webhook-Signature header from the request
  2. Compute an HMAC-SHA256 hash of the raw request body using your webhook secret
  3. Compare the computed signature with the one in the header

Example Verification

import hmac
import hashlib

def verify_webhook_signature(payload: bytes, signature: str, secret: str) -> bool:
    expected_signature = hmac.new(
        secret.encode('utf-8'),
        payload,
        hashlib.sha256
    ).hexdigest()
    return hmac.compare_digest(expected_signature, signature)

const crypto = require('crypto');

function verifyWebhookSignature(payload, signature, secret) {
  const expectedSignature = crypto
    .createHmac('sha256', secret)
    .update(payload, 'utf-8')
    .digest('hex');
  return crypto.timingSafeEqual(
    Buffer.from(expectedSignature),
    Buffer.from(signature)
  );
}
Always use constant-time comparison functions (like hmac.compare_digest in Python or crypto.timingSafeEqual in Node.js) to prevent timing attacks.

Handling the Webhook

When receiving a service reminder webhook, your endpoint should:
  1. Verify the webhook signature
  2. Respond with a 200 OK status code to acknowledge receipt
  3. Process the reminder asynchronously if needed to avoid timeouts
  4. Use the client_id and patient_id to look up contact information
  5. Send appropriate reminder notifications to the client
If your endpoint fails to respond with a success status code, Oliver may retry the webhook delivery.