The Truepill API platform provides you convenient access to our entire pharmacy and telehealth infrastructure.
Welcome to the Truepill API. Our mission is to put patients first. We believe fundamentally that having open and accessible APIs for healthcare is critical to empower our partners to deliver world-class patient experiences.
We’re thrilled to have partners like you that are looking to revolutionize the patient experience. Our API platform is central to our business and we’re excited for you to get started. We hope your integration experience is smooth and if you have any questions please reach out to email@example.com.
What is an API?
If you’re thinking of active pharmaceutical ingredient, you wouldn’t be incorrect! Here however, we will focus on technology APIs and how they can transform your patient experience.
The Truepill API is a powerful and robust RESTful JSON based API. This API will give you the ability to access our healthcare infrastructure on both the pharmacy and telehealth sides of our business.
This getting started guide is organized into two parts: our telehealth API and pharmacy API. You can also dive into our full API reference documentation at any time.
HIPAA and Security
Truepill takes security and confidentiality of PHI very seriously. We ensure your data integrity is a top priority - from the moment you initiate an API request, all the way to when your patient receives medication from us.
Truepill uses a set of policies and procedures to safeguard our physical and technical infrastructure to maintain compliance with the HIPAA Privacy Rule, Security Rule, Transactions and Code Sets Rule, and their implementing regulations.
Business associate agreement
Truepill uses a standard business associate agreement with many of our partners, and may execute customized agreements with large health systems, health plans or PBMs (payers) and pharmaceutical manufacturers.
Security and privacy, along with regulatory compliance are core pillars of our business. We maintain an active review program, and employ professional third-party auditors to evaluate our effectiveness.
Our services have also been evaluated and assessed by many of the largest providers, health plans and manufacturers in the industry. We welcome our partners to conduct their own assessment, including security audits, site reviews and other measures.
Questions or concerns about our security or privacy program may be directed to our Privacy Officer by contacting firstname.lastname@example.org
Truepill uses trusted HIPAA compliant cloud infrastructure. All API requests are transmitted over TLS 1.2 protocol and all data is encrypted in transit and at rest.
The Truepill API uses key based authentication. Requests are authenticated using basic access authentication. Provide your API key in an authorization HTTP header for all requests. If you do not pass in an authorization HTTP header with a valid API key, your requests will not authenticate successfully.
In order to access the Truepill API, you will need an API key which will be provisioned and provided to you during the onboarding process. You will be given two unique keys: a sandbox key and a production API key.
As per RESTful design patterns, the Truepill API implements standard HTTP actions: GET, POST, PUT, DELETE. When making requests, arguments can be passed as params, form data or JSON with correct content-type header
Requests must be made over HTTPS. Any non-secure requests are not redirected (HTTP 302) to the HTTPS equivalent URI.
Base request URL:https://api.truepill.com/v1/
Webhook events are the way Truepill communicates all asynchronous events and status changes related to your API requests. As part of your integration, you will be required to set up a HTTP webhook URL that Truepill will POST updates to.
Webhook events send the latest known data for a request at the time of sending, formatted in accordance with the request resource. This way, you are guaranteed to receive the most up-to-date status of any request.
Managing your webhook endpoint
You can set, manage, and update your webhook event URL in your developer account or by using our customer endpoints. Using webhook events is optional, but strongly suggested as it is the only way to receive real-time status changes for all your requests.
Securing your webhook endpoint
You can secure your webhook endpoint using basic access authentication where Truepill will reference a key in the authorization header of every POST request to your webhook endpoint. Alternatively, you may choose to white-list the Truepill IP address range. These security measures are highly recommended, but are not required.
Our webhook events will return token representations of different objects with high level details. Our most common tokens include the patient_token and prescription_token. Using tokens ensures we limit the amount of patient identifiable data sent using webhook events.
Request vs. notify webhook events
There are two types of webhook events sent by the Truepill system. Request events are asynchronous events that will always reference a request ID from a previous request you have made. Notify events on the other hand are not tied to a request made by you but may be relevant to your specific workflow. Below are two examples of webhook event types explained in greater detail later:
Shipment success webhook event:
Success webhook event
Prescription notify webhook event:
Prescription notify event
Our API returns standard HTTP success or error status codes. For errors, we will also include extra information about what went wrong encoded in the response as JSON. The various HTTP status codes we might return are listed in our API reference.
Additionally, different API endpoints have specific errors and error codes related to that endpoint. These endpoint-specific errors are covered in more detail throughout this guide and as part of our full API reference.
Environments and testing
You can access two separate environments, sandbox and production using the same base request URL. You will determine which environment you are looking to access by using either your sandbox or production API key. The only functional difference between the two environments is that the sandbox environment has fake data and simulation error events which you can use to test the end-to-end experience.