ChartHero Developer Docs
API ReferenceOpenAPI JSON
Get Started

Core Concepts

AuthenticationScopesPagination

Guides

Fetch encountersFetch documentsFetch transcript and audioReceive webhooksVerify webhook signatures
API ReferenceWebhooksErrorsChangelog

Guide

Receive webhooks

Build a receiver for ChartHero pointer notifications and follow-up REST fetches.

Webhook flow

ChartHero sends event

A thin pointer notification arrives at the receiver endpoint.

Partner verifies signature

The receiver validates timestamp, raw body, and HMAC signature.

Partner returns 2xx

Any HTTP 2xx response marks the delivery successful.

Partner fetches encounter/document/transcript

Approved REST routes provide the clinical follow-up data.

When to use this

ChartHero webhooks are pointer notifications. Store the event identity, acknowledge with a 2xx response after lightweight validation, and fetch clinical resources through the public REST API.

The current documented event is recording.transcript_ready, sent when a recording transcript is ready for follow-up fetches. Runtime delivery is planned/not generally available; see Webhooks for the full contract.

Required scopes

Receiving the webhook itself does not use ChartHero API-key scopes. Follow-up REST fetches require only the union of scopes for the receiver's approved routes:

Follow-up route Required scopes
GET /external/v1/encounters/{encounter_id} encounters:read, patients:read, documents:read
GET /external/v1/encounters/{encounter_id}/documents/{document_id} encounters:read, documents:read
GET /external/v1/encounters/{encounter_id}/documents/{document_id}/transcript encounters:read, documents:read
GET /external/v1/encounters/{encounter_id}/documents/{document_id}/audio encounters:read, documents:read, recordings:read

recordings:read is required only when the audio follow-up route is approved.

Request

cURL
curl -X POST "https://partner.example.test/chart-hero/webhooks" \
  -H "Content-Type: application/json" \
  -H "ChartHero-Event-Id: evt_recording_transcript_ready_01" \
  -H "ChartHero-Delivery-Id: whd_recording_transcript_ready_01" \
  -H "ChartHero-Timestamp: 1777649400" \
  -H "ChartHero-Signature: v1=a3cc6cb77b21da521f106cc32f59c3d119181f533faef8c7ff3e44f906053701" \
  -H "ChartHero-Webhook-Version: 2026-05-01" \
  --data-raw '{"id":"evt_recording_transcript_ready_01","type":"recording.transcript_ready","api_version":"2026-05-01","occurred_at":"2026-05-01T15:29:55Z","organization_id":"org_123","resources":{"encounter_id":"enc_123","document_id":"doc_123"}}'

Minimal event payload:

JSON
{
  "id": "evt_recording_transcript_ready_01",
  "type": "recording.transcript_ready",
  "api_version": "2026-05-01",
  "occurred_at": "2026-05-01T15:29:55Z",
  "organization_id": "org_123",
  "resources": {
    "encounter_id": "enc_123",
    "document_id": "doc_123"
  }
}

The webhook body does not include transcript turns, document content, patient demographics, audio URLs, endpoint secrets, or receiver-specific credentials.

Response

Return any HTTP 2xx response after signature verification and lightweight validation. No JSON acknowledgement body is required.

HTTP
HTTP/1.1 204 No Content
Receiver result ChartHero behavior
Any 2xx response Delivery success.
Retryable transport or status failure Delivery may be retried at least once.
Terminal non-transient failure Delivery is not expected to be retried.

Deduplicate business work by event id or ChartHero-Event-Id, not by ChartHero-Delivery-Id.

Common errors

Condition Receiver behavior
Missing required header Do not process clinical follow-up work; return a non-2xx response according to your receiver policy.
Invalid signature or stale timestamp Reject the delivery and do not fetch follow-up resources.
Duplicate event id Return success if prior processing completed, or continue idempotent retry handling if still in progress.
Unsupported event type Ignore or reject according to your receiver policy; do not assume clinical resources are available.

Next step

Implement Verify webhook signatures before making follow-up fetches. Then fetch only approved resources using Fetch encounters, Fetch documents, or Fetch transcript and audio. See recording.transcript_ready in the API Reference for the generated webhook contract.

Next steps

Verify webhook signatures

Validate HMAC signatures before follow-up fetches.