API access for internal use - push document output to Cliniko
G
Grace Lennox
Requesting an API key for internal use at a single practice: By Design Physiotherapy, Hobart, Australia. We're on Practice tier with the Cliniko integration already running for consult notes.
What I want to build: pull our custom-template document output out of Heidi and into Cliniko. The native Cliniko integration only pushes the consult note, so documents and custom forms don't carry across. Your API already supports the read side via GET /sessions/{session_id}/documents, which returns document content as Markdown or HTML. I'll handle the Cliniko write side via Cliniko's API.
Scope: our own practice only, not a productized integration for resale. Happy to sign whatever agreement or go through whatever approval you need. Our Cliniko shard is au3
Heidi Team
Thanks for sharing this, Grace Lennox — super helpful context, and I totally get the workflow gap with the current Cliniko integration only pushing consult notes. I’m looping this into the team for review and we’ll take a look at what’s possible for internal-only API access for your practice; if we need any additional details (e.g., how you’re planning to authenticate/use the documents endpoint in your flow), we’ll follow up.
G
Grace Lennox
Heidi Team Thanks team, appreciate you looping it in.
Figured I'd save you a round-trip and give you the auth/usage detail up front:
Auth: Bearer JWT, stored and used server-side only via Make.com. The token is never exposed client-side.
Flow: on session completion we'd call GET /sessions/{session_id}/documents (read-only on that endpoint), map the result to the matching Cliniko patient, and POST it into Cliniko as a treatment note. Single internal workflow, our practice only.
Data residency: clinical content stays onshore in Cliniko (au3) as our system of record. Nothing clinical touches any US-hosted system, which keeps us clean under the Australian Privacy Act APP 8.
One thing that determines our build: does Heidi expose a session-completion webhook we can subscribe to, or should we poll a sessions-list endpoint with an updated-since filter to detect finished sessions? That answer decides whether we go event-driven or polling.
Cheers.