Chapter 1

MedGrid API Integration Guide

MedGrid Marketplace is a B2B digital platform for the healthcare and medical supply industry — connecting clinics and healthcare practitioners with pharmacies and fulfillment vendors. This guide covers every integration needed to connect your system to MedGrid.

Production

https://app.medgrid.com

Sandbox

https://sandbox.medgrid.com

Always use the Sandbox environment when developing or testing your integration. Sandbox orders never result in real shipments or charges.

Endpoint Structure

All MedGrid endpoints follow this pattern:

GET  /api/method/{module}.{function}   ← fetching / reading data
POST /api/method/{module}.{function}   ← creating / sending data

For example, to search the catalog:

GET /api/method/medgrid.catalog.search_items?query=BPC

What is MedGrid?

MedGrid sits between the people who need medical products and the people who supply them. When a clinic places an order, the platform automatically routes each line item to the correct fulfillment vendor. All API communication uses HTTPS — data is encrypted in transit.

Chapter 2

Integration Overview

MedGrid connects with six external systems. The table below is a high-level view of every integration covered in this guide.

Integration	External System	Who Uses It	What It Does
PerfectRx	PerfectRx Pharmacy API	MedGrid (automatic)	Sends prescriptions & OTC orders to a compounding pharmacy; receives shipping updates
ShipStation	ShipStation Fulfillment	Vendors, MedGrid (automatic)	Creates shipping labels and syncs tracking numbers back to MedGrid
SINQ Ops	SINQ Fulfillment API	MedGrid (automatic)	Sends OTC and HRT product orders to SINQ; receives shipment status
Centre Research	Centre Research Peptides API	MedGrid (automatic)	Places peptide orders with Centre Research as a sales channel partner
Shopify / Exoceuticals	Shopify (vendor store)	Vendors, MedGrid Admins	Syncs product catalog and inventory; routes orders to Shopify stores
Sales Channel API	External clinic portals & resellers	Customers, partners	Lets external platforms browse MedGrid inventory and place orders
Internal Sales Rep API	MedGrid Desk (internal)	MedGrid sales staff	Powers the catalog browser inside the Sales Order form for sales reps

Integration Types

Managed Integration

Configured by the MedGrid operations team. Provide your credentials to MedGrid — they securely store and configure the connection on your behalf.

Managed

Self-Service Integration

Connect directly from the Integrations Portal at /portal/integrations with no MedGrid admin involvement required.

Self-Service

Product Mapping

Before orders can be routed, each product must be linked to your internal product identifier. The MedGrid catalog team manages this mapping.

Admin Setup

Product Mapping Fields

Vendor	MedGrid Field	What It Stores
PerfectRx	`perfectrx_drug_description`	Drug name and prescription details
ShipStation	`shipstation_product_id`	Your SKU as it appears in ShipStation
SINQ	`sinq_sku`	Service SKU used when placing SINQ orders
Centre Research	`centre_research_product_id`	Centre Research's variant ID for the product
Shopify / Exoceuticals	`exoceuticals_variant_id`	Shopify ProductVariant GID

Chapter 3

Authentication

Before MedGrid will respond to any API request, you must prove your identity. MedGrid supports two authentication methods depending on what type of system is connecting.

Method 1: API Key + API Secret (Recommended)

This is the preferred method for any software or automated system. Works like a username and password — but designed for machines.

How to Get Your Credentials

Log in to the MedGrid Portal
Go to User Settings > API Access
Generate your API Key and API Secret
Store them securely — treat them like passwords; never share them publicly

Authorization Header

Include this header in every API call:

Authorization: token YOUR_API_KEY:YOUR_API_SECRET
Content-Type: application/json
Accept: application/json

Example Request

curl -X GET "https://app.medgrid.com/api/method/medgrid.catalog.list_warehouses" \
  -H "Authorization: token abc123key:xyz789secret" \
  -H "Content-Type: application/json"

Security: Never put your API Key and Secret in front-end (browser) code. They should only be used on secure backend servers where they cannot be seen by end users.

Method 2: Session Token (Portal Users)

Used when a human vendor logs into the MedGrid Vendor Dashboard through a browser. After logging in, MedGrid issues a session cookie that is automatically included in subsequent requests.

POST/api/method/login

{
  "usr": "vendor@example.com",
  "pwd": "your-password"
}

The response sets a session cookie called sid. Your browser will automatically send this cookie on every follow-up request within the same session.

Public Endpoints (No Auth Required)

A small number of endpoints do not require authentication. These are specifically designed to receive inbound data from external partners (such as Shopify OAuth callbacks and vendor webhooks). Each public endpoint is clearly marked throughout this guide.

Chapter 8

Error Codes & Troubleshooting

When an API call fails, MedGrid returns a standard error response that makes it easy to understand what went wrong.

Standard Error Response Format

{
  "exc_type": "ValidationError",
  "exception": "...",
  "_server_messages": "[{\"message\": \"Human-readable error message\"}]"
}

HTTP Status Codes

Code	Meaning	Common Cause	What To Do
200	Success	N/A	Request completed successfully
400	Validation Error	Missing or invalid fields in request body	Check `_server_messages` for specific field errors
401	Unauthenticated	Wrong or missing API key/secret	Verify your `Authorization` header format and credentials
403	Permission Denied	Your role does not allow this action	Contact MedGrid to verify your role permissions
404	Not Found	Wrong document name or endpoint URL	Check the document name (e.g., SO-2026-00456) and URL path
409	Conflict	Order already synced to this vendor	Do not re-submit; check existing order status instead
417	Business Logic Error	Order not ready (e.g., still in Draft status)	Ensure all required fields are filled and the order is in the correct state
429	Rate Limited	Too many requests in a short period	Wait and retry; implement exponential backoff
500	Internal Server Error	Unexpected error on MedGrid's side	Contact MedGrid support with the full error details

Vendor-Specific Error Indicators

Vendor	How Errors Are Signaled
ShipStation	HTTP 401 = invalid API Key/Secret; HTTP 429 = rate limited (40 req/min)
SINQ	HTTP 401 in webhook = wrong `key` header value
Centre Research	`{ "success": false, "error": "..." }` inside a 200 OK — always check the `success` field, not just the HTTP status
Exoceuticals (Shopify)	`userErrors` array inside a 200 OK response
PerfectRx	HTTP 502 usually means the OAuth body format is wrong — use the nested `credentials` object, not the standard `grant_type` form body

Chapter 9

Rate Limits & Performance

A rate limit is a cap on how many API requests can be made within a given time window. Rate limits protect systems from being overloaded.

MedGrid API Rate Limits

MedGrid does not enforce a hard rate limit on authenticated API calls. However, burst traffic may be throttled server-side. Follow the best practices below to avoid issues.

Vendor API Rate Limits

Vendor	Rate Limit & Retry Policy
ShipStation	40 requests per minute per API key pair. MedGrid handles HTTP 429 with exponential backoff, up to 3 retries.
Shopify (Exoceuticals)	50 GraphQL cost units per second (bucket system). MedGrid manages this automatically.
Centre Research	Not publicly published. MedGrid applies up to 3 retries with exponential backoff.
PerfectRx	Not publicly published. MedGrid uses a 300 requests per 5 minutes sliding window (configurable).
SINQ	Not publicly published. Standard retry-on-5xx policy applies.

Performance Best Practices

Use webhook-driven updates instead of polling for order status wherever possible
Cache list_warehouses results — warehouses change infrequently
Always use the Sandbox environment for development and testing
Implement exponential backoff in your code for any 429 or 5xx response
Use the aggregate_shipments endpoint for consolidated tracking rather than individual vendor calls

Vendor Integration A2

PerfectRx — Prescription Pharmacy

PerfectRx is a compounding pharmacy that handles prescription (Rx) medications and over-the-counter (OTC) products. MedGrid uses PerfectRx for orders that require a prescription — for example, custom-compounded medications for a clinic's patients.

Connection Type: Managed Integration. Provide your PerfectRx credentials to the MedGrid integrations team. They configure the connection securely on your behalf.

How It Works

Clinic places order → MedGrid checks patient in PerfectRx (creates if not found) → MedGrid sends prescription or OTC order → PerfectRx fills & ships → PerfectRx sends webhook → MedGrid updates order status

Credentials Required

Credential	Description
`client_id`	OAuth2 Client ID issued by PerfectRx
`client_secret`	OAuth2 Client Secret (also used for webhook verification)
`default_practice_id`	The PracticeId created in PerfectRx for MedGrid's practice account
`partner_account`	Optional: sub-account identifier if you are an aggregator
`base_url`	`https://apis.perfectrx.com` (production) or `https://test.apis.perfectrx.com` (sandbox)

Authentication — OAuth2 Token

PerfectRx uses OAuth2. MedGrid handles token acquisition and refresh automatically (tokens are refreshed 30 seconds before expiry).

POSThttps://apis.perfectrx.com/v1/oauth2/token

{
  "credentials": {
    "clientId":     "your-client-id",
    "clientSecret": "your-client-secret"
  }
}

Developer Note: Using the standard grant_type=client_credentials form body will return HTTP 502. Always use the nested credentials object format shown above.

Order Flow — API Calls

Step	Endpoint	Purpose
1	`POST /v1/patients/create`	Check if patient exists in PerfectRx; create if not found
2a	`POST /v1/prescriptions/transmitEScript`	For prescription items: transmit the eScript
2b	`POST /v1/otc/transfer`	For OTC items: send the OTC order

PerfectRx returns an immediate acknowledgement with a referenceId. All further status updates arrive via webhook.

Inbound Webhook from PerfectRx

MedGrid verifies the authenticity of every webhook using HMAC-SHA256 signature verification.

POST/api/method/medgrid.perfectrx.webhook

X-PerfectRx-Signature: {hmac_hex}
X-PerfectRx-Nonce:     {uuid}
X-PerfectRx-Timestamp: {unix_epoch}

Webhook Events

Event	Meaning / Status Set on Order
`ORDER_RECEIVED`	Order received and acknowledged → Status: Received
`ORDER_SHIPPED`	Order has been shipped (tracking number included) → Status: Shipped
`ORDER_RESHIPPED`	Replacement shipment sent → Status: Shipped
`ORDER_DELIVERED`	Order was delivered → Status: Delivered
`ORDER_CANCELED`	Order was cancelled → Status: Cancelled
`PATIENT_CREATION_SUCCESS`	Patient profile created in PerfectRx (no order status change)
`PATIENT_CREATION_FAILURE`	Patient profile creation failed (requires manual follow-up)

Sales Order Fields Updated

Field	What It Contains
`perfectrx_reference_id`	PerfectRx's unique identifier for the order
`perfectrx_status`	Current status: Received / Shipped / Delivered / Cancelled
`perfectrx_tracking_number`	The carrier tracking number
`perfectrx_carrier`	Name of the shipping carrier (e.g., UPS, FedEx)
`perfectrx_tracking_url`	Direct link to track the package online
`perfectrx_sync_date`	Timestamp of the most recent status update

Vendor Integration A3

ShipStation — Shipping & Fulfillment

ShipStation is a shipping platform used by warehouses to generate shipping labels and track packages. MedGrid uses ShipStation for physical products that need to be picked from a warehouse, packed, and shipped to a customer.

Connection Types: Self-Service — vendors connect their own ShipStation account from /portal/integrations. Managed — MedGrid's team configures a platform-level ShipStation connection on your behalf.

Self-Service Connection

Log in to the MedGrid Vendor Portal
Go to Integrations at /portal/integrations
Click Connect under the ShipStation card
Enter your API Key and API Secret (found in ShipStation under Settings > API Settings)

POST/api/method/medgrid.integrations.connect_shipstation

// Request
{ "api_key": "your-shipstation-key", "api_secret": "your-shipstation-secret" }

// Success response
{ "ok": true, "integration": "shipstation", "status": "connected" }

Order Sync: MedGrid → ShipStation

When a Sales Order is confirmed in MedGrid, it automatically sends the order to ShipStation. Re-submitting the same order updates the existing ShipStation order rather than creating a duplicate.

POSThttps://ssapi.shipstation.com/orders/createorder

{
  "orderNumber":   "SO-2026-00123",
  "orderDate":     "2026-06-01 00:00:00",
  "orderStatus":   "awaiting_shipment",
  "customerEmail": "patient@clinic.com",
  "amountPaid":    149.00,
  "shipTo": {
    "name": "Jane Smith", "street1": "123 Main St",
    "city": "Austin", "state": "TX", "postalCode": "78701"
  },
  "items": [{ "sku": "ITEM-001", "quantity": 2, "unitPrice": 74.50 }],
  "advancedOptions": { "warehouseId": 2001705 }
}

Tracking Sync: ShipStation → MedGrid (Webhook)

Configure this webhook URL in ShipStation Admin under Settings > Webhooks > Add Webhook:

POSThttps://app.medgrid.com/api/method/medgrid.shipstation.webhook

ShipStation sends a notification containing a resource_url. MedGrid automatically fetches the full tracking details from that URL.

ShipStation Event → MedGrid Status Mapping

ShipStation Event	Status Applied to MedGrid Order
`ORDER_NOTIFY` / `ITEM_ORDER_NOTIFY`	Awaiting Shipment
`SHIP_NOTIFY` / `ITEM_SHIP_NOTIFY`	Shipped
`FULFILLMENT_SHIPPED`	Shipped

Sales Order Fields Updated

Field	What It Contains
`shipstation_order_id`	ShipStation's unique order identifier
`shipstation_status`	Submitted / Awaiting Shipment / Shipped / Delivered / Cancelled / Failed
`shipstation_tracking_number`	The carrier tracking number
`shipstation_carrier`	Carrier code (e.g., ups, fedex, stamps_com)
`shipstation_tracking_url`	Direct link to track the package
`shipstation_label_url`	URL of the shipping label PDF (hosted by ShipStation)
`shipstation_sync_date`	Timestamp of the most recent sync

Rate Limit: ShipStation allows 40 API requests per minute per API key pair. MedGrid automatically handles this with exponential backoff, up to 3 retries.

Vendor Integration A4

SINQ Ops — OTC & HRT Fulfillment

SINQ Ops is the fulfillment partner for over-the-counter (OTC) products and hormone replacement therapy (HRT) items sold under the Skydell brand. MedGrid automatically routes these orders to SINQ for fulfillment.

Connection Type: Managed Integration. SINQ is configured by the MedGrid operations team. Provide your SINQ credentials to the MedGrid integrations team.

Credentials Required

Credential	Description
`sinq_api_url`	SINQ Ops API base URL
`sinq_api_key`	API key sent with every outbound order (as a `key` header)
`sinq_webhook_key`	Key that SINQ includes in inbound webhook notifications
`sinq_webhook_secret`	Secret for verifying webhook signatures (optional but recommended)

Order Sync: MedGrid → SINQ

POST{sinq_api_url}/api/receivers/orders/inbound

// Request headers
key: {sinq_api_key}

// Request body
{
  "reference": "SO-2026-00123",
  "lineItems": [{ "serviceSKU": "SINQ-ITEM-001", "quantity": 1 }],
  "shippingAddress": {
    "firstName": "Jane", "address1": "123 Main St",
    "city": "Austin", "provinceCode": "TX", "zip": "78701", "countryCode": "US"
  }
}

// Success (HTTP 201)
{ "reference": "SO-2026-00123", "transactionId": "sinq-txn-abc123" }

Inbound Webhook from SINQ

POST/api/method/medgrid.sinq.webhook

key: {sinq_webhook_key}
X-Webhook-Signature: sha256={hmac_hex}   (optional)

SINQ may send status updates in two payload formats. MedGrid handles both automatically:

// Format A — Flat
{
  "reference": "SO-2026-00123",
  "status": "shipped",
  "tracking": { "trackingNumber": "1Z999...", "trackingUrl": "...", "shipBy": "UPS" }
}

// Format B — Nested
{
  "type": "order.shipped",
  "data": { "reference": "SO-2026-00123", "tracking": { ... } }
}

SINQ Status Values

SINQ Status	Meaning
`synced`	Order received and acknowledged by SINQ
`pending`	Order is queued for fulfillment
`shipped`	Order has been shipped (tracking info included)
`completed`	Order has been delivered and marked complete
`cancelled`	Order was cancelled
`failed`	Order failed to process

Sales Order Fields Updated

Field	What It Contains
`sinq_reference`	The MedGrid order number echoed back by SINQ
`sinq_transaction_id`	SINQ's own internal transaction identifier
`sinq_status`	Synced / Pending / Shipped / Completed / Cancelled / Failed
`sinq_tracking_number`	Carrier tracking number
`sinq_tracking_url`	Direct tracking link
`sinq_carrier`	Carrier name (e.g., UPS)
`sinq_sync_date`	Timestamp of the most recent sync

Vendor Integration A5

Centre Research — Peptides

Centre Research Peptides is a manufacturer and fulfillment partner for peptide products. MedGrid acts as an authorized sales channel — selling Centre Research products and automatically routing orders for fulfillment.

Connection Type: Managed Integration. Centre Research is configured by the MedGrid operations team. Provide your credentials to the MedGrid team.

Credentials Required

Credential	Description
`centre_research_api_url`	API base URL (default: `https://pepapi.stmin.dev/api`)
`centre_research_api_key`	API key sent as `X-API-Key` header on all requests

Request Headers

X-API-Key: {centre_research_api_key}
Content-Type: application/json
Accept: application/json

Placing an Order

POST{base_url}/sales-channels/integration/orders

{
  "partnerOrderId": "SO-2026-00123",
  "customer": {
    "firstName": "Jane", "lastName": "Smith",
    "email": "jane@clinic.com", "phone": "5125550100"
  },
  "shippingAddress": {
    "firstName": "Jane", "lastName": "Smith",
    "address1": "123 Main St", "city": "Austin",
    "state": "TX", "zip": "78701", "country": "US"
  },
  "items": [{ "variantId": "cr-variant-id-001", "quantity": 2 }]
}

// Success response
{ "success": true, "data": { "orderId": "cr-order-id-abc", "status": "PENDING" } }

Important: Centre Research manages its own pricing. Any price field sent is ignored — only variantId and quantity are used. The partnerOrderId (MedGrid SO number) is the deduplication key: re-submitting the same ID returns the existing order.

Checking Order Status

GET{base_url}/sales-channels/integration/orders/{cr_order_id}

Order status progresses through these stages:

PENDING → PROCESSING → LABEL_CREATED → SHIPPED → DELIVERED

Sales Order Fields Updated

Field	What It Contains
`cr_order_id`	Centre Research's internal order identifier
`cr_status`	Pending / Processing / Label Created / Shipped / Delivered / Cancelled / Refunded / On Hold
`cr_tracking_number`	Carrier tracking number
`cr_carrier`	Carrier name
`cr_tracking_url`	Direct tracking link
`cr_shipping_tier`	The shipping tier selected for this order
`cr_sync_date`	Timestamp of the most recent sync

Retry Policy: MedGrid automatically retries on HTTP 429 and 5xx responses using exponential backoff, up to 3 attempts. The Retry-After header is respected when present.

Vendor Integration A6

Shopify / Exoceuticals

MedGrid integrates with Shopify in two ways: vendors with their own Shopify stores can self-connect to sync products and orders; Exoceuticals, a specific vendor, has a platform-level connection managed directly by MedGrid admins.

A6a — Vendor Self-Connect (Any Shopify Store)

Any vendor running their own Shopify store can connect it to MedGrid directly from the Integrations Portal.

Prerequisites: MedGrid must have a Shopify Partner App registered. The fields medgrid_shopify_api_key, medgrid_shopify_api_secret, and medgrid_shopify_redirect_uri must be set in MedGrid System Settings.

Step 1 — Initiate the Connection

POST/api/method/medgrid.integrations.shopify_start_install

// Request
{ "shop_domain": "your-store.myshopify.com" }

// Response
{
  "ok": true,
  "authorize_url": "https://your-store.myshopify.com/admin/oauth/authorize?...",
  "state": "abc123def456"
}

Step 2 — Authorize in Shopify

Open the authorize_url in a browser. Log in and approve the permissions MedGrid is requesting (read_products, write_products, read_orders, write_orders).

Step 3 — Automatic Callback

Shopify redirects back to MedGrid automatically. MedGrid verifies the response, exchanges the authorization code for a permanent access token, and stores it. The connection is now active.

What Data Syncs?

Direction	Data Synced
MedGrid → Shopify	Sales Order status updates, MedGrid SKUs for catalog mirroring
Shopify → MedGrid	Product catalog (items & variants), incoming orders from the Shopify store

A6b — Exoceuticals (Admin-Managed)

Exoceuticals' Shopify store is managed directly by MedGrid admins using the Shopify Admin GraphQL API (version 2026-04).

Daily Catalog Sync

POST/api/method/medgrid.exoceuticals.sync_catalog

Daily Inventory Sync

POST/api/method/medgrid.exoceuticals.sync_inventory

Inbound Webhook from Exoceuticals

Configure in Shopify Admin > Settings > Notifications > Webhooks:

POST/api/method/medgrid.exoceuticals.webhook

Topics:   orders/updated, orders/cancelled, orders/fulfilled
Verification header:
X-Shopify-Hmac-Sha256: {base64(HMAC-SHA256(webhook_secret, raw_body))}

Sales Order Fields Updated

Field	What It Contains
`exoceuticals_order_id`	Shopify Order GID (unique Shopify identifier)
`exoceuticals_order_name`	Human-readable Shopify order name (e.g., #1042)
`exoceuticals_status`	Pending / Open / Fulfilled / Cancelled / Failed
`exoceuticals_tracking_number`	Carrier tracking number
`exoceuticals_carrier`	Carrier name
`exoceuticals_tracking_url`	Direct tracking link
`exoceuticals_sync_date`	Timestamp of the most recent sync

Sales Channel API — Chapter 5, B3

Catalog & Inventory Endpoints

These endpoints let external platforms and internal sales reps browse MedGrid's product inventory. All require API Key + API Secret authentication.

Authentication: Include Authorization: token {api_key}:{api_secret} and Content-Type: application/json in every request. Request credentials from the MedGrid integrations team.

List Available Warehouses

Returns all active warehouses that hold saleable inventory. Use this to populate a warehouse picker in your interface.

GET/api/method/medgrid.catalog.list_warehouses

// Response
[
  { "name": "Skydell Main - SM",         "warehouse_name": "Skydell Main" },
  { "name": "Skydell Exoceuticals - SM", "warehouse_name": "Skydell Exoceuticals" }
]

Performance Tip: Cache the results of list_warehouses — warehouses change infrequently. Re-fetching on every page load adds unnecessary overhead.

Browse Items in a Warehouse

Returns all items currently in stock at a specific warehouse, including pricing and available quantity.

GET/api/method/medgrid.catalog.items_in_warehouse

GET /api/method/medgrid.catalog.items_in_warehouse
  ?warehouse=Skydell+Main+-+SM
  &price_list=Standard+Selling   (optional)

// Response
[
  {
    "item_code": "ITEM-001",
    "item_name": "BPC-157 5mg",
    "description": "Body Protection Compound 157, 5mg lyophilized peptide",
    "stock_uom": "Nos",
    "rate": 89.00,
    "available_qty": 142.0
  }
]

Parameters

Parameter	Type	Required	Description
`warehouse`	string	Yes	Warehouse name (from `list_warehouses` response). URL-encode spaces.
`price_list`	string	No	Price list name (e.g., `Standard Selling`). Defaults to the customer's assigned price list.

Search Across the Catalog

Search items by name or description. If a warehouse is specified, results are strictly limited to that warehouse. Without a warehouse, results span all warehouses and include a warehouse column in the response.

GET/api/method/medgrid.catalog.search_items

GET /api/method/medgrid.catalog.search_items
  ?query=BPC
  &warehouse=Skydell+Main+-+SM   (optional)

// Response
[
  {
    "item_code": "ITEM-001",
    "item_name": "BPC-157 5mg",
    "rate": 89.00,
    "available_qty": 142.0,
    "warehouse": "Skydell Main - SM"
  }
]

Search Parameters

Parameter	Type	Required	Description
`query`	string	Yes	Search term matched against item name and description
`warehouse`	string	No	Restrict results to this warehouse. If omitted, searches all warehouses.

Sales Channel API — Chapter 5, B4

Placing an Order

Orders are placed as Sales Orders using the standard Frappe document API. Each sales channel partner is assigned a dedicated Customer record by MedGrid.

Step 1 — Create a Draft Order

POST/api/resource/Sales Order

{
  "customer": "Your-Customer-Name",
  "transaction_date": "2026-06-01",
  "delivery_date":    "2026-06-08",
  "currency": "USD",
  "selling_price_list": "Standard Selling",
  "items": [{
    "item_code": "ITEM-001",
    "qty": 5,
    "rate": 89.00,
    "warehouse": "Skydell Main - SM"
  }],
  "shipping_address_name": "Your-Shipping-Address"
}

// Response
{ "data": { "name": "SO-2026-00456", "status": "Draft", "grand_total": 445.00 } }

Step 2 — Submit the Order

After creating the draft, submit it to trigger the Fulfillment Router. The router automatically dispatches each line item to the correct vendor connector.

PUT/api/resource/Sales Order/SO-2026-00456

{ "docstatus": 1 }

What happens on submit? The Fulfillment Router examines each item and routes it to the appropriate connector: ShipStation, PerfectRx, SINQ, Centre Research, or Exoceuticals. This happens automatically based on product mapping.

Step 3 — Check Order Status

GET/api/resource/Sales Order/SO-2026-00456

Field	Possible Values
`status`	Draft / To Deliver / On Hold / Closed / Cancelled
`shipstation_status`	Awaiting Shipment / Shipped / Delivered / Cancelled
`cr_status`	Pending / Processing / Shipped / Delivered / Cancelled
`sinq_status`	Synced / Pending / Shipped / Completed / Cancelled
`exoceuticals_status`	Pending / Open / Fulfilled / Cancelled
`perfectrx_status`	Received / Shipped / Delivered / Cancelled

Sales Channel API — Chapter 5, B5

Shipment Tracking

Use the aggregate shipments endpoint to get a unified view of all per-vendor shipments for a single order — perfect for building a consolidated tracking page.

POST/api/method/medgrid.fulfillment_router.aggregate_shipments

// Request
{ "sales_order": "SO-2026-00456" }

// Response
{
  "sales_order": "SO-2026-00456",
  "shipments": [
    {
      "vendor": "centre_research",
      "vendor_label": "Centre Research Peptides",
      "status": "Shipped",
      "tracking_number": "1Z999AA10123456784",
      "carrier": "UPS",
      "tracking_url": "https://www.ups.com/track?tracknum=1Z999AA10123456784"
    }
  ]
}

Parameters

Field	Type	Required	Description
`sales_order`	string	Yes	The MedGrid Sales Order name (e.g., `SO-2026-00456`)

Response Fields

Field	Description
`vendor`	Internal vendor key (e.g., `centre_research`, `shipstation`)
`vendor_label`	Human-readable vendor name
`status`	Current fulfillment status for this vendor's shipment
`tracking_number`	Carrier tracking number
`carrier`	Carrier name (e.g., UPS, FedEx)
`tracking_url`	Direct tracking link

Chapter 7

Webhook Reference

A webhook is an automated message sent from one system to another when a specific event occurs. Instead of MedGrid constantly polling for changes, vendors proactively notify MedGrid the moment something happens.

All Inbound Webhook Endpoints

Vendor	MedGrid Endpoint	Verification Method
PerfectRx	`POST /api/method/medgrid.perfectrx.webhook`	HMAC-SHA256 with nonce + timestamp + payload hash
ShipStation	`POST /api/method/medgrid.shipstation.webhook`	No signature — `resource_url` is fetched using Basic auth
SINQ	`POST /api/method/medgrid.sinq.webhook`	`key` header + optional HMAC-SHA256 (`X-Webhook-Signature`)
Exoceuticals	`POST /api/method/medgrid.exoceuticals.webhook`	`X-Shopify-Hmac-Sha256` header
Shopify Self-Connect	`GET /api/method/medgrid.integrations.shopify_callback`	OAuth state parameter + Shopify HMAC
Exoceuticals OAuth	`GET /api/method/medgrid.exoceuticals.oauth_callback`	OAuth HMAC verification

Webhook Best Practices

Practice	Why It Matters
Respond within 5 seconds	Return HTTP 200 quickly; offload heavy processing to a background queue to avoid timeouts
Always verify HMAC signatures	Prevents attackers from sending fake webhook events to your endpoint
Handle duplicate deliveries	Webhooks may be delivered more than once; use the order reference ID as an idempotency key
Build a status-poll fallback	MedGrid will not auto-retry if your endpoint returns non-2xx. Poll the order status endpoint for critical updates

No Auto-Retry: MedGrid does not automatically retry failed webhook deliveries. If your endpoint returns a non-2xx status, you must poll the order status endpoint to recover the missed update.

Chapter 10

Onboarding & Support

A complete reference for getting started with MedGrid integrations, plus role-based summaries and contact information.

Onboarding Checklist

1Request a Vendor Profile from MedGrid
2Receive your MedGrid login and access to the Vendor Dashboard
3For self-service integrations (ShipStation, Shopify): connect from /portal/integrations
4For managed integrations (PerfectRx, SINQ, Centre Research): provide credentials to the MedGrid integrations team
5Work with the MedGrid catalog team to complete product mapping
6Test all order flows in the Sandbox environment
7Configure webhook endpoints in your vendor platform
8Verify webhook signature verification is working correctly
9Confirm a test order flows end-to-end (order placed → vendor receives → tracking returned)
10Go live in production

Roles Summary

User Type	How They Use MedGrid	Key API Features
External Vendor	Connect their system to receive orders and send tracking updates	Webhook endpoints, ShipStation/Shopify self-connect, managed integration onboarding
Customer / Partner Platform	Browse inventory, place orders, track shipments programmatically	Catalog endpoints, Sales Order API, `aggregate_shipments`
Internal Sales Rep	Browse catalog, build orders from within MedGrid Desk	Catalog browser in Sales Order form, `list_warehouses`, `search_items`
MedGrid Admin	Manage integrations, approve products, configure credentials	All endpoints + admin-level management functions

Internal Sales Rep Access Control

Permission	Details
View Sales Orders	Only orders assigned to their territory or created by them
Approve new vendor products	Not allowed — requires the Medgrid Marketplace Admin role
Access vendor payment records	Not allowed
Use the catalog browser	Fully integrated into the Sales Order form

Getting Help

Email: integrations@medgrid.com

Portal: Log in to your vendor account and submit a help request via the Support menu.

For production credential provisioning, work with your MedGrid account manager.