Chapter 1

Vendor Integration Guide

Everything you need to connect your vendor system with the MedGrid Marketplace — from first authentication to live order tracking.

What is Vendor Integration?

Vendor integration means linking your business (pharmacy, fulfillment company, or product supplier) to the MedGrid platform so that orders, inventory, and shipment data flow automatically between your systems and MedGrid. Once connected, you no longer need to manually copy orders or update tracking numbers — it all happens in real time.

What Can Be Synchronized

Data You Push to MedGrid

Product catalog (items, SKUs, descriptions)
Real-time inventory quantities
Pricing and discount rules
Order fulfillment status
Shipment tracking numbers

Data You Receive from MedGrid

New order notifications
Order line items (products, quantities, pricing)
Customer shipping addresses
Order cancellations and updates
Payment confirmation status

Integration Types

Managed Integration

The MedGrid team configures the connection on your behalf. You provide your API credentials securely and MedGrid handles the technical wiring. Ideal for complex pharmacy connectors.

Managed

Self-Service Integration

Connect your own ShipStation account or Shopify store directly from the Vendor Integrations Portal at /portal/integrations. No admin involvement required.

Self-Service

SMS Integration

Verify your phone number to receive AI-powered MedGrid helpdesk support via SMS/iMessage — order updates and answers delivered directly to your phone.

Self-Service

Complete Integration Workflow

1

Apply & Get Approved

Submit your vendor application via the MedGrid portal. The MedGrid team reviews and approves your account. You receive login credentials automatically.

2

Authenticate with MedGrid

Generate your API Key and Secret from User Settings, or log in via the vendor portal. All subsequent API calls use your credentials.

3

Sync Your Product Catalog

Upload your products (items, SKUs, descriptions, pricing). Products are reviewed by MedGrid before becoming available in the marketplace.

4

Connect Your Fulfillment System

Connect your ShipStation account or Shopify store from the Integrations Portal. MedGrid will automatically push new orders to your system.

5

Receive & Fulfill Orders

New MedGrid orders appear in your ShipStation queue (or Shopify admin). Process them normally — ship the items to the customer.

6

Tracking Numbers Sync Back

MedGrid automatically pulls tracking numbers from ShipStation and updates the customer's order. No manual entry required.

Chapter 2

Vendor Onboarding

How a new vendor account is created and what happens at each stage.

Account Lifecycle

Stage	Status	What Happens
Application	Draft	You submit your vendor registration. Your profile is created in MedGrid in Draft state.
Under Review	Pending Approval	The MedGrid team reviews your business information, compliance documents, and product catalog.
Approved	Active	Your account is activated. A User account, Supplier record, and Vendor Profile are automatically created. You receive a welcome email with login instructions.
Suspended	Inactive	Temporarily suspended by MedGrid admin. Orders will not route to your account.

What Gets Created When You Are Approved

When MedGrid approves your vendor account, the following records are automatically created:

User Account — Login credentials for the MedGrid portal and API access.
Vendor Profile — Your public-facing profile on the marketplace (company name, description, logo, contact details).
Supplier Record — Internal record used to route orders to your fulfillment queue.
Contact & Address — Your primary contact and business address for invoicing.

Onboarding Checklist

1Log in to the MedGrid Vendor Portal with your welcome email credentials.
2Complete your Vendor Profile (logo, description, contact details, social links).
3Upload your initial product catalog with descriptions, SKUs, and pricing.
4Wait for MedGrid catalog review — products must be approved before they appear.
5Connect your ShipStation or Shopify account from the Integrations Portal.
6Optionally verify your phone for SMS helpdesk support.
7Run a test sync to confirm orders and tracking flow correctly.

Chapter 3

Authentication

Every API request to MedGrid must include valid credentials. There are two methods depending on how you are connecting.

Method 1 — API Key + Secret (Recommended for Systems)

This is the correct method for automated integrations, background sync jobs, and any software-to-software communication. It works like a username and password combination but is designed for machines rather than humans.

How to Generate Your Credentials

Log in to the MedGrid Vendor Portal.
Navigate to User Settings > API Access.
Click Generate Keys to create your API Key and API Secret.
Copy both values and store them securely (treat them like passwords).

Authorization Header

Include the following header in every API request:

Authorization: token YOUR_API_KEY:YOUR_API_SECRET
Content-Type: application/json
Accept: application/json

Example API Request

curl -X POST "https://app.medgrid.com/api/method/medgrid.integrations.list_connections" \
  -H "Authorization: token abc123key:xyz789secret" \
  -H "Content-Type: application/json"

Security Warning: Never embed your API Key and Secret in client-side (browser) code or mobile apps. They should only be used on a secure server where end users cannot access them.

Method 2 — Session Cookie (Browser Portal)

When you log in to the MedGrid Vendor Portal in a browser, MedGrid issues a session cookie (sid) that is automatically sent with every request. This method is only for browser-based portal access — not for automated systems.

POST/api/method/login

{
  "usr": "vendor@yourcompany.com",
  "pwd": "your-portal-password"
}

On success, a session cookie is set automatically. The browser includes it on every subsequent request for the duration of the session.

Base URL

Production

https://app.medgrid.com

Sandbox

https://sandbox.medgrid.com

Use the Sandbox for testing. The Sandbox environment is a safe space to test your integration without affecting real orders or inventory. Always complete testing in Sandbox before going live.

Chapter 4

Vendor Profile

Your Vendor Profile is your public identity on the MedGrid marketplace. Customers and sales reps see your profile when browsing products.

Profile Fields

Field	Description	Required
`vendor_name`	Your company or business name as it appears publicly on MedGrid.	Required
`vendor_user`	The MedGrid user account associated with this vendor profile.	Required
`supplier`	Internal link to the Supplier record used for order routing.	Required
`description`	Short bio or company description shown on your marketplace profile.	Optional
`logo`	Your company logo (image file). Displayed on product listings and your profile page.	Optional
`website`	Your company website URL.	Optional
`email`	Primary business contact email.	Optional
`phone`	Primary business phone number.	Optional
`address`	Your business mailing/billing address.	Optional

Social Profile

Optionally link your social media accounts to enhance your marketplace profile visibility. Supported platforms: LinkedIn, Instagram, Twitter/X, Facebook.

Profile Review: Changes to your Vendor Profile may be reviewed by MedGrid admins before they appear publicly. Keep your profile accurate and professional.

Chapter 5

Product Synchronization

How vendors upload, update, and maintain their product catalog on MedGrid.

Product Lifecycle

Every product in MedGrid follows an approval workflow before it can be sold on the marketplace:

Stage	Status	Meaning
New Product	Draft	Created but not yet submitted for review. Only visible to the vendor and MedGrid admins.
Submitted	Pending Approval	Submitted to MedGrid catalog team for review. Visible to admins only.
Approved	Active	Approved and live in the MedGrid catalog. Customers and sales reps can browse and order it.
Rejected	Rejected	Returned with rejection reason. Vendor must update and resubmit.

Product Data Fields

When creating or syncing a product, include the following fields:

Field	Type	Description	Required
`item_code`	string	Your unique SKU or product identifier. Used as the primary key for matching across systems.	Required
`item_name`	string	Human-readable product name as it appears in the catalog (e.g. "Vitamin D3 5000 IU").	Required
`description`	string (HTML)	Full product description. Supports basic HTML formatting for bold, lists, etc.	Required
`item_group`	string	Product category (e.g. "Supplements", "Peptides", "Compounded Medications").	Required
`brand`	string	Manufacturer or brand name.	Optional
`stock_uom`	string	Unit of measure for stock (e.g. "Nos", "Vial", "Box", "mg").	Required
`standard_rate`	decimal	Your base / list price for this product in USD.	Required
`image`	URL/file	Primary product image. JPEG or PNG, minimum 600×600px recommended.	Optional
`is_stock_item`	boolean	Set `true` if MedGrid should track physical inventory for this product.	Required
`default_supplier`	string	Your Supplier record name. Links this product to your vendor account for order routing.	Required

Example Product Payload

{
  "item_code": "VD3-5000-120",
  "item_name": "Vitamin D3 5000 IU (120 Softgels)",
  "description": "<p>High-potency Vitamin D3 to support immune function, bone health, and mood.</p>",
  "item_group": "Supplements",
  "brand": "NutriCore Labs",
  "stock_uom": "Box",
  "standard_rate": 28.50,
  "is_stock_item": true,
  "default_supplier": "NutriCore-001",
  "image": "https://cdn.yourcompany.com/products/vd3-5000.jpg"
}

SKU Mapping

MedGrid uses your item_code as the primary SKU. When integrating with ShipStation or Shopify, the SKU is used to map products across systems:

External System	MedGrid Field	What It Stores
ShipStation	`shipstation_product_id`	Your SKU as it appears in ShipStation for this product.
Shopify (self-serve)	`exoceuticals_variant_id`	Shopify ProductVariant GID for catalog-matched items.

Catalog Curation Policy: MedGrid does not auto-import products. Every product must be submitted and approved by the MedGrid catalog team. This ensures quality and compliance across the marketplace.

Chapter 6

Inventory Management

Keep your product availability up to date so customers always see accurate stock levels.

How Inventory Works in MedGrid

MedGrid tracks inventory per product per warehouse. Each warehouse represents a physical or virtual fulfillment location. When a customer browses your products, they see real-time available quantities from the relevant warehouse.

Inventory Data Fields

Field	Description
`item_code`	The product SKU to update inventory for.
`warehouse`	The warehouse this inventory belongs to (e.g. "ShipStation Warehouse - SM").
`actual_qty`	Current physical quantity available for sale. Updated automatically via integrations.
`reserved_qty`	Quantity reserved for pending orders (managed automatically by MedGrid).

Inventory Update Methods

Via ShipStation Sync

When ShipStation is connected, MedGrid pushes orders to ShipStation. Inventory is tracked through ShipStation's fulfilment queue and reflected back.

Automatic

Via Shopify Sync

When Shopify is connected and a sync is triggered, MedGrid pulls your current Shopify inventory quantities and updates the corresponding MedGrid Item records.

On Demand

Via Stock Update

Vendors can submit stock updates directly through the MedGrid vendor portal to adjust quantities manually for any product in their catalog.

Manual

Best Practice: Use the ShipStation integration for continuous, automated inventory tracking. Manual stock updates should only be used for corrections or initial setup.

Chapter 7

Pricing & Discounts

MedGrid supports flexible, multi-tier pricing so vendors can set different prices for different customer segments.

Price Lists

MedGrid uses named Price Lists to manage pricing. A Price List is a named set of prices that applies to a specific customer group or sales channel. When a customer views your product, MedGrid automatically applies the Price List assigned to their account.

Price List	Who Sees It	Example
Standard Selling	All customers (default)	Your regular catalog price
Wholesale	High-volume buyers / distribution partners	10–20% below standard
Contract Pricing	Customers with a signed pricing agreement	Negotiated per-customer rate
Custom / Channel-Specific	Specific customers or sales channels	Sales rep-specific promotions

Pricing Data Fields

Field	Type	Description
`item_code`	string	The SKU this price applies to.
`price_list`	string	The Price List this price entry belongs to (e.g. "Standard Selling", "Wholesale").
`price_list_rate`	decimal	The price for this item in this Price List, in USD.
`valid_from`	date	Optional start date for a promotional price. Leave blank for a permanent price.
`valid_upto`	date	Optional expiry date for a promotional price. Leave blank for no expiry.
`min_qty`	integer	Optional minimum quantity required to apply this price (volume pricing).

Price Allowance (Rate Tolerance)

MedGrid may define a price rate allowance on your vendor account. This sets the maximum percentage by which a sales rep can adjust your catalog price during order creation. For example, a ±5% allowance means a rep can apply up to 5% discount or markup. This prevents pricing inconsistencies in the marketplace.

Promotional Pricing

To set a promotional price for a limited time, create an Item Price record with valid_from and valid_upto dates. The system automatically switches back to the standard price when the promotion expires. You do not need to manually revert it.

Price Updates: Price changes take effect immediately for all new orders. Existing submitted orders retain the price at the time they were placed.

Chapter 8

Order & Fulfillment

How vendors receive orders, confirm them, fulfill them, and update MedGrid with shipping information.

How Vendors Receive Orders

When a customer places an order on MedGrid that includes your products, a Sales Order is created and your items are automatically routed to your fulfillment system based on your integration setup:

If you use ShipStation: The order is pushed directly into your ShipStation queue. You process it in ShipStation normally.
If you use Shopify: A new order is created in your connected Shopify store automatically.
If you use Direct (Portal): The order appears in your Vendor Dashboard under pending fulfillments.

Order Fields You Will Receive

Field	Description
`order_number`	MedGrid Sales Order ID (e.g. SAL-2026-00123). Use this as your reference.
`order_date`	Date the order was placed.
`customer_name`	Name of the customer or practice placing the order.
`contact_email`	Customer contact email for delivery notifications.
`items`	Array of line items — each containing SKU, item name, quantity, and agreed price.
`shipping_address`	Full ship-to address including street, city, state, zip, and country.
`grand_total`	Total order value in USD.
`status`	Current order status: To Deliver, In Transit, Delivered, Cancelled.

Order Status Flow

Status	Meaning
Draft	Order is being prepared by the sales rep. Not yet confirmed.
Submitted / To Deliver	Order confirmed. Items need to be picked, packed, and shipped.
In Transit	Shipment has been dispatched. Tracking number has been recorded in MedGrid.
Delivered / Completed	Customer has received the order.
Cancelled	Order was cancelled. No fulfillment required.

Shipment Tracking Updates

Tracking numbers flow back to MedGrid automatically when using the ShipStation integration. MedGrid polls ShipStation for shipment data on your pushed orders and writes the tracking number and carrier to the Delivery Note record.

For Shopify-fulfilled orders, Shopify sends a webhook when the order is fulfilled, which MedGrid processes to update the order status and tracking information in real time.

Multi-Vendor Orders: A single customer order may contain products from multiple vendors. MedGrid automatically splits the order and routes each vendor's items separately. Each vendor only sees and fulfills their own line items.

Chapter 9

Integrations Portal

The Integrations Portal at /portal/integrations is your self-service hub for connecting your third-party accounts to MedGrid. No admin involvement needed.

Available Integrations

ShipStation

Connect your ShipStation account to automatically receive MedGrid orders and sync tracking numbers back.

API Key + Secret

Shopify

Connect your Shopify store via OAuth. MedGrid syncs your product catalog and pushes new orders to your store automatically.

OAuth 2.0

SMS / iMessage

Verify your mobile phone to receive AI-powered helpdesk answers and order updates via SMS or iMessage.

Phone OTP

Integration Status

Each integration shows a real-time status pill in the portal:

Status	Meaning
Connected	Credentials verified. Sync is active.
Not Connected	No credentials saved yet. Click Connect to set up.
Error	Credentials saved but last connection test failed. Re-enter credentials or contact support.
Syncing	A sync operation is currently in progress.

Integration Permissions

Each integration requests specific permissions (scopes) that describe exactly what data MedGrid can read or write. These are shown before you connect:

Integration	Permissions Requested
ShipStation	`orders.write` — push orders; `tracking.read` — pull tracking numbers.
Shopify	`read_products`, `write_products`, `read_orders`, `write_orders`
SMS (Sendblue)	`chat.identify` — link your phone to your account; `chat.reply` — receive and send messages.

Chapter 10

ShipStation Integration

Connect your own ShipStation account to push MedGrid orders directly into your shipping queue and pull tracking numbers back automatically.

What ShipStation Does in MedGrid

MedGrid Sales Orders assigned to your products are pushed to your ShipStation account as new orders.
You process and ship them normally inside ShipStation.
MedGrid periodically pulls tracking numbers and carrier information from ShipStation and stamps them on the Delivery Note.
Customers receive automatic shipping notifications via MedGrid.

Connecting ShipStation

Log in to ShipStation and go to Account Settings > API Settings.
Copy your API Key and API Secret.
In the MedGrid Vendor Portal, go to Integrations.
Click Connect next to ShipStation.
Enter your API Key and API Secret, then click Connect.
MedGrid tests the credentials immediately — you'll see a success confirmation.

Connect via API

POST/api/method/medgrid.integrations.connect_shipstation

{
  "api_key": "your-shipstation-api-key",
  "api_secret": "your-shipstation-api-secret"
}

Response on success:

{
  "message": {
    "ok": true,
    "integration": "shipstation",
    "status": "connected"
  }
}

Response on invalid credentials:

{
  "message": {
    "ok": false,
    "error": "Invalid API Key or Secret — ShipStation rejected the credentials.",
    "status": "error"
  }
}

Manual Sync

You can trigger a manual sync at any time — either from the portal or via API. This pushes all unfulfilled MedGrid orders to ShipStation and pulls tracking numbers for previously pushed orders.

POST/api/method/medgrid.integrations.sync_now

{
  "integration_type": "shipstation"
}

Response:

{
  "message": {
    "ok": true,
    "stats": {
      "orders_pushed": 3,
      "tracking_pulled": 5,
      "round_trip_ok": true
    }
  }
}

Test Connection

POST/api/method/medgrid.integrations.test_connection

{
  "integration_type": "shipstation"
}

Response:

{
  "message": {
    "ok": true,
    "error": null
  }
}

Disconnect

POST/api/method/medgrid.integrations.disconnect

{
  "integration_type": "shipstation"
}

Order Payload Sent to ShipStation

When MedGrid pushes an order to ShipStation, the following data is included:

Field	Description
`orderNumber`	MedGrid Sales Order ID (e.g. SAL-2026-00123)
`orderDate`	Date the order was placed in MedGrid
`orderStatus`	Always `awaiting_shipment` on creation
`customerEmail`	Customer contact email for ShipStation notifications
`amountPaid`	Total order value in USD
`items[].sku`	MedGrid item_code (your SKU)
`items[].name`	Item name
`items[].quantity`	Quantity ordered
`items[].unitPrice`	Unit price at time of order

Rate Limit: ShipStation limits API calls to 40 requests per minute. MedGrid handles retries automatically using exponential backoff if this limit is hit.

Chapter 11

Shopify Integration

Connect your own Shopify store to MedGrid. Sync your product catalog bidirectionally and receive MedGrid orders as Shopify orders.

What the Shopify Integration Does

MedGrid imports your Shopify product catalog and links each variant to its matching MedGrid Item via SKU.
New MedGrid Sales Orders for your products are created as orders in your Shopify store.
When Shopify marks an order as fulfilled, MedGrid receives the tracking information via webhook and updates the customer's order status.

OAuth Connection Flow

Shopify uses the industry-standard OAuth 2.0 protocol. You do not share your Shopify admin password — instead you grant MedGrid specific read/write permissions on your store.

Step 1 — Start the Install

POST/api/method/medgrid.integrations.shopify_start_install

{
  "shop_domain": "your-store.myshopify.com"
}

Response:

{
  "message": {
    "ok": true,
    "authorize_url": "https://your-store.myshopify.com/admin/oauth/authorize?client_id=...",
    "state": "abc123nonce"
  }
}

Open the authorize_url in a browser (or a popup). You will be taken to Shopify's permission approval screen.

Step 2 — Approve Permissions in Shopify

Shopify shows you a screen listing the permissions MedGrid is requesting:

Read and write your products
Read and write your orders

Click Install app to approve. Shopify will redirect back to MedGrid automatically.

Step 3 — OAuth Callback (Automatic)

Shopify redirects to MedGrid's callback URL with a temporary code. MedGrid exchanges this code for a permanent access token and saves it to your integration. The popup closes and your Integrations Portal shows "Connected".

Manual Sync

POST/api/method/medgrid.integrations.sync_now

{
  "integration_type": "shopify"
}

Response:

{
  "message": {
    "ok": true,
    "stats": {
      "products_pulled": 47,
      "round_trip_ok": true,
      "sample_titles": ["Product A", "Product B", "Product C"]
    }
  }
}

Permissions Requested

Scope	Why MedGrid Needs It
`read_products`	Import your Shopify product catalog to match with MedGrid items via SKU.
`write_products`	Update product availability status if MedGrid catalog changes.
`read_orders`	Read existing order status and fulfillment data.
`write_orders`	Create new orders in your Shopify store when customers order on MedGrid.

Chapter 12

SMS / iMessage Integration

Verify your mobile phone number to get AI-powered MedGrid support via SMS or iMessage — on demand, from your phone.

What You Get

Text the MedGrid helpdesk number at any time to ask questions about your orders, account, or catalog.
The AI assistant knows your account — no need to re-explain who you are.
Receive order status updates and tracking notifications on demand.

How to Connect

In the Vendor Portal, go to Integrations and find the SMS / iMessage card.
Enter your US mobile phone number.
Click Send Verification Code. You'll receive a 6-digit OTP via SMS.
Enter the code to confirm. Your phone is now verified and linked to your MedGrid account.

Note: Only US phone numbers are supported. Your phone number is only used to identify you for helpdesk purposes — it is never shared with third parties or used for marketing.

Chapter 13

Webhooks

Webhooks allow external systems to push real-time updates to MedGrid as events happen — no polling required.

How Webhooks Work

A webhook is an HTTP POST request that an external system (Shopify, ShipStation) sends to MedGrid when something happens — for example, when a Shopify order is fulfilled. MedGrid receives the event, verifies its authenticity, and updates the relevant order or delivery record automatically.

Inbound Webhook Endpoints

Endpoint	Source	Purpose
`/api/method/medgrid.exoceuticals.webhook`	Shopify (Exoceuticals)	Receives order fulfillment and cancellation events. Updates order status and tracking in MedGrid.

Webhook Security — HMAC Verification

MedGrid verifies every inbound webhook using HMAC-SHA256 to ensure the request is genuine and has not been tampered with.

Each webhook must include an X-Shopify-Hmac-Sha256 header containing a Base64-encoded HMAC signature of the raw request body, signed with your shared webhook secret.

X-Shopify-Hmac-Sha256: BASE64(HMAC_SHA256(webhook_secret, raw_request_body))

Security: Any webhook request that fails HMAC verification is immediately rejected with HTTP 401. Never skip HMAC verification when testing.

Webhook Event Payload (Shopify Order Fulfilled)

{
  "id": 4567890123,
  "fulfillment_status": "fulfilled",
  "cancelled_at": null,
  "fulfillments": [
    {
      "tracking_number": "1Z999AA10123456784",
      "tracking_company": "UPS",
      "tracking_urls": ["https://ups.com/track?number=1Z999AA10123456784"]
    }
  ]
}

Webhook Topics Supported

Topic	When It Fires	MedGrid Action
`orders/updated`	Any change to an order in Shopify	Polls order status and updates Sales Order fields.
`orders/fulfilled`	Order is marked fulfilled in Shopify	Sets order status to Fulfilled; stamps tracking number.
`orders/cancelled`	Order is cancelled in Shopify	Sets order status to Cancelled in MedGrid.

Chapter 14

Error Handling

What to do when an API call or integration fails.

Standard Error Response

When a MedGrid API call fails, the response includes a server message describing what went wrong:

{
  "exc_type": "ValidationError",
  "_server_messages": "[{\"message\": \"Both API Key and API Secret are required.\"}]"
}

HTTP Status Codes

Code	Meaning	What To Do
200	Success	Request completed. Check `message.ok` for integration-specific success flags.
400	Bad Request	A required field is missing or invalid. Check `_server_messages` for details.
401	Authentication Failed	Your API Key/Secret is wrong or missing. Verify the Authorization header format.
403	Permission Denied	Your account does not have permission for this action. Contact MedGrid support.
409	Already Synced	This order was already pushed to the external system. Do not resubmit — check the existing order.
417	Business Logic Error	The order is not in the correct state (e.g., still Draft). Ensure all required fields are filled and the order is submitted.
429	Rate Limited	Too many requests. MedGrid retries automatically; implement exponential backoff in your own code.
500	Server Error	Unexpected error on MedGrid's side. Contact MedGrid support with the error details.

Integration-Specific Errors

Integration	Common Error	Resolution
ShipStation	HTTP 401 from ShipStation	Invalid API Key/Secret. Regenerate credentials in ShipStation and reconnect.
ShipStation	HTTP 429 from ShipStation	Rate limit hit (40 req/min). MedGrid retries automatically — no action needed.
Shopify	`"Shop domain must end in .myshopify.com"`	Ensure you enter the full domain (e.g. `your-store.myshopify.com`).
Shopify	`"OAuth state expired"`	The OAuth flow timed out (10-minute window). Start the connection flow again.
Shopify	HTTP 401 on test	Access token has been revoked in Shopify. Disconnect and reconnect to get a new token.

Support: If an error persists, email integrations@medgrid.com with the error message, timestamp, and your vendor account name. Our team responds within 1 business day.