Getting Started
Testing in UAT
Section titled “Testing in UAT”VectorCare is a two-sided marketplace. Requesters (healthcare organizations) create service requests, and Receivers (transport service providers) fulfill them. As an integrator, it is most likely your system operates as a Receiver, but on UAT you will need to act in both roles to simulate production behavior.
To test the full webhook flow in UAT, you need access to both sides:
- A Requester organization to create and broadcast service requests
- A Receiver organization where your webhook and client credentials are configured
Contact support@vectorcare.com and we’ll get your UAT environment set up with both organizations for you. We will handle permissions and user configuration on our end.
Switching Between Organizations
Section titled “Switching Between Organizations”Click the icon with nine boxes at the top of the page, next to your company name, to switch between your Requester and Receiver organizations. Make sure you verify which organization you’re in before taking any actions.
Configuring Your Receiver Organization
Section titled “Configuring Your Receiver Organization”Your Receiver organization is where your integration lives. You will need to configure the following in your Receiver organization under Settings > Open API:
- Client Credentials: Create credentials for OAuth2 authentication. Copy and securely store the Client Secret immediately as it will only be shown once.
- Webhook URL: Enter your HTTPS endpoint where VectorCare will send webhook events. Select
v2.0as the Webhook Version.
Triggering Webhook Events
Section titled “Triggering Webhook Events”- Switch to your Requester organization
- Create a new service request
- On the detail page for the service request, click Take Action > Broadcast
- Click Show Other Service Providers and select your Receiver organization
- Your Receiver organization will get a webhook with
request_status: AVAILABLEandaction: BROADCAST_RECEIVED - Switch to your Receiver organization and accept the request from the VectorCare interface, or use the Accept endpoint
- Your Receiver organization will get a second webhook with
request_status: ASSIGNEDandaction: BROADCAST_ACCEPTED
Webhook Call History
Section titled “Webhook Call History”The Webhook Call History section in your Receiver organization’s Open API settings shows recent webhook deliveries:
| Column | Description |
|---|---|
| Request ID | The service request that triggered the webhook |
| Webhook ID | Which webhook received the call |
| Response Code | HTTP status returned by your endpoint |
| Data | Click to view the full payload |
| Redeliver | Manually resend a failed webhook |
| Event Type | The action that triggered the webhook |
| Created | Timestamp of the delivery attempt |
Use this to debug integration issues and redeliver missed webhooks.
Webhook Requirements
Section titled “Webhook Requirements”- Endpoint must use HTTPS (HTTP is rejected)
- Endpoint must respond within 10 seconds
- Endpoint must return a 2xx status code on success
- Maximum of 2 active webhooks per organization
- Each customer organization requires its own webhook URL configuration. A common pattern is to include an identifier in your webhook URL (e.g.,
https://yoursite.com/webhook?customer_id=123)
IP Allowlist
Section titled “IP Allowlist”VectorCare delivers webhooks from a fixed set of IP addresses. If your endpoint is behind a firewall or cloud security group, you will need to allow these IPs. See Webhooks Overview: IP Allowlist for the full list and configuration guidance.
RSA Public Key
Section titled “RSA Public Key”The webhook configuration displays the RSA-SHA256 public key used to sign webhooks. Use this to verify webhook signatures.
Client Credential Management
Section titled “Client Credential Management”- Client credentials are specific to each organization. If you are an integrator working with multiple service providers, each will likely have their own organization, which means setting up a webhook and client credentials for each one.
- Credentials can be deleted if compromised or no longer needed
- Rotating credentials: Create a new credential, update your integration, then delete the old one
CAD Configuration
Section titled “CAD Configuration”The CAD Name field identifies your integration in VectorCare’s internal systems. This is typically set during onboarding and doesn’t affect API functionality. If you don’t see your CAD listed, contact support@vectorcare.com and we’ll add it for you.
Permissions Reference
Section titled “Permissions Reference”VectorCare will configure permissions for your organization during onboarding. For reference, these are the permissions required for Open API access:
| Permission | Description |
|---|---|
| Can access Open API | User can interact with Open API endpoints |
| Can configure Open API Client Credentials | User can create and delete Client Credentials for Open API integrations |
| Can configure Open API for account | User is allowed to generate credentials for Open API clients and configure webhook URLs |
| Can configure Webhooks | User can create and delete Webhook endpoints |