Integration Service

Central API gateway connecting Canvas Medical, Stripe, pharmacies, and all frontend applications.

Overview Authentication Admin API RxQueue API Patient API Canvas Payments Records Pharmacy Routing Scheduling

Overview

The Integration Service is the central API gateway for the YourEra platform. It is a Next.js application running on ECS Fargate that serves as the Backend for Frontend (BFF) for both the Admin Portal and Patient Portal, while also coordinating all external service integrations.

Rather than a pure microservices architecture, the Integration Service acts as a "slimmed monolith" that provides a single coordination point for Canvas Medical, Stripe, PioneerRx, Boothwyn, FedEx, HubSpot, Zoom, and other external services.

Infrastructure

Component	Value
Host	`api.hisera.com`
ALB Priority	10
Target Group	`hisera-tg-integration`
ECS Service	`hisera-integration-service`
ECR Image	`hisera/integration-service`
Database	`hisera-db` (RDS PostgreSQL, private VPC)
Region	`us-east-1`

Service Integrations

┌─────────────────────────────────────────────┐
│           Integration Service (ECS)          │
├──────────┬──────────┬──────────┬─────────────┤
│  Canvas  │  Stripe  │ Pharmacy │  External   │
│  FHIR    │ Payment  │  Router  │  Services   │
│  API     │  API     │          │             │
├──────────┼──────────┼──────────┼─────────────┤
│ Patient  │ Setup    │ Pioneer  │ FedEx       │
│ Task     │ Intent   │ Rx       │ HubSpot     │
│ MedReq   │ Payment  │ Boothwyn │ Zoom        │
│ Comms    │ Intent   │ Strive   │ SendGrid    │
│ Schedule │ Refund   │          │ Twilio      │
└──────────┴──────────┴──────────┴─────────────┘

Authentication

The Integration Service uses three authentication mechanisms depending on the caller:

1. ADMIN_SECRET (Server-to-Server)

Internal services (e.g., Canvas plugins, cron jobs) authenticate by including the ADMIN_SECRET value in the Authorization header. This bypasses JWT validation and grants full admin access.

Authorization: Bearer <ADMIN_SECRET>

2. Admin JWT (Portal Users)

Admin Portal users authenticate via OTP, Canvas HMAC, or Magic Link to receive a JWT with 24-hour expiry. The requireAdmin() middleware validates the JWT on all /api/admin/*, /api/tasks, /api/task-action, and /api/rx-queue/* endpoints.

3. HMAC (Canvas Plugin)

The Canvas prescription_queue plugin signs requests with a shared secret (CANVAS_AUTH_SECRET, same value as ADMIN_JWT_SECRET). The signature includes a timestamp for replay protection.

Dual-Mode Middleware The requireAdmin() function is async and dual-mode: it accepts either the ADMIN_SECRET for server-to-server calls or a valid admin JWT for portal users.

Admin API

The Admin API serves the Admin Portal with endpoints for dashboard statistics, patient management, order tracking, and operational tools. All endpoints require admin authentication.

Endpoints

Method	Endpoint	Description
GET	`/api/admin/stats`	Dashboard aggregated statistics (revenue, Rx count, shipments, routing)
GET	`/api/admin/patients`	Patient search across Canvas and integration DB
GET	`/api/admin/patients/:id`	Full patient detail with all tabs (intake, payments, Rx, shipments, refills)
GET	`/api/admin/orders`	Paginated orders with payment + shipment joined view
GET	`/api/admin/sync-logs`	Canvas-PioneerRx integration audit trail
POST	`/api/admin/refund`	Issue Stripe refund (full or partial)
POST	`/api/admin/charge-hold`	Charge a saved payment method
GET	`/api/admin/prescriptions/:patientId`	Patient prescriptions from Canvas FHIR
GET	`/api/admin/shipments/:patientId`	Patient shipment history
GET	`/api/admin/refills/:patientId`	Refill schedule and history
GET	`/api/admin/appointments`	Telehealth appointment list
GET	`/api/admin/conversations`	HubSpot conversation threads
POST	`/api/admin/conversations/:id/reply`	Reply to HubSpot conversation

RxQueue API

The RxQueue API powers the prescription approval workflow in the Admin Portal. Tasks originate as Canvas FHIR tasks and are enriched with patient data before being presented to the practitioner.

GET /api/tasks

Lists "Rx Review" tasks from Canvas FHIR, enriched with patient demographics, medication details, and intake data. Supports practitioner filter.

GET /api/rx-queue/hp-data/:taskId

Returns the complete H&P data package for a specific task: patient demographics, intake questionnaire responses, medical conditions, observations, assigned practitioners, and available dosage options.

POST /api/task-action

Approves or denies a prescription task. On approval, triggers the 7-step orchestrator pipeline (medication config, patient lookup, prescriber routing, pharmacy routing, pharmacy sync, payment, notification) and creates an H&P note in Canvas.

GET /api/practitioners

Returns the list of Canvas practitioners for filtering the task queue.

Patient API

The Patient API provides endpoints consumed by the Patient Portal. These endpoints are also available to internal services via the ADMIN_SECRET header.

Method	Endpoint	Description
GET	`/api/patient-records/:patientId`	Immutable intake snapshot for redundancy/recovery
GET	`/api/patient-notifications/:patientId`	Persistent notifications for a patient
GET	`/api/patient-shipments/:patientId`	Shipments from integration DB

Canvas Integration

The Integration Service is the primary consumer of the Canvas Medical FHIR API. It uses OAuth2 client credentials for authentication and interacts with Canvas for patient management, clinical data, task workflow, and messaging.

OAuth2 Authentication

// Token request (client credentials grant)
POST https://yourera.canvasmedical.com/auth/token/
grant_type=client_credentials
client_id=<CANVAS_CLIENT_ID>
client_secret=<CANVAS_CLIENT_SECRET>

FHIR Resources Used

Resource	Operations	Purpose
`Patient`	Create, Read, Search	Patient creation during intake, profile lookup
`Task`	Read, Search, Update	Rx Review tasks for the prescription queue
`MedicationRequest`	Read, Search	Prescription data for patient and admin views
`Communication`	Create, Read, Search	Patient-practitioner messaging
`Condition`	Read, Search	Medical conditions for H&P review
`Observation`	Read, Search	Clinical observations for H&P review
`Practitioner`	Read, Search	Practitioner list and assignment
`Schedule`	Read, Search	Practitioner availability for appointments

Canvas Portal Email Canvas has TWO separate email fields: FHIR Patient.telecom[email] (contact) vs Canvas User portal email (for invites/resets). Creating a FHIR Patient does NOT auto-set the portal email — you must use UpdateUserEffect(user_dbid, email) via a Canvas plugin.

Payment System

The Integration Service manages the full Stripe payment lifecycle. Cards are saved during intake and charged later when a prescription is approved.

Payment Flow

Intake: A SetupIntent is created to securely save the patient's card
Card Saved: The PaymentMethod ID is stored in the payment_holds table
Approval: When the orchestrator approves a prescription, it calls chargePaymentHold(canvasPatientId)
Charge: An off-session PaymentIntent is created using the saved PaymentMethod
Refill: Subsequent charges use the same saved PaymentMethod

Stripe Amounts The amount_off field from Stripe coupons is in cents, not dollars. The DiscountService converts to dollars before applying to the total.

Discount Codes

POST /validate-coupon

Validates a Stripe coupon code and returns discount details. The coupon ID in Stripe must match the code the user enters. This endpoint is on the intake API (intake-api.hisera.com), which is separate from the iOS API (api-app.hisera.com).

Patient Records

The Integration Service maintains immutable intake snapshots in the database. These serve as a redundancy layer — if Canvas data is ever unavailable, the original intake submission is preserved for recovery.

Storage Model

Immutable: Once an intake is submitted, the record is never modified
Complete: Contains the full questionnaire response, demographics, and metadata
Indexed: Searchable by Canvas patient ID, email, and submission date
Encrypted: Stored with AES-256-GCM encryption via encryptAndStore/retrieveAndDecrypt

Pharmacy Routing

The Integration Service contains the state-based pharmacy routing logic that determines which compounding pharmacy fulfills each prescription and which prescriber is assigned.

State Routing Rules

Pharmacy	States	Description
GMP (PioneerRx)	18 states	Primary pharmacy for states where GMP is licensed
Boothwyn/Strive	Remaining states	Fallback pharmacy for states outside GMP coverage
Excluded	MN, CA, TX, AR, NC, OK	States where YourEra does not currently operate

Prescriber Assignment

The getPrescriberForState() function in medication-config.ts routes to the correct prescriber based on the patient's state:

Prescriber	NPI	Coverage
Ali Nolan FNP-C	`1982609764`	18 GMP states
Neelima Singh MD	`1164633533`	All other eligible states (fallback)

Scheduling

The Integration Service provides the scheduling engine for telehealth appointments. It combines Canvas practitioner schedules with Zoom meeting creation to provide end-to-end appointment management.

Components

Availability Engine: Queries Canvas FHIR Schedule/Slot resources to determine open time slots
Zoom Integration: Creates Zoom meetings automatically when appointments are booked
Appointment Storage: Appointments are stored in both Canvas (as Appointments) and the integration DB (for portal queries)
Notifications: Confirmation emails and 24-hour reminders sent via the Notification Service

Zoom Meeting Creation

// Zoom meeting is created with patient and practitioner details
{
  "topic": "YourEra Telehealth - Dr. Singh",
  "type": 2,  // Scheduled meeting
  "start_time": "2026-03-23T14:00:00Z",
  "duration": 15,
  "settings": {
    "join_before_host": true,
    "waiting_room": true
  }
}