InstantOn (via OAuth)

How to "connect" with Hint Practices

Integrations with real practices can either happen manually, or automatically through our InstantOn OAuth flow. Manual integrations mean the practice confidentially sends you an authorization code, and you then manually hit our OAuth route to get that practice's API key. This is slow and creates a poor experience for the end user. We strongly recommend implementing InstantOn, as shown below.

The InstantOn Flow

Hint's InstantOn works through OAuth. Currently we support steps 3, 4, and 5 of a standard OAuth Flow. This is because all integrations will initiate from within Hint, and thus steps 1 & 2 are unneeded. Later, we will support steps 1 and 2, so that integrations could start from your side.

For now, the flow looks like this for "live" partners...

1.) A provider sees your integration, and asks to connect


Your integration page, populated with the information you provide us during the development process.

2.) After they click Connect, they will be redirected to the redirect_url you gave us in the initial registration form, except we'll append an authorization code to that url. For example, if your redirect_url is then, we would redirect them to something like


Hey. Check That Redirect!

We just put the authorization code immediately after your url, no questions asked. This lets you retain control over how that auth code gets used in your routes, whether it's a query param or just part of the route, like an ID.


The provider lands at your login/signup page.

3.) The provider signs in to their account for you. (Or they create a new account, however you want to implement that). But either way, you now have that authorization code linked to that user. Once you're ready to start the integration, just POST that code to our /api/oauth/tokens route. You will receive your API key, Practice ID, and Integration ID, and now you're all set! The response will look something like this...

// Successful Token Response 
  "id": "int-j21vwWTG0EiP",
  "status": "connected",
  "token_type": "bearer",
  "practice": {
    "name":"Joe's Practice"
  // This is the practice's API Key.

What’s Next