Registers a URL to receive events for every integration tied to this partner.
There is no per-endpoint event filter — a registered endpoint receives the
full set of events the partner's integrations emit. Each event is delivered
as POST <webhook_url> with a JSON body shaped like:
{
"id": "evt-...",
"type": "patient.created",
"practice_id": "prc-...",
"created_at": "2026-05-26T14:23:00.000Z",
"object": { ...full resource snapshot... }
}The object field carries the resource snapshot; its shape matches the
corresponding GET /api/provider/<resource>/:id response.
Each request carries an X-Hint-Signature: sha256=<hmac> header — HMAC-SHA256
of the raw request body, keyed by the partner's webhook signature key
(Partner Portal → API Keys → Webhooks Signature Key, mirrored to the
HINT_WEBHOOK_SECRET env var on Hosted Mode deploys). Endpoints should
compute the expected signature themselves and reject requests whose
signature doesn't match.
Discover the current event-type list at GET /partner/webhook_events —
it returns the live set of resource.action strings derived from the
platform's IntegrationEvent registry. Implementations should ignore unknown
event types; new resource/action pairs may be added without a version bump.

