Skip to main content

Changelog

This page tracks meaningful changes to the partner-facing API surface, webhook contract, and integration guides. Subscribe by watching the stealth-health-nextjs repo or contact partners@stealth.health for an email digest.

We follow a "no breaking changes without a major version bump and a 90-day deprecation notice" policy. Additive changes (new fields, new events, new endpoints) ship in minor releases.

2026-04 — 0.2

Added

  • Clinical Tier — Partner-submitted prescriptions. Clinical-tier partners can now register their own licensed prescribers and submit prescriptions written by them via two new endpoints:
    • POST /partner/prescribers, GET /partner/prescribers, GET /partner/prescribers/{id}, DELETE /partner/prescribers/{id} — manage the partner-prescriber registry.
    • POST /partner/prescriptions — submit a prescription tied to a registered prescriber. Patient resolution accepts an existing patient_id, an existing referral_id, or an inline patient profile.
    • Two new webhook events: prescription.received and prescription.rejected.
    • Controlled-substance handling: schedule II–V Rx requires a valid dea_number for US prescribers; CDSA Schedule I–V Rx requires a Canadian provincial license. Partial details in Clinical Tier § 11.2.
  • Clinical Tier — HIPAA & compliance section expanded with Stealth Health's technical controls (TLS 1.2+, AES-256 at rest, key handling, webhook integrity, sub-processor list) and a new § 16 Partner Implementation Best Practices.
  • Partner documentation site (this site) launched at docs.stealth.health.

Changed

  • All Google Cloud regional references updated to us-east5 (Columbus, Ohio).

Webhook events added

  • prescription.received
  • prescription.rejected

2026-03 — 0.1 (Initial draft)

Added

  • Referral Tier — initial spec covering enrollment URL minting, lifecycle webhooks, transactions, and shipment tracking. PHI-free.
  • Clinical Tier — initial spec covering patient profiles, intake responses, appointments, prescriptions, transactions, and clinical-tier webhook events under a BAA.
  • Prescriber-Partner Tier — initial spec for partners that own the patient intake and consume Stealth Health physician review and signing as a service.
  • Authentication: X-Partner-ID + X-Api-Key, HMAC-SHA256 signed webhooks (X-Stealth-Signature).
  • Standardized error code catalog and per-tier rate limits (300 req/min prod / 60 req/min sandbox).

How versioning works

  • Major (1.0, 2.0) — breaking changes to request/response shapes, removed fields, or removed endpoints. Communicated 90 days in advance via email + this changelog. Old version stays available until the deprecation window closes.
  • Minor (0.2, 0.3) — additive changes. New fields are non-breaking; clients are expected to ignore unknown fields and unknown webhook event types.
  • Patch / docs — wording, example, or diagram updates with no behavioral change. Not separately versioned.

The Content-Type of all API responses includes the version, e.g. application/vnd.stealth.health.v1+json. The current version sent on the wire is documented in each tier guide.

Last updated on