Prerequisites
- Valid partner credentials (partner_id, partner_secret, organization_id, organization_secret)
- Parchment SSO Integration: You must first set up Parchment SSO before implementing iframe embedding
- Your domain needs to be whitelisted in Parchment’s environments
Implementation Steps
1. Generate SSO Token with Embed Path
When generating an SSO token for iframe embedding, use the /embed/ prefix in your redirect path:
🚀 API Endpoint
Headers:
x-partner-id: Your partner IDx-partner-secret: Your partner secretx-organization-id: Target organization IDx-organization-secret: Organization secretx-user-id: Parchment user ID to authenticateContent-Type: application/json
Request Body:
{
"redirect_path": "/embed/patients/f03b972b-53ea-452d-ae48-024817f6c3b0/prescriptions"
}
Important: The /embed/ prefix in the redirect_path tells Parchment to render the page in iframe-optimized mode, removing navigation elements and adjusting the layout for embedded display.
Available Embed Paths
| Path | Description |
|---|
/embed/patients/{patient_id}/prescriptions | Prescription form for a specific patient. Main entry point for creating new prescriptions. |
/embed/patients/{patient_id}/prescriptions/{prescription_id} | View or manage an existing prescription for a patient. |
/embed/prescriptions/approval | Approval dashboard for reviewing, approving, amending, or rejecting queued prescriptions. |
{
"success": true,
"data": {
"sso_token": "eyJ...",
"redirect_url": "https://portal.parchment.health/auth/sso?token=eyJ...&redirect=%2Fembed%2Fpatients%2F...",
"expires_in": 300
}
}
Query Parameters
The prescription form (/embed/patients/{patient_id}/prescriptions) accepts query parameters to pre-fill fields and to pass partner data through to webhooks. Append them to the redirect_path when generating the SSO token — they are preserved through the SSO redirect onto the embedded page:
{
"redirect_path": "/embed/patients/f03b972b-53ea-452d-ae48-024817f6c3b0/prescriptions?custom_drug_id=DRUG%2342&quantity=2&reserved_1=ORDER-9087"
}
URL-encode all values (e.g. a space becomes %20, # becomes %23).
Pre-fill parameters
| Parameter | Type | Constraints | Description |
|---|
custom_drug_id | string | non-empty | Selects a custom drug from the organization catalog as the medication. |
quantity | integer | 1–99 | Quantity to dispense. |
repeats | integer | 0–99 | Number of repeats. |
repeats_interval | integer | 1–365 | Minimum interval (days) between repeats. |
patient_instructions | string | ≤ 250 chars | Directions for the patient. Longer values are truncated. |
doctor_instructions | string | ≤ 50 chars | Note for the dispenser. Longer values are truncated. |
Reserved parameters
Opaque pass-through values for partner use. They are shown read-only on the form and delivered on the resulting webhook in the top-level metadata object (see Webhook Events).
| Parameter | Type | Constraints | Description |
|---|
reserved_1 | string | ≤ 30 chars | Reserved partner data. Longer values are truncated. |
reserved_2 | string | ≤ 30 chars | Reserved partner data. Longer values are truncated. |
reserved_3 | string | ≤ 30 chars | Reserved partner data. Longer values are truncated. |
null.
2. Embed in Your Application
Use the returned redirect_url as the iframe source:
<iframe
src={iframeUrl}
className="absolute inset-0 size-full border-0"
allow="clipboard-write; publickey-credentials-get *; publickey-credentials-create *"
referrerPolicy="strict-origin-when-cross-origin"
title="Parchment Portal"
/>
Result
