API Overview
The WHOOP Healthcare Partner API is a server-to-server integration designed for healthcare partners. Unlike the standard WHOOP developer API—which requires end-user OAuth authorization—the Partner API uses a Trusted Partner credential to authenticate directly between your backend and WHOOP's servers. There is no end-user login flow.
Who It's For
The Partner API is available exclusively to WHOOP-approved healthcare partners. It is not available to general developers.
Core Concepts
Partner integrations center around four resources:
| Resource | Description |
|---|---|
| Requisition | A lab order created by WHOOP, containing one or more service requests |
| Service Request | A single FHIR-based lab test within a requisition |
| Diagnostic Report | Lab results submitted by the partner for a completed service request |
| Clinical Report Review | A clinical report generated by WHOOP that requires partner review |
The typical workflow is:
- WHOOP creates a Requisition and notifies your system via webhook.
- Your lab retrieves the Requisition, validates the order, and sets each Service Request to
ORDER_CONFIRMED. - As your lab processes the sample, you update each Service Request status to reflect progress. (Complete a Service Request)
- As each test completes, you submit a Diagnostic Report for that service request. (Submit Diagnostic Results)
Key Differences from Standard API
| Standard Developer API | Partner API | |
|---|---|---|
| Auth flow | User-delegated OAuth 2.0 | Server-to-server (client credentials) |
| Token endpoint | /oauth/oauth2/token | /developer/v2/partner/token |
| Scope | User data scopes (e.g. read:recovery) | whoop-partner/token |
| Who creates resources | Your app | WHOOP |
| User consent required | Yes | No |
Partner Credentials
Partner credentials (client ID and client secret) are granted by WHOOP as part of the partner onboarding process. They are separate from any standard developer app credentials you may have. See Authentication for how to use them.