WellWalla CTO Documentation - API & Integrations

🧬 Fullscript API Integration

🔑

Authentication

OAuth 2.0 Flow

Active

Auth Type	OAuth 2.0
API Base URL	`https://us.fullscript.com/api/`
Documentation	fullscript.dev/docs
API Key Request	api@fullscript.com

🔗

Integration Options

Available Methods

Fullscript Embed - Iframe-based integration for seamless in-app experience
Fullscript Redirect - OAuth redirect flow for external linking
REST API - Full programmatic access to platform features
Webhooks - Real-time event notifications for orders, patients

📡

Key API Endpoints

REST API Reference

GET /patients - List and search patient records

POST /patients - Create new patient record

GET /treatment_plans - Retrieve treatment plans

POST /treatment_plans - Create supplement recommendations

GET /orders - Track order history and status

GET /products - Search product catalog

POST /webhooks - Register webhook endpoints

Webhook Events

Event Type	Description
`order.created`	New order placed by patient
`order.shipped`	Order has shipped
`patient.activated`	Patient activated their account

💳 Authorize.net Payment Gateway

🏦

Gateway Configuration

WooCommerce Integration

Production

Auth Method	API Login ID + Transaction Key
API Format	XML / JSON REST
Endpoint (Prod)	`api.authorize.net`
Endpoint (Test)	`apitest.authorize.net`
PCI Compliance	Level 1 PCI-DSS

⚡

Key Capabilities

Transaction Types

authCaptureTransaction - Authorize and capture in one step
authOnlyTransaction - Authorize only (capture later)
captureOnlyTransaction - Capture previously authorized
refundTransaction - Process refunds
voidTransaction - Void pending transactions
Customer Information Manager (CIM) for saved cards
Recurring billing and subscriptions
Advanced Fraud Detection Suite (AFDS)

📝

Sample Transaction Request

createTransactionRequest

{
  "createTransactionRequest": {
    "merchantAuthentication": {
      "name": "API_LOGIN_ID",
      "transactionKey": "API_TRANSACTION_KEY"
    },
    "transactionRequest": {
      "transactionType": "authCaptureTransaction",
      "amount": "49.99",
      "payment": {
        "creditCard": {
          "cardNumber": "4111111111111111",
          "expirationDate": "2027-12",
          "cardCode": "123"
        }
      }
    }
  }
}
                    

🔍 Brave Search API

📊

Current Plan

Free AI Tier

Active

2,000

Queries / Month

1

Query / Second

API Base	`api.search.brave.com`
Auth	X-Subscription-Token header
Index Size	30+ billion pages
Freshness	100M+ updates/day

🎯

Available Endpoints

Specialized Search Types

/web/search - General web search
/images/search - Image search
/videos/search - Video search
/news/search - News search
/suggest - Autocomplete suggestions
/spellcheck - Spelling corrections
Extra snippets (up to 5 per result)
Schema-enriched results (movies, wikis)
Search Goggles for custom re-ranking

💰

Pricing Tiers (Reference)

Upgrade options if needed

Plan	Price	Rate Limit	Monthly Quota	AI Rights
Free AI (Current)	$0	1 q/s	2,000	Limited
Base AI	$5/1K req	20 q/s	20M	✓
Pro AI	$9/1K req	50 q/s	Unlimited	✓

Note: SOC 2 Type II attested. Zero Data Retention option available for enterprise compliance needs.

🤖 OpenClaw Platform

⚙️

Platform Details

AI Agent Framework

v2026.1.30

Version	2026.1.30
Gateway Port	18789
Workspace	`~/.openclaw/workspace/`
Config	`~/.openclaw/openclaw.json`

🧠

Available Models

via AI Ultra OAuth

claude-opus-4-5-thinking (195k) - Primary
gemini-3-pro-high (1024k)
gemini-3-flash (1024k)
claude-sonnet-4-5 (195k)
claude-sonnet-4-5-thinking (195k)
gpt-oss-120b-medium (128k)

📱

Core Capabilities

Agent Tools & Integrations

📁

File Operations

read, write, edit

🖥️

Shell Execution

exec, process management

🌐

Web Tools

search, fetch, browser control

📧

Telegram Channel

@PictureTiiime bot

🖼️

Canvas

present, eval, snapshot

📱

Node Control

camera, screen, location

🔊

TTS

ElevenLabs integration

⏰

Cron & Heartbeats

Scheduled tasks

📦 WordPress Plugin Inventory

🔌

Active Plugins

WellWalla WordPress Installation

🛒

WooCommerce

E-commerce Core

💳

Authorize.net Gateway

Payment Processing

🧬

Fullscript Integration

Supplement Dispensary

🔐

Wordfence Security

Firewall & Malware

📊

Google Analytics

Site Metrics

📧

WP Mail SMTP

Email Delivery

🚀

WP Rocket

Caching/Performance

📝

Yoast SEO

Search Optimization

📋

WPForms

Form Builder

🎨

Elementor

Page Builder

💾

UpdraftPlus

Backups

🔄

WooCommerce Subscriptions

Recurring Billing

🛒 WooCommerce Configuration

⚙️

General Settings

Store Configuration

Currency	USD ($)
Tax Calculation	Enabled (Automated)
Coupons	Enabled
Guest Checkout	Disabled (Account required)
Account Creation	Enabled at checkout

📦

Shipping & Payments

Fulfillment Settings

Payment Gateway	Authorize.net (Primary)
Shipping Zones	US (Lower 48), International
Free Shipping	Orders $75+
Order Status Flow	Pending → Processing → Shipped

🔒 Security Recommendations

🚨

High Priority

Immediate Action Required

Critical

Enable 2FA for all admin accounts (WordPress + WooCommerce)
Update PHP version if running below 8.1
SSL/TLS certificate - Ensure auto-renewal is configured
Database backups - Verify daily automated backups are running
Admin URL - Consider changing from default /wp-admin

⚠️

Medium Priority

Recommended Improvements

Important

Limit login attempts - Configure Wordfence brute force protection
File permissions - Audit wp-config.php and uploads folder
XML-RPC - Disable if not using mobile apps or Jetpack
User role audit - Remove unused admin accounts
Plugin audit - Remove any inactive/unused plugins

✅

Best Practices

Ongoing Maintenance

Recommended

Security headers - Add CSP, X-Frame-Options, HSTS
WAF rules - Review and update Wordfence firewall rules
Activity logging - Enable user activity audit trail
Uptime monitoring - Set up external health checks
Staging environment - Test updates before production
API key rotation - Schedule quarterly key rotation for all integrations

📋

API Key Security Checklist

Integration Credentials Management

Integration	Key Storage	Rotation Policy	Access Scope
Authorize.net	WooCommerce Settings (encrypted)	Annual or after breach	Payment processing only
Fullscript	Plugin settings	Annual	Patient/order management
Brave Search	OpenClaw config	Quarterly recommended	Search queries only
Google Analytics	Plugin OAuth	Token refresh automatic	Read-only analytics