> ## Documentation Index
> Fetch the complete documentation index at: https://docs.decodahealth.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Developer Settings

> Configure webhooks, API access, custom email domains, and third-party integrations.

Developer settings provide tools for integrating Decoda with external systems, tracking analytics on your self-scheduling pages, and sending emails from your own domain.

Connect Decoda to your other tools and track website visitors. Most clinics only need this page if they work with a developer or want to add Google Analytics to their booking page.

## Set Up Google Tag Manager

Google Tag Manager (GTM) allows you to add tracking scripts and analytics tags to your self-scheduling pages without modifying code.

<Steps>
  <Step title="Navigate to Developer Settings">
    Go to **Settings** and select **Developers**.
  </Step>

  <Step title="Add or Edit GTM ID">
    In the **Google Tag Manager** card, click **Add** (or **Edit** if one is already configured).
  </Step>

  <Step title="Enter Container ID">
    Enter your GTM Container ID in the format `GTM-XXXXXXX` (e.g., `GTM-NQD4F7NK`).
  </Step>

  <Step title="Save">
    Click **Save**. The GTM container will load on all self-scheduling pages for your organization.
  </Step>
</Steps>

To remove GTM tracking, edit the field and clear the value, then save.

## Generate an API Key

An API key is a password that lets other software connect to Decoda. You need one before you can set up webhooks or use the Decoda API.

<Steps>
  <Step title="Navigate to Developer Settings">
    Go to **Settings** and select **Developers**.
  </Step>

  <Step title="Generate API Key">
    In the **API Access** card, click **Generate API Key**.
  </Step>

  <Step title="Create API User">
    Enter a **First Name** and **Last Name** for the API user. This user will have admin privileges and its name will appear in Decoda when the API performs actions (e.g., creating appointments or updating patient records).
  </Step>

  <Step title="Copy the Key">
    After generation, the full API key is displayed once. Use the **copy** button to save it immediately. Use the **eye** icon to show or hide the full key.
  </Step>
</Steps>

<Info>
  The API key is only shown once at the time of creation. If you lose it, you must generate a new key. Generating a new key replaces the previous one.
</Info>

### Revoke an API Key

To revoke an existing API key, click the **delete** icon next to the key preview and confirm. Revoking an API key immediately disables all API access and deletes all configured webhooks.

### API Documentation

A link to the full [API Documentation](https://docs.decodahealth.com/api-reference/introduction) is available in the top-right corner of the Developer Settings page.

## Configure Webhooks

Webhooks are automatic notifications sent to another system when something happens in Decoda — like a new appointment being booked or a payment going through. Your developer uses these to connect Decoda with other software. An active API key is required before webhooks can be configured.

### Create a Webhook

<Steps>
  <Step title="Open Webhook Configuration">
    After generating an API key, scroll to the **Webhook Configuration** section and click **Add Webhook**.
  </Step>

  <Step title="Enter Webhook Details">
    Fill in the following fields:

    * **Webhook URL** (required): The endpoint on your server that will receive POST requests (e.g., `https://your-server.com/webhook`).
    * **Notification Email** (optional): An email address to receive notifications if webhook delivery fails.
    * **Subscriptions** (required): Select at least one event type to subscribe to. Events appear as a flat checkbox list (two columns) covering the full set of available event types. You will see events such as:
      * Patient events (e.g., Patient Created, Patient Updated)
      * Appointment events (e.g., Appointment Scheduled, Appointment Updated, Appointment Cancelled, Self-Scheduled Appointment)
      * Payment events (e.g., Payment Created, Payment Succeeded, Payment Failed, Charge Created, refunds)
      * Communication events (e.g., Call Received, Message Received, Email Sent)
      * Form events (e.g., Form Submitted)
      * Note events (e.g., Note Created, Note Updated)
      * Inventory events (e.g., Stock Low, Stock Added, Shipment Received)
  </Step>

  <Step title="Save and Copy Secret">
    Click **Create Webhook**. A webhook secret is generated and displayed once. Copy it immediately using the **copy** button -- you will need this secret to verify incoming webhook payloads from Decoda.
  </Step>
</Steps>

<Info>
  The webhook secret is only shown once at creation time. Store it securely. If you lose the secret, you must delete the webhook and create a new one.
</Info>

### Edit a Webhook

Click the **edit** icon on a webhook card to update its URL, notification email, or event subscriptions.

### Delete a Webhook

Click the **delete** icon on a webhook card and confirm. Deleting a webhook stops all future event deliveries to that endpoint.

## Custom Email Domain

To send patient notifications and appointment reminders from your own domain, use the **Domain** tab on the [Emails](/modules/settings/emails) page. That page is the canonical home for custom email domain setup, DNS records, and verification.

## Advanced Configuration

<AccordionGroup>
  <Accordion title="Webhook Payload Verification">
    Use the webhook secret to verify that incoming requests are genuinely from Decoda. Compare the signature in the request headers against a hash computed using your secret. See the [Webhook Events guide](/api-reference/guides/webhook-events) for implementation details.
  </Accordion>

  <Accordion title="API Key Rotation">
    When you generate a new API key, the previous key is immediately revoked. All existing webhooks are preserved and continue to function with the new key. Plan key rotations during low-traffic periods to minimize disruption.
  </Accordion>

  <Accordion title="Permissions">
    Developer Settings is gated by role-based permissions:

    * **View Developer Settings** -- Required to view the Developer Settings page, including GTM configuration, API keys, and webhooks.
    * **Manage Developer Settings** -- Required to modify GTM settings, generate/revoke API keys, and create/edit/delete webhooks.

    Admin users have full access to all developer settings by default.
  </Accordion>

  <Accordion title="GTM and Privacy Compliance">
    The Google Tag Manager container loads on your public self-scheduling pages. Ensure that any tags you configure (e.g., Google Analytics, Facebook Pixel) comply with your organization's privacy policy and applicable regulations such as HIPAA or state privacy laws.
  </Accordion>
</AccordionGroup>
