Migrating a Dental Practice Management App from Desktop to Web
We helped a dental technology company move their Flutter desktop application to the web — and built a secure backend daemon to handle all Open Dental PMS integrations.
5
API Endpoints Migrated
100%
HIPAA Compliant
0
Feature Regressions
2x
Faster Data Fetching
The Challenge
A Desktop App That Needed to Go Online
The client had a fully functional Flutter desktop application used by dental clinics to manage patients, treatment plans, appointments, imaging, and billing — all integrated directly with the Open Dental API.
The problem? The desktop app talked directly to Open Dental's servers. That meant API keys lived on the client side, scaling was limited, and rolling out updates meant touching every machine. They needed it on the web, and they needed the backend done right.
Security Risk
API credentials and patient health data were being handled on the client side — a HIPAA compliance concern that needed to be fixed before going to web.
Desktop-Only Limitation
Clinics could only access the app from machines where it was installed. No remote access, no tablet use in operatories, no flexibility.
Performance Bottlenecks
Every data request hit the Open Dental API directly with no caching layer. Repeated calls for the same patient data slowed things down.
Maintenance Overhead
Updating the desktop app across multiple clinic machines was slow and error-prone. A web deployment model was overdue.
Our Approach
Two Parallel Tracks: Web Frontend + Secure Daemon
We split the work into two clear tracks. First, adapt the Flutter app for the web with UI/UX changes suited to browser use. Second, build a backend daemon service that handles all Open Dental API communication securely.
Flutter Web App
Patient UI, treatment plans, imaging, appointments
Daemon (Backend)
Auth, caching, data transform, RBAC, error handling
Open Dental API
Patient demographics, billing, imaging, plans
Scope of Work
What We Delivered
- Refactored the Flutter desktop UI for web — replaced nav menus with a gear icon dropdown, adjusted layouts for browser viewports
- Removed all direct Open Dental API calls from the frontend and routed everything through the daemon
- Built a RESTful daemon service with five core endpoints: patient demographics, treatment plans, appointments, imaging uploads, and billing
- Implemented token-based authentication between the daemon and Open Dental API with automatic refresh
- Added a caching layer with TTL settings to cut redundant API calls and speed up patient data loading
- Built role-based access control — admin settings only visible to admin users, standard users see account settings only
- Implemented HTTPS encryption for all communication, encrypted sensitive data at rest and in transit
- Data transformation layer to convert Open Dental responses into frontend-friendly formats (timezone conversion, field mapping)
- Comprehensive error handling with meaningful messages for auth failures, invalid requests, and network issues
- Full testing suite — unit tests for each daemon endpoint, integration tests, end-to-end scenarios, and regression testing
Tech Stack
Tools & Technologies Used
Results
The Impact
Access from Anywhere
Clinic staff can now access the full application from any device with a browser — tablets in operatories, laptops at the front desk, or remotely.
HIPAA-Ready Architecture
All patient data flows through a secure daemon. No API keys on the client side. Encrypted data at rest and in transit. Full audit logging.
Faster Performance
Caching cut down repeated API calls significantly. Patient lists and treatment plans load faster, especially during busy clinic hours.
Zero Feature Loss
Every desktop feature — patient search, filtering, treatment plans, imaging capture, appointment views — works exactly as expected on the web.