Skip to main content

Technical Documentation

Complete technical documentation library for data integration, API development, security compliance, and healthcare interoperability.

All documentation listed below is available for client IT and legal teams during due diligence and implementation planning. Items marked "Available during engagement" are shared directly with qualified partners.

Getting Started

3 docs

Start here if you're new to the integration platform.

Quickstart Guide

Zero to first API call in 10 minutes — create a key, fetch data, set up webhooks.

Read documentation →

Integration Recipes

Step-by-step guides for SCIM roster sync, bulk FHIR export, webhook processing, SSO setup, and SDK usage.

Read documentation →

Troubleshooting

Symptom-based error resolution — 401/403/429 codes, webhook signature failures, SCIM conflicts, FHIR issues.

Read documentation →

API & Authentication

4 docs

API key management, SSO federation, interactive reference, and versioning.

API Key Authentication

Auth model, scopes, key lifecycle, IP allowlists, and error codes.

Read documentation →

Interactive API Reference

Explore all endpoints interactively with method badges, parameter tables, and response codes.

Read documentation →

SAML / SCIM SSO

Enterprise identity federation — SAML endpoints, SCIM 2.0 provisioning, tenant isolation.

Read documentation →

API Versioning

Version negotiation via x-api-version header, compatibility rules, and lifecycle policy.

Read documentation →

Webhooks & Events

3 docs

Outbound event subscriptions, contract specs, and schema versioning.

Outbound Webhooks

Event catalog, HMAC signature verification, retry policy, dead-letter queue, and delivery logs.

Read documentation →

AsyncAPI Webhook Contract

Machine-readable AsyncAPI 2.6 event contract, SDK validation helpers, and consumer guide.

Read documentation →

Event Schema Versioning

Webhook payload versioning policy, schema evolution rules, and backward compatibility guarantees.

Read documentation →

Healthcare Interoperability

4 docs

FHIR R4 resources, HL7 mappings, and EHR connector implementation guides.

FHIR & HL7 Interoperability

Supported FHIR R4 resources, search parameters, US Core mappings, and CDS Hooks integration.

Read documentation →

Epic Connector Guide

OAuth/SMART launch, endpoint mappings, common quirks, and go-live checks for Epic EHR.

Available during engagement

Cerner Connector Guide

OAuth/SMART launch, endpoint mappings, and validation for Cerner/Oracle Health.

Available during engagement

Allscripts Connector Guide

Implementation notes, endpoint mappings, and go-live validation for Allscripts.

Available during engagement

SDK & Developer Tools

2 docs

Client SDK packaging, OpenAPI generation, and build automation.

OpenAPI & Swagger

SDK generation workflows, contract snapshots, and OpenAPI specification management.

Read documentation →

SDK Packaging Workflow

TypeScript SDK build pipeline, publish automation, CI workflow, and partner registry releases.

Read documentation →

Machine-Readable Contracts

2 docs

Live JSON specification endpoints for tooling and code generation.

OpenAPI 3.1 Specification

Machine-readable JSON spec for all API endpoints — consumable by Swagger UI, Postman, and code generators.

Open spec ↗

AsyncAPI 2.6 Specification

Machine-readable webhook event contract — consumable by AsyncAPI tools and code generators.

Open spec ↗

Operational Runbooks

4 docs

Incident response procedures, token rotation, and outage recovery playbooks.

API Key Rotation & Incident Response

Incident-driven API key rotation steps, investigation procedures, and recovery playbook.

Available during engagement

Webhook Incident Response

Webhook failure triage, dead-letter replay, and recovery procedures.

Available during engagement

SSO Outage Handling

SAML outage containment, failover procedures, and service restoration flow.

Available during engagement

SCIM Token Rotation & Reprovisioning

SCIM bearer token rotation, reprovisioning playbook, and tenant integrity checks.

Available during engagement

Data Integration Specifications

0 docs

Technical guidance for IT teams configuring claims data feeds.

Specification Coverage

File Formats

  • • Supported formats and encoding requirements
  • • Field delimiter specifications
  • • Date and numeric formatting standards

Transmission

  • • Secure endpoint configuration
  • • Authentication methods
  • • Encryption requirements (AES-256 at rest, TLS 1.2+ in transit)

Integration Process

  1. 1. Technical specifications are shared with the client's IT team or PBM contact.
  2. 2. A technical call is scheduled to walk through requirements.
  3. 3. Test file transmission is coordinated before production data flow.
  4. 4. Data quality and completeness are validated before pilot kickoff.

Security & Compliance

10 docs

Security questionnaires, BAA documentation, certifications, and procurement artifacts.

Standard Questionnaires

Pre-completed responses for SIG, CAIQ, and HECVAT frameworks.

Available during engagement

Custom Questionnaires

Client-specific security questionnaires completed upon request.

Available during engagement

HIPAA Business Associate Agreement

BAA documentation is pre-approved by legal counsel and designed for efficient execution.

  1. Agreement provided — Standard BAA shared during engagement.
  2. Client legal review — Most reviews complete within 1-2 weeks.
  3. Negotiate modifications — Coordinated through legal teams.
  4. Execute agreement — Finalized through standard execution process.
  5. Activate data sharing — BAA execution prerequisite for production data.

Compliance Roadmap

Our compliance program is actively expanding. We are pursuing industry-standard certifications and attestations to meet enterprise requirements.

Third-Party Penetration Testing

Independent penetration testing program.

In progress

HIPAA Compliance Certification

Formal HIPAA compliance certification claim.

On roadmap

SOC 2 Type II

Independent SOC 2 Type II attestation.

On roadmap

ISO 27001

ISO/IEC 27001 certification status.

On roadmap

HITRUST CSF Certification

HITRUST certification status.

On roadmap

Public Procurement Trust Pack

Data Processing Addendum (Template)

Template DPA for enterprise procurement and legal review.

v1.0 | Effective 2026-02-07

Open

Subprocessors List

Current subprocessors, processing scope, and data categories.

v1.0 | Effective 2026-02-07

Open

Retention and Deletion Schedule

Retention windows and deletion workflow summary.

v1.0 | Effective 2026-02-07

Open

Breach Notification Policy

Notification windows, escalation path, and required disclosures.

v1.0 | Effective 2026-02-07

Open

Cross-Border Transfer Terms

Transfer mechanism and jurisdictional safeguards for enterprise data.

v1.0 | Effective 2026-02-07

Open
Open enterprise trust center →

Addressing Security Questions

3 docs

Common security concerns and recommended approaches for client conversations.

“We need to complete our own security assessment.”

Pre-completed questionnaires and third-party certifications are provided. Technical calls are scheduled to address specific questions.

“Our BAA must be used.”

Client BAA documents are accepted and reviewed. Most client documents are workable with minor modifications.

“How is data encrypted?”

Data is encrypted at rest (AES-256) and in transit (TLS 1.2+). Technical architecture documentation is provided for detailed questions.

Questions about technical requirements or security documentation?

Contact Security TeamDeveloper Hub →