Trust evidence

API security

Show what API reviewers should expect before institution workflows go live.

Evidence status

Published summary

API and webhook workflows need owner assignment, endpoint review, callback acknowledgement planning, and access-control review before live use. Public API assets do not by themselves approve institution use.

Last updated: 2026-06-14

Currently published

The integrations page lists review assets for API, webhook, and FHIR-style handoff discussion.

The institution checklist separates endpoint approval from public documentation.

Access-control review is required before live institution workflows.

Available during partner/security review

Endpoint ownership and callback acknowledgement plan.

API authentication and authorization walkthrough for the proposed workflow.

Webhook retry and operational-owner review, if applicable.

Not yet published

Public API security assessment.

Public production endpoint approval evidence.

Public webhook incident drill evidence.

Review boundary

Evidence review is separate from launch clearance.

Uploading records, preparing records, patient confirmation, and external sharing remain separate steps. Institution workflows require partner/security/legal review before live use.

Trust Center Integrations

Integrations Institution checklist