Health Provider API
Trust Center

Security and reliability

Our commitment to protecting your data and maintaining service availability.

No credit card on free tierPostman collectionUS NPI Registry (NPPES) source dataNPI-1 and NPI-2
Data handling
  • All API requests use TLS 1.2+ encryption in transit.
  • API keys are hashed at rest using SHA-256.
  • Request logs are retained for 30 days for debugging; billing data persists per legal requirements.
  • We do not sell or share provider data with third parties.
Security practices
  • Hosted on secure cloud infrastructure with SOC 2-aligned providers.
  • API key required for all authenticated endpoints.
  • Per-key rate limits prevent abuse and ensure fair usage.
  • Access logs are monitored for anomalous patterns.
Service availability
  • Health check endpoint at /api/health.
  • Status page at /status with current system state.
  • Single-NPI lookups are cached to reduce upstream load and improve latency.
  • Scheduled cleanup removes stale cache entries automatically.
Provider data
  • Data originates from the public CMS NPPES NPI Registry.
  • We do not modify or verify provider credentials.
  • Enrichment signals are derived from NPPES data only and are not legal or clinical verification.
  • You remain responsible for compliance in your use case.

Questions or concerns?

Contact our support team for security disclosures, data questions, or incident reporting.

Contact support