Health Provider API
Trust Center

Security and reliability

Our commitment to protecting your data and maintaining service availability.

No credit card on free tierOpenAPI specPostman collectionUS NPI Registry (NPPES) source dataNPI-1 and NPI-2
Data handling
  • All API requests use TLS 1.2+ encryption in transit.
  • API keys are hashed at rest using SHA-256.
  • Request logs are retained for 30 days for debugging; billing data persists per legal requirements.
  • We do not sell or share provider data with third parties.
Security practices
  • Hosted on secure cloud infrastructure with SOC 2-aligned providers.
  • API key required for all authenticated endpoints.
  • Per-key rate limits prevent abuse and ensure fair usage.
  • Access logs are monitored for anomalous patterns.
Service availability
  • Health check endpoint at /api/health.
  • Status page at /status with current system state.
  • Single-NPI lookups are cached to reduce upstream load and improve latency.
  • Scheduled cleanup removes stale cache entries automatically.
Provider data
  • Data originates from the public CMS NPPES NPI Registry.
  • We do not modify or verify provider credentials.
  • Enrichment signals are derived from NPPES data only and are not legal or clinical verification.
  • You remain responsible for compliance in your use case.

Questions or concerns?

Contact our support team for security disclosures, data questions, or incident reporting.

Contact support