When do I need a BAA?

BAA is required before any production API key is issued, since production keys carry PHI access. Sandbox keys do not require a BAA (synthetic data only). Production access is granted after BAA execution and a brief security review (typically 1-2 days).

What is the latency on the API?

P50 latency: ~80ms for REST reads, ~200ms for REST writes, ~250ms for FHIR reads, ~400ms for FHIR writes. AI agent invocations vary by agent (200ms to 2s for synchronous calls; async pattern available). Latency targets are documented per endpoint.

Are there rate limits I should know about?

Default production rate limit is 100 requests/second per API key with burst tolerance, sized up by Order Form for high-volume engagements. Sandbox is 10K/day. 429 responses include a Retry-After header and structured error body so SDKs back off cleanly.

Platform · API & Developers

Build on the Medonix platform.

Name: Medonix MSO
Address: 300 Delaware Ave Suite 210, Wilmington, DE, 19801, US
Telephone: +1-302-520-5413
Price range: $$

The Medonix API gives developers programmatic access to claims, eligibility, prior auth, denial management, payer events, and analytics data. REST and FHIR R4 endpoints, sandbox environments, official TypeScript and Python SDKs, and signed webhooks for real-time RCM events.

Get a free audit See the full platform

REST + FHIRR4 supported

OAuth 2.0Signed JWTs

SandboxFree, self-serve

TypeScript+ Python SDKs

API & Developers

Build on the Medonix platform, in detail.

The Medonix API is the same surface our platform uses internally. Every workflow surfaced in the dashboard is available programmatically. Practices integrating their own EHR, multi-vendor MSOs aggregating data across portfolio companies, and partners building on top of Medonix all use the same endpoints.

Two protocols: REST for proprietary endpoints (analytics, AI agent invocations, dashboard data) and FHIR R4 for clinical interchange (Patient, Encounter, Coverage, Claim, ExplanationOfBenefit). Both share the same authentication and rate-limit infrastructure.

Sandbox environments are free and self-service. Production access requires a signed Order Form and BAA, since PHI flows through the API once your integration is approved. Auth is OAuth 2.0 client-credentials flow with short-lived JWTs and per-key scopes.

What is included

Capabilities shipped with this module.

REST API
JSON over HTTPS for analytics, agent orchestration, dashboard data, and operational events. OpenAPI 3.1 specification published.
FHIR R4
Patient, Encounter, Coverage, Claim, ExplanationOfBenefit, ServiceRequest, and Observation resources. Beyond the US Core profile where supported.
Webhooks
Signed webhooks for claim status changes, denial events, payment posting, and AI agent completion. Replay and retry built in.
Official SDKs
TypeScript and Python SDKs published to npm and PyPI under @medonix/sdk and medonix-sdk. Generated types match the OpenAPI spec.
Rate limits
Sane defaults (100 req/sec per key, 10K/day on sandbox). Production limits sized to engagement volume; soft limits surfaced as 429 with Retry-After.
Audit logs
Every API call is logged against the calling key, including request body, response status, and PHI-access events. Available via the API itself for integration audit.

How it connects to the rest of your stack.

API access is the foundation under every other platform module. Customers integrating against the Medonix EHR or PMS use the same REST endpoints the dashboard uses. Partners building third-party tools authenticate via OAuth and pull analytics data into their own applications. Custom EHR integrations write inbound encounter data to the FHIR endpoint and pull claim status and remits via REST. Sandbox documentation is published at developers.medonix.io once production access is granted.

Pairs with

Other platform modules.

Frequently asked

API & Developers, answered.

Sandbox accounts are free and self-service for any developer. Email the team for a sandbox key, no contract required. Sandbox data is synthetic and PHI-free, so you can test integration patterns without a BAA.

Talk to RCM

Ready to recover every dollar your practice earns?

See your projected revenue lift in 60 seconds, or talk to a senior RCM strategist now. No commitment. Same-day slots available.

30-day parallel-run guarantee
Targets written into the contract
HIPAA · SOC 2 Type II · HITRUST

Get a free audit +1-302-520-5413

24/7 · U.S. healthcare only

Build on the Medonix platform.

Build on the Medonix platform, in detail.

How it connects to the rest of your stack.

Other platform modules.

API & Developers, answered.

01How do I get sandbox access?

02When do I need a BAA?

03What is the latency on the API?

04Are there rate limits I should know about?

Ready to recover every dollar your practice earns?