1. Overview
IntakeBella provides a REST API for programmatic access to intake workflows, patient data, and pharmacy operations. This policy governs the use of the IntakeBella API by customers and authorized third-party integrators.
2. Authentication
- All API requests must include a valid API key in the Authorization header
- API keys are scoped per customer and per environment (production/sandbox)
- Keys can be rotated at any time from the IntakeBella dashboard
- Compromised keys must be reported immediately and rotated
3. Rate Limits
API requests are rate-limited to ensure platform stability. Current limits are based on your subscription plan. Rate limit headers are included in every API response.
- Starter: 100 requests/minute
- Professional: 500 requests/minute
- Enterprise: Custom limits
4. Data Handling
- All API traffic must use HTTPS (TLS 1.2+)
- PHI transmitted via API is encrypted in transit and at rest
- API consumers must comply with HIPAA requirements for handling PHI
- A signed BAA is required before API access to PHI is granted
5. Acceptable Use
The IntakeBella API may not be used to:
- Access data belonging to other customers
- Circumvent rate limits or authentication mechanisms
- Store or transmit PHI in non-compliant environments
- Reverse engineer IntakeBella platform components
- Resell API access without authorization
6. Versioning
The API is versioned. Deprecated versions receive 6 months of continued support after a newer version is released. Breaking changes are communicated via email and dashboard notifications.
7. Contact
For API access requests or questions, contact us at api@intakebella.com.