Skip to main content

Is there an API? I want to use BastionGPT in my app.

Developers building healthcare and mental health tools can integrate BastionGPT directly into their own applications, extending secure, compliant generative AI to end users without compromising on safety or privacy standards.

J
Written by Josh Spencer

Yes. Select customers can access the BastionGPT API to embed our HIPAA compliant AI into their own products, provided the intended use case meets our ethics, safety, and compliance requirements. This pathway is designed for teams that want to build on top of a trusted healthcare AI platform rather than assemble their own compliance stack from scratch. Whether you are developing a patient-facing triage tool, a clinical documentation workflow, or an internal assistant for hospital staff, the API gives you a secure foundation to work from.

The approval process exists for good reason. Generative AI in clinical settings carries real risk when deployed carelessly, and we take our role seriously as a provider of HIPAA compliant AI tools. Before granting API access, our team reviews the proposed application, the data flows involved, the safeguards your product has in place, and the population it will serve. Use cases that align with responsible deployment, such as medical AI chatbots, AI scribe functionality inside an EHR, or therapy notes assistants for licensed clinicians, are typically a strong fit.

If you are considering building your own EHR integration, that guide covers the most common API use case in more detail.

Once approved, you gain programmatic access to the same underlying technology that powers the BastionGPT web application. That means your integration inherits the privacy protections, data handling practices, and compliance posture that clinicians, IT administrators, and compliance officers have come to expect from a leading healthcare AI application. Signed BAAs, encrypted traffic, and strict no-training policies on customer data all carry over to API usage, so you can focus on building rather than negotiating terms with multiple vendors.

What happens after I apply for API access?

We start with a short call to talk through your use case. This is the review described above, and it works in your favor: if we see anything in your plan that could create compliance or patient-safety trouble, we tell you up front, before you invest time and money building on it.

Once you are approved, your API keys usually arrive within one business day, along with everything you need to start building:

  • Two API keys that work identically. Most teams use one for development and one for production, since usage is tracked separately per key. If you manage multiple apps or clients, we can attach up to 20 keys to your account.

  • Swagger documentation and Postman files with sample calls, so your team can see exactly which calls are available and how to pass each variable.

For a full breakdown of costs, see API pricing and billing explained.

Is the BastionGPT API compatible with the OpenAI format?

Yes, by design. We built the API to feel familiar to developers who have worked with the leading AI APIs, with OpenAI being the closest match: the format is about 99% the same. You pass in your prompt and context, and you get the response back. We also keep the API structure stable as we add capability, so integrations rarely need updates; some customers have gone more than a year without touching their code.

Does the API keep context between calls?

No. The API is stateless: each call stands alone, so send any conversation history or reference material with every request, the same way you would with other major AI APIs. Prompt caching is automatic and keeps this affordable. When a request contains content our system has recently processed, that portion is read from cache at a steep discount, so structure your requests with the unchanging parts (instructions, templates, reference documents) at the front and the new question at the end.

Can I send audio and documents through the API?

Yes. The API accepts audio for transcription and scribe workflows, and it supports native document ingestion, so you can pass PDFs, Word documents, and images directly in your request instead of converting them to text first. It is the same document processing that powers uploads in the BastionGPT web app.

How can I test the API before I build?

Two easy ways:

  • Use the web app as a no-code sandbox. The same API powers the BastionGPT web application, so if you like the responses you get in the app, you will get the same quality from your integration.

  • Start the developer trial. New API accounts include a 30-day free trial with $20 of free tokens, enough to build and test a working integration before standard billing begins.

What are the API rate limits?

Every API key has a rate limit to protect you from runaway code and surprise bills. If you receive a 429 "Too Many Requests" response, add retry-with-backoff handling; if your legitimate volume has outgrown the limit, contact support and we will raise it for the specific keys that need it.

My key link expired or I need a new key

API keys are delivered by secure link. If the link expired before you saved the key, or you need to rotate or add keys, email [email protected] from the account email and we will reissue promptly.

Does the API support tool calling or function calling?

Not currently. The API accepts chat-completion requests in the familiar OpenAI format, but the tools parameter is not supported today. If tool calling matters for your integration, tell us; roadmap decisions follow developer demand.

Is my API account the same as my BastionGPT login?

They are related but separate: API access is registered to your organization and billed on the usage-based plan, while the web app login is per user. If you subscribed to the web app and separately registered for the API, you may have two records; contact support if billing looks doubled.

If you are interested in API access, visit our BastionGPT API page to review technical documentation, pricing details, and the application form. Our team will follow up to discuss your use case, walk through integration requirements, and determine whether your project qualifies. Building on a compliant foundation from day one is far easier than retrofitting privacy later, and it positions your product alongside the most trusted names in clinical and mental health AI.

Your compliance team can review HIPAA coverage for the API before you apply.

Did this answer your question?