CuraeAI Developers
Get started

Quickstart

Make your first authenticated request, then stand up a webhook receiver — in minutes.

Quickstart

This gets you from zero to a working integration: a first authenticated request, then a webhook receiver you can verify before you even have a live connection.

Server-to-server. Every call here is from your backend. Your API key and webhook signing secret are secrets — keep them in the environment, never in a browser bundle, a log, or source control.

1. Get a key

Create a developer account and mint a test key (cae_test_…) in the developer portal. A cae_test_ key works against the sandbox (https://sandbox.curaeai.com) or local dev — not production.

export CURAEAI_BASE_URL="https://sandbox.curaeai.com"
export CURAEAI_PLATFORM_API_KEY="cae_test_…"

2. First request — browse the Connect catalog

The catalog is public, non-PHI metadata (brand, EHR platform, FHIR base URL), so it works with a test key. It powers your "choose your health system" picker.

curl --fail-with-body \
  "$CURAEAI_BASE_URL/api/sdk/v1/catalog/brands?query=health&limit=5" \
  -H "Authorization: Bearer $CURAEAI_PLATFORM_API_KEY" \
  -H "CuraeAI-Version: 2026-04-15"

With the SDK:

import { createPlatformClient } from '@curaeai/platform-sdk';

const client = createPlatformClient({
  apiKey: process.env.CURAEAI_PLATFORM_API_KEY!,
  baseUrl: process.env.CURAEAI_BASE_URL!,
  apiVersion: '2026-04-15',
});

const { data } = await client.searchCatalogBrands({ query: 'health', limit: 5 });
for (const brand of data.brands) console.log(brand.name, brand.platformType);

3. Embed Connect

Mount the widget in your frontend. It calls a backend proxy you host, which injects the key server-side. See Connect for the full flow.

import { CuraeConnect } from '@curaeai/platform-sdk/react';

<CuraeConnect
  connectEndpoint="/api/curaeai/connections"
  onSuccess={({ connection }) => console.log('linked', connection.status)}
/>;

4. Receive a webhook (and verify it offline)

You can build your receiver before any real delivery: the SDK produces a byte-identical signed request.

import { buildSignedWebhookRequest, verifyWebhookSignature } from '@curaeai/platform-sdk';

// In your test: build a faithfully-signed delivery…
const { body, headers } = await buildSignedWebhookRequest({
  signingSecret: process.env.CURAEAI_WEBHOOK_SIGNING_SECRET!,
  event: { eventType: 'records.export_ready', eventId: crypto.randomUUID(), data: {} },
});

// …and your handler verifies it the same way it verifies production.
await verifyWebhookSignature({
  rawBody: body,
  signatureHeader: headers['CuraeAI-Signature'],
  signingSecret: process.env.CURAEAI_WEBHOOK_SIGNING_SECRET!,
});

See Webhooks for the full receiver pattern (raw body → verify → dedupe → ack).

Run the whole thing

The connect-quickstart starter wires steps 2–4 into a runnable Node project, including an offline webhook loop. Clone it, set your key, and go.

Next

CuraeAI Platform API

A hosted, HIPAA-grade connectivity platform for medical records — connect a user's health systems and read normalized FHIR data over a server-to-server REST API.

Authentication & environments

API keys, test vs live environments, and the server-side secret rules the SDK enforces.

On this page

Quickstart1. Get a key2. First request — browse the Connect catalog3. Embed Connect4. Receive a webhook (and verify it offline)Run the whole thingNext