Build on Mira™.
REST API + webhooks for agencies that want to integrate Mira™ into their stack. HIPAA-compliant, SSO-ready, OAuth2-secured.
What you can do
The Mira™ API exposes the same surfaces your staff uses in the portal — fully programmable so you can embed billing intelligence directly into your EHR, agency management system, or custom workflow.
Patient Sync
Create, update, and query patient demographics, insurance coverage, and care-plan metadata in real time.
Claim Submission
Submit professional and institutional claims, attach encounter data, and poll for payer adjudication status.
Webhook Events
Subscribe to claim-status changes, denial alerts, payment postings, and patient-record updates via signed HTTP webhooks.
AI Feature Endpoints
Trigger denial-prediction scoring, AI-assisted claim coding, IDG brief generation, and audit-anomaly detection from your own workflows.
Quick Start
Hostname notice: API examples reference api.usemirahealth.com;
the API host migrates from api.cpsbilling.*
in a separate release. Existing integrations are not affected.
1. Obtain an API key
Navigate to Portal → Settings → API Keys to
create a new key. Keys are prefixed with mira_sk_
and shown in full only once — store them in a secrets manager.
2. Your first request — patient sync (curl)
curl -X GET https://api.usemirahealth.com/v2/patients \
-H "Authorization: Bearer mira_sk_a1b2c3d4e5f6..." \
-H "Content-Type: application/json" 3. Submit a claim (curl)
curl -X POST https://api.usemirahealth.com/v2/claims \
-H "Authorization: Bearer mira_sk_a1b2c3d4e5f6..." \
-H "Content-Type: application/json" \
-d '{
"patientId": "pat_01HXZ9R...",
"encounterId": "enc_01HXZ9S...",
"billingCodes": ["99213", "Z79.899"],
"diagnosisCodes": ["E11.9"]
}' 4. Using the JavaScript SDK
Install the SDK with npm install @mira-ai/sdk,
then:
import { MiraClient } from '@mira-ai/sdk';
const mira = new MiraClient({ apiKey: process.env.MIRA_API_KEY });
// Sync a patient
const patient = await mira.patients.create({
firstName: 'Jane',
lastName: 'Doe',
dob: '1980-04-15',
mrn: 'MRN-00123',
});
// Submit a claim
const claim = await mira.claims.submit({
patientId: patient.id,
encounterId: 'enc_01HXZ9S...',
billingCodes: ['99213'],
});
console.log('Claim ID:', claim.id); 5. Webhook events
Register an HTTPS endpoint in Portal → Webhooks.
Mira™ signs every delivery with a Mira-Signature
header (HMAC-SHA256). Example payload:
POST https://your-endpoint.example.com/webhooks/mira
Content-Type: application/json
Mira-Signature: sha256=...
{
"event": "claim.status_changed",
"timestamp": "2026-06-09T14:22:00Z",
"data": {
"claimId": "clm_01HXZ9T...",
"previousStatus": "submitted",
"newStatus": "approved",
"payer": "Medicare"
}
} Auth + SSO Overview
API Keys
Long-lived secrets for server-to-server integrations. Scoped to
read, write, or admin.
Rotate any time from the portal.
OAuth 2.0
Authorization-code flow for user-delegated access. Issue short-lived access tokens (15 min) + refresh tokens (30 days). Supports PKCE for public clients.
SSO / SAML
Enterprise SSO via Azure AD B2C + SAML 2.0 federation. Staff authenticate through your existing IdP — no separate Mira™ password. SCIM provisioning available on Enterprise plans.
OAuth 2.0 Authorization Flow
# 1. Redirect user to authorization
GET https://auth.usemirahealth.com/oauth2/authorize
?response_type=code
&client_id=YOUR_CLIENT_ID
&redirect_uri=https://your-app.com/callback
&scope=claims:read+claims:write+patients:read
&state=RANDOM_STATE_TOKEN
# 2. Exchange code for tokens
POST https://auth.usemirahealth.com/oauth2/token
Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code
&code=AUTH_CODE
&redirect_uri=https://your-app.com/callback
&client_id=YOUR_CLIENT_ID
&client_secret=YOUR_CLIENT_SECRET HIPAA Compliance
All API traffic is TLS 1.2+ encrypted in transit. PHI at rest uses AES-256. Mira™ operates as a HIPAA Business Associate — a BAA is available for all paid plans. API audit logs are immutable and retained for 7 years.
API Reference & OpenAPI Docs
The complete API surface is described in an OpenAPI 3.1 specification. Use it to generate typed client libraries, import into Postman / Insomnia, or power your own tooling.
Machine-readable OpenAPI 3.1 spec — import into any tool.
Interactive docs — explore and try every endpoint in-browser.
| API Key Scope | Permissions |
|---|---|
| read | Read-only access to all endpoints |
| write | Read + create/update access |
| admin | Full access including webhook + SSO management |
Ready to build?
Create an API key in the portal and start integrating in minutes. Questions? Our developer support team is one message away.