2026-05-27
OpenAI is now a supported provider, and the agent registry, budget, provider-status, and end-user export endpoints have shipped.New provider: OpenAI
The AI API now supports OpenAI models alongside Anthropic. OpenAI models pass through the same Gateway compliance checks as every other model — BAA enforcement, credit accounting, and PHI policy. BAA coverage ishasp_openai_baa_2026.
New endpoints
GET /v1/provider-status— Upstream AI provider health.POST /v1/agents/{agentId}/credentials/{credentialId}/revoke— Revoke an agent credential.POST /v1/webhooks/deliveries/bulk-replay— Replay webhook deliveries.GET /v1/orgs/{organization}/end-users/{runtimeUser}/export— GDPR Art. 20 end-user data export (scopeorg.end_users.read).GET /v1/agentsandPOST /v1/agents— List and register agents in the agent registry.GET /v1/agents/{agentId}andPATCH /v1/agents/{agentId}— Retrieve and update an agent.POST /v1/agents/{agentId}/archive— Archive an agent.POST /v1/agents/{agentId}/reactivate— Reactivate an archived agent.GET /v1/agents/{agentId}/credentialsandPOST /v1/agents/{agentId}/credentials— List and issue agent credentials.
Models available since launch
claude-opus-4-7— Claude Opus 4.7. Anthropic. Most capable. 1,000,000-token context window with extended thinking. premium tier — requires explicit opt-in per organization.gpt-5.5— GPT-5.5. OpenAI. High capability with vision. 1,050,000-token context window. premium tier — requires explicit opt-in per organization.gpt-5.5-pro— GPT-5.5 Pro. OpenAI. Highest capability with extended thinking — the highest-cost model in the catalog. 1,050,000-token context window. premium tier — requires explicit opt-in per organization.gpt-5.4— GPT-5.4. OpenAI. Fast and capable. 1,050,000-token context window. standard tier — available to all plans.gpt-5.4-mini— GPT-5.4 mini. OpenAI. Fast and efficient. 400,000-token context window. standard tier — available to all plans.gpt-5.3-codex— GPT-5.3 Codex. OpenAI. Code-optimized (agentic-coding tuned; usable as a Studio backing model). 400,000-token context window. standard tier — available to all plans.
2026-04-01
Initial public release of the HASP AI API V1.New endpoints
POST /v1/ai/chat— Native HASP AI inference. Supports streaming and non-streaming. Full HASP event taxonomy, PHI metadata in responses,meta.request_idon every response.POST /v1/messages— Anthropic-compatible inference. Drop-in for@anthropic-ai/sdk— changebaseURLonly. Same compliance checks as native surface.GET /v1/ai/messages/{id}— Retrieve a stored inference record byrequest_id. Returns original messages, token usage, model, stop reason, PHI metadata, and audit trail reference.GET /v1/api_keys— List API keys for your organization.POST /v1/api_keys— Create a new API key with specified scopes.DELETE /v1/api_keys/{keyId}— Revoke an API key.GET /v1/usage— Current billing period usage summary (credits used, credits remaining).GET /v1/usage/budget— Current spend cap configuration.PUT /v1/usage/budget— Update monthly credit cap.GET /v1/compliance/baa— Current BAA status and template for your organization.GET /v1/compliance/baa/acceptances— List BAA acceptances (signed versions).GET /v1/compliance/baa/acceptances/{id}— Retrieve a specific BAA acceptance.GET /v1/compliance/baa/acceptances/{id}/download— Download a signed BAA PDF.GET /v1/audit— Query the audit log for your organization.GET /v1/webhooks— List webhook endpoints.POST /v1/webhooks— Register a new webhook endpoint.DELETE /v1/webhooks/{endpointId}— Remove a webhook endpoint.
Models available at launch
claude-haiku-4-5— Fast, low-cost. Available to all plans.claude-sonnet-4-6— Balanced. Available to all plans. Recommended default.claude-opus-4-6— Highest capability. Requires explicit opt-in per organization.
Authentication
API keys use thehasp_key_live_<32-char-alphanumeric> format. The ai:chat scope is required for inference endpoints. The control:read scope is required for control-plane read endpoints. The control:webhooks scope is required for webhook management endpoints.