Quickstart - HASP

The HASP AI API lets you send HIPAA-compliant AI requests from any backend. It is a separate surface from the App Builder SDK — it uses API keys instead of session cookies, and it calls a different base URL.

Base URL

https://api.usehasp.com

Authentication

Every request requires an Authorization header with a Bearer token:

Authorization: Bearer hasp_key_live_<key>

API keys are created in Settings → API Keys in your HASP dashboard, or via the API Keys endpoint. The key prefix hasp_key_live_ identifies a live key. Keys are shown in plaintext exactly once on creation — copy it before closing the modal. All requests also require an active Business Associate Agreement (BAA) on your organization. Without one, every request returns 402 BAA_REQUIRED. Sign the BAA in Settings → Compliance.

Your first request

curl https://api.usehasp.com/v1/ai/chat \
  -H "Authorization: Bearer hasp_key_live_..." \
  -H "Content-Type: application/json" \
  -d '{
    "message": "Summarize the HIPAA minimum necessary standard in one paragraph.",
    "stream": false
  }'

Response:

{
  "success": true,
  "data": {
    "message": {
      "id": "msg_01JQMSG000000000000000000",
      "role": "assistant",
      "content": "The HIPAA minimum necessary standard requires..."
    }
  },
  "meta": {
    "request_id": "req_01JQREQ000000000000000000",
    "usage": {
      "model": "claude-sonnet-4-6",
      "input_tokens": 18,
      "output_tokens": 74,
      "sonnet_equivalent_tokens": 92,
      "cost_usd": 0.000935
    }
  }
}

Drop-in Anthropic SDK

If you already use @anthropic-ai/sdk, change one line:

import Anthropic from '@anthropic-ai/sdk';

const client = new Anthropic({
  baseURL: 'https://api.usehasp.com',  // only this line changes
  apiKey: 'hasp_key_live_...',
});

const stream = await client.messages.stream({
  model: 'claude-sonnet-4-6',
  messages: [{ role: 'user', content: 'Hello' }],
  max_tokens: 256,
});

for await (const event of stream) {
  process.stdout.write(event.type === 'content_block_delta' ? event.delta.text : '');
}

Your existing code, tools, and types all continue to work. See POST /v1/messages for the full compat surface.

API surfaces

Surface	Path prefix	Use when
Native	`/v1/ai/*`	New integrations — full HASP features (PHI guard metadata, `store` flag, future tool use)
Anthropic-compat	`/v1/messages`	Existing code using `@anthropic-ai/sdk` — drop-in replacement
Control plane	`/v1/*`	Manage API keys, webhooks, and inspect usage

What’s next

POST /v1/ai/chat — native streaming chat, full event taxonomy
POST /v1/messages — Anthropic SDK drop-in
PHI Guard — how PHI detection and redaction work
API Keys — create and revoke keys programmatically

​Base URL

​Authentication

​Your first request

​Drop-in Anthropic SDK

​API surfaces

​What’s next