B2B Solutions
March 2026
14 min read

Digital Health Integration: API & SDK for AI Skin Screening

A technical guide for CTOs, engineering leads, and digital health product managers evaluating ScanSkinAI's integration architecture, security model, and deployment options.

Share

Integration Architecture Overview

ScanSkinAI provides four integration pathways, from zero-code to fully custom, designed to fit any digital health platform's architecture and time-to-market requirements. Each pathway is production-ready and supported by dedicated technical onboarding. For a broader overview of deployment models and enterprise features, see the ScanSkinAI for Business Partners hub.

The architecture is designed around a multi-tenant model where each partner receives isolated credentials, configurable webhook endpoints, and environment-separated sandbox/production deployments. This ensures data isolation, auditability, and compliance across all partner integrations. Our clinical validation data demonstrates 95%+ accuracy across all Fitzpatrick skin types.

Zero Code

Option 01: Direct App Access

Users download the ScanSkinAI app directly. No integration required. Fastest path to deployment — live in 24 hours with user analytics available immediately.

Low Code

Option 02: WebView / Iframe Embed

Embed ScanSkinAI within your existing app or portal using WebView (mobile) or iframe (web). Custom branding, colours, and logo placement supported.

Medium Code

Option 03: SSO Integration

SAML 2.0 or OAuth 2.0 single sign-on. Users authenticate once through your identity provider. Supports Active Directory, Okta, Auth0, and custom IdPs.

Full Custom

Option 04: REST API

Full API access for custom builds. Submit images via multipart upload, receive structured JSON responses with condition predictions, confidence scores, and triage recommendations.

JWT Authentication & Security Model

All API and WebView integrations use JWT (JSON Web Token) authentication with configurable signing algorithms (HS256 or RS256). Each partner tenant receives a unique webhook secret and can configure callback URLs per environment. The security model is designed to meet enterprise requirements including financial services and healthcare compliance standards.

JWT Payload Structure

{
  "sub": "partner-user-id-123",
  "iss": "your-tenant-id",
  "iat": 1711700000,
  "exp": 1711703600,
  "jti": "unique-token-id",
  "partner_id": "your-partner-uuid",
  "callback_url": "https://your-app.com/callback"
}

Security Features

  • One-time use JTI enforcement prevents token replay attacks across all endpoints
  • Configurable token expiry (default: 1 hour) with automatic refresh support
  • Sandbox and production environments with fully isolated credentials and data stores
  • All data encrypted in transit (TLS 1.3) and at rest (AES-256) with key rotation policies

Webhook Integration Model

ScanSkinAI uses a webhook-based architecture to deliver analysis results asynchronously. When a user completes a scan, the system posts structured results to your configured webhook endpoint within seconds. This event-driven model ensures your platform can react to scan results in real-time — triggering notifications, updating dashboards, or routing to care pathways.

Webhooks are signed using HMAC-SHA256 with your partner-specific webhook secret, allowing your server to verify payload authenticity. Failed deliveries are automatically retried with exponential backoff for up to 72 hours.

Webhook Payload Example

{
  "event": "analysis.completed",
  "partner_user_id": "user-123",
  "analysis_id": "uuid",
  "triage_route": 2,
  "risk_level": "moderate",
  "conditions": [
    { "name": "Eczema", "confidence": 0.87 },
    { "name": "Contact Dermatitis", "confidence": 0.12 }
  ],
  "timestamp": "2026-03-29T10:30:00Z"
}

GDPR, HIPAA-Readiness & Data Compliance

ScanSkinAI is designed from the ground up for GDPR, HIPAA-readiness, and UK Data Protection Act compliance. For technical decision-makers evaluating data governance, here's how we handle key compliance requirements:

  • Data Processing Agreements: Standard DPAs provided for all enterprise partners with configurable data residency options
  • Consent Management: User consent capture built into the analysis flow with configurable consent text per partner
  • Right to Erasure: Full GDPR Article 17 support — user data deletable via API endpoint or admin panel
  • ISO 27001:2022: Independently audited information security management system with continuous monitoring
  • ISO 13485: Medical device quality management system ensuring consistent, reproducible AI outputs
  • Audit Logging: Comprehensive audit trail for all API calls, data access, and administrative actions

Turnaround Times & Service Level Agreements

ScanSkinAI operates at three speed tiers, allowing partners to offer differentiated service levels to their users:

< 30 seconds

AI Analysis

Instant results for 31+ conditions with confidence scores and triage routing

8 hours

Express Review

Board-certified dermatologist review with clinical notes and care recommendations

48 hours

Standard Review

Detailed clinical review with differential diagnosis and treatment pathway guidance

Typical Implementation Timeline

Integration timelines vary by deployment model. Here's what to expect for each pathway:

1–2 days

Direct App

Tenant provisioning, branding configuration, and user onboarding materials

1–2 weeks

WebView / Iframe

Frontend embed, JWT signing implementation, callback URL configuration

2–4 weeks

SSO Integration

IdP configuration, SAML/OAuth flow testing, user provisioning pipeline

4–8 weeks

Full API Integration

API integration, webhook handlers, custom UI build, end-to-end testing

Frequently Asked Questions

Ready to Integrate AI Skin Screening?

Explore our deployment options and get your sandbox credentials to start building.

Related B2B Articles