Integration Architecture Overview
ScanSkinAI provides four integration pathways, from zero-code to fully custom, designed to fit any digital health platform's architecture and time-to-market requirements. Each pathway is production-ready and supported by dedicated technical onboarding. For a broader overview of deployment models and enterprise features, see the ScanSkinAI for Business Partners hub.
The architecture is designed around a multi-tenant model where each partner receives isolated credentials, configurable webhook endpoints, and environment-separated sandbox/production deployments. This ensures data isolation, auditability, and compliance across all partner integrations. Our clinical validation data demonstrates 95%+ accuracy across all Fitzpatrick skin types.
Option 01: Direct App Access
Users download the ScanSkinAI app directly. No integration required. Fastest path to deployment — live in 24 hours with user analytics available immediately.
Option 02: WebView / Iframe Embed
Embed ScanSkinAI within your existing app or portal using WebView (mobile) or iframe (web). Custom branding, colours, and logo placement supported.
Option 03: SSO Integration
SAML 2.0 or OAuth 2.0 single sign-on. Users authenticate once through your identity provider. Supports Active Directory, Okta, Auth0, and custom IdPs.
Option 04: REST API
Full API access for custom builds. Submit images via multipart upload, receive structured JSON responses with condition predictions, confidence scores, and triage recommendations.
JWT Authentication & Security Model
All API and WebView integrations use JWT (JSON Web Token) authentication with configurable signing algorithms (HS256 or RS256). Each partner tenant receives a unique webhook secret and can configure callback URLs per environment. The security model is designed to meet enterprise requirements including financial services and healthcare compliance standards.
JWT Payload Structure
{
"sub": "partner-user-id-123",
"iss": "your-tenant-id",
"iat": 1711700000,
"exp": 1711703600,
"jti": "unique-token-id",
"partner_id": "your-partner-uuid",
"callback_url": "https://your-app.com/callback"
}Security Features
- One-time use JTI enforcement prevents token replay attacks across all endpoints
- Configurable token expiry (default: 1 hour) with automatic refresh support
- Sandbox and production environments with fully isolated credentials and data stores
- All data encrypted in transit (TLS 1.3) and at rest (AES-256) with key rotation policies
Webhook Integration Model
ScanSkinAI uses a webhook-based architecture to deliver analysis results asynchronously. When a user completes a scan, the system posts structured results to your configured webhook endpoint within seconds. This event-driven model ensures your platform can react to scan results in real-time — triggering notifications, updating dashboards, or routing to care pathways.
Webhooks are signed using HMAC-SHA256 with your partner-specific webhook secret, allowing your server to verify payload authenticity. Failed deliveries are automatically retried with exponential backoff for up to 72 hours.
Webhook Payload Example
{
"event": "analysis.completed",
"partner_user_id": "user-123",
"analysis_id": "uuid",
"triage_route": 2,
"risk_level": "moderate",
"conditions": [
{ "name": "Eczema", "confidence": 0.87 },
{ "name": "Contact Dermatitis", "confidence": 0.12 }
],
"timestamp": "2026-03-29T10:30:00Z"
}GDPR, HIPAA-Readiness & Data Compliance
ScanSkinAI is designed from the ground up for GDPR, HIPAA-readiness, and UK Data Protection Act compliance. For technical decision-makers evaluating data governance, here's how we handle key compliance requirements:
- Data Processing Agreements: Standard DPAs provided for all enterprise partners with configurable data residency options
- Consent Management: User consent capture built into the analysis flow with configurable consent text per partner
- Right to Erasure: Full GDPR Article 17 support — user data deletable via API endpoint or admin panel
- ISO 27001:2022: Independently audited information security management system with continuous monitoring
- ISO 13485: Medical device quality management system ensuring consistent, reproducible AI outputs
- Audit Logging: Comprehensive audit trail for all API calls, data access, and administrative actions
Turnaround Times & Service Level Agreements
ScanSkinAI operates at three speed tiers, allowing partners to offer differentiated service levels to their users:
< 30 seconds
AI Analysis
Instant results for 31+ conditions with confidence scores and triage routing
8 hours
Express Review
Board-certified dermatologist review with clinical notes and care recommendations
48 hours
Standard Review
Detailed clinical review with differential diagnosis and treatment pathway guidance
Typical Implementation Timeline
Integration timelines vary by deployment model. Here's what to expect for each pathway:
Direct App
Tenant provisioning, branding configuration, and user onboarding materials
WebView / Iframe
Frontend embed, JWT signing implementation, callback URL configuration
SSO Integration
IdP configuration, SAML/OAuth flow testing, user provisioning pipeline
Full API Integration
API integration, webhook handlers, custom UI build, end-to-end testing
Frequently Asked Questions
Ready to Integrate AI Skin Screening?
Explore our deployment options and get your sandbox credentials to start building.