developers · private beta

GetMax Platform API. Private beta.

Built on the same multi-tenant primitives the platform runs on. Per-tenant scope, audit log, rate limit and BAA come included — not bolted on. Request access if you're a partner or building integrations on top of GetMax.

Request beta access See security posture
base urlhttps://api.getmaxglobal.comauthAPI key · per-tenant scope · rate-limitedformatJSON · UTF-8 · ISO 8601 timestampsstatusprivate beta · schemas published when GA
what's exposed

Five endpoints today. More as we earn the surface.

The platform does a lot. The API surfaces the slices our partners actually ask for. We'd rather ship five endpoints with clean contracts than fifty that drift. Everything below is live in beta — schemas land at GA.

POST/v1/eligibility/checkVerify• private beta

Run a 270 eligibility request. Returns benefits, copay, deductible, OOP, prior-auth flags. Routes across Availity / Stedi / pVerify based on payer.

GET/v1/claims/agingOrion• private beta

Pull aged claims by tenant. Filterable by payer, bucket (30/60/90/120+), and assignment. Mirrors what the Orion console shows your billers.

POST/v1/denials/refileOrion• private beta

Submit a denial for automated triage + appeal-draft + refile. Returns the work order ID and the timely-filing clock.

POST/v1/calls/dialEcho• private beta

Place an outbound payer or patient call via the Echo voice fleet. Returns the call SID, persona used, and the transcript callback URL.

GET/v1/leadsStorm• private beta

Read lead records out of the Storm pipeline. Honors per-tenant scope and the Storm brand brain segmentation.

how auth works

One key. Per tenant. Per scope.

01

API key

Each integration partner gets a long-lived key, prefixed gx_live_. Pass it on every request via Authorization: Bearer <key>. Keys are rotatable from the console — and we'll rotate yours if you tell us it leaked, no questions.

02

Per-tenant scope

Every key is bound to one or more tenant IDs. The API will refuse a request that tries to read or write data outside that scope. The same isolation that runs the platform UI runs the API — same auditor, same enforcement.

03

Rate limit

Per-key bucketing with X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers on every response. 429s carry a Retry-After. Hot paths (eligibility) are tuned higher than cold paths (denial bulk).

04

Audit + BAA

Every call is signed into the audit log with the calling key, the tenant scope, the response status, and a hash of the payload — kept 6 years. Your BAA with us covers traffic on the API surface, same as the console. See /trust.

how to apply

Tell us who you are. We'll get back same day.

The API is in private beta. We're onboarding partners we can support properly — billing firms, EHR vendors, integration shops. Send the note below or email sriram@getmaxrcm.com directly.

what to put in your email
  • Your company + role + the integration you're building.
  • Which endpoints from the list above you need first.
  • Whether you handle PHI on your end (so we can route the BAA).
  • Rough request volume (orders of magnitude, not exact).
Email sriram@getmaxrcm.com

Subject line: API beta access request. We answer every email — schemas, sandbox key, and a 15-minute call to scope your integration follow on approval.