Developers · CMS-0057-F · CMS-0062-P

Auth57 developers — TypeScript SDK, REST API, MCP server.

One source-linked, human-verified prior-authorization rule corpus — 10,402 rules across 51 states and 6 programs, scoped to CMS-0057-F (final, in force) and CMS-0062-P (proposed) — accessible five ways: TypeScript SDK, REST API, drop-in Web Component, MCP server for AI agents, or native Salesforce External Services.

Get an API key →See OpenAPI reference
SDK
npm install @auth57labs/sdk

Typed client + optional Lit Web Component · Node, Deno, Bun, Edge, browser

npmjs.com →GitHub →
10,402
Verified rules
51
States + DC
6
Programs
<300ms
Edge latency
100%
URL audit pass
13.4kB
SDK · gzipped

Five integration paths

Every path reads from the same verified corpus. Same response shape, same source URLs, same last_verified dates.

TypeScript SDK
auth57-sdk on npm
Node 18+ · Deno · Bun · browsers · React · Next.js
npm install auth57-sdk

import { Auth57Client } from 'auth57-sdk';
const c = new Auth57Client({ apiKey });
await c.paLookup({ state: 'CA', program: 'medicaid_ffs', drug: 'biologics' });
View on npm →
REST API
HTTPS · OpenAPI 3.1
Any language · Python · Ruby · Go · curl
curl https://api.auth57.io/v1/pa-lookup \
  ?state=CA&program=medicaid_ffs&drug=glp_1_agonists \
  -H "x-api-key: $AUTH57_KEY"
Interactive reference →
Web Component
<auth57-pa-lookup>
Marketing pages · customer portals · embeds · Salesforce Lightning
<script type="module"
  src="https://auth57labs.com/embed/pa-lookup.js"></script>

<auth57-pa-lookup
  api-key="YOUR_KEY"
  state="CA" program="medicaid_ffs"
  service="diagnostic_imaging"
  auto-query></auth57-pa-lookup>
See it live →
MCP Server
Model Context Protocol
Claude · Cursor · Zed · any MCP-compatible agent
// claude_desktop_config.json
{
  "mcpServers": {
    "auth57": {
      "command": "npx",
      "args": ["@auth57/mcp"],
      "env": { "AUTH57_API_KEY": "..." }
    }
  }
}
MCP product page →
Salesforce
External Services
Health Cloud · Service Cloud · UM reviewer tools
Setup → External Services → New from OpenAPI

Schema URL:  https://auth57labs.com/openapi.json
Named Credential: Auth57
  URL: https://auth57.io/api
  Header: x-api-key = YOUR_KEY

// paLookup, compare, statesSummary — callable from Flow
10-minute Salesforce guide →

Under the hood

What's actually running behind every API call.

Compute
Vercel Fluid Compute · Node 24 edge functions · 3-min heartbeat cron keeps isolates warm
Data
Supabase Postgres (us-east-1) · RLS on every user-facing table · daily encrypted backups · static JSON pre-generated to CDN for hot-path lookups
API-key cache
Vercel Edge Config · sub-10ms lookup · synced on every subscription event · Supabase fallback on miss
Rate limits
Per-key sliding window in Postgres · 10k/hr on pa-lookup · 2k/hr on compare · admin plans bypass
Observability
Sentry with PII-scrubbed headers · Vercel logs · every API call logged to api_calls with status + response_ms
Data integrity
Weekly cron probes every source URL in corpus · broken citations flagged in link_audit_log and fixed within business week
Spec
OpenAPI 3.1 at /openapi.json · importable into Postman · Insomnia · Salesforce External Services · Kong
Security
No PHI accepted · TLS 1.2+ · MFA · quarterly key rotation · full posture at /security

Auth + rate limits

One header. Transparent counters. 429s come with Retry-After.

Auth header
x-api-key: YOUR_UUID_KEY — UUID v4 keys from /subscribe-api, or book for a 30-day demo key
pa-lookup limit
10,000 calls/hour per key · sliding window · admin bypass
compare limit
2,000 calls/hour per key · compare fetches N states per call
Demo sessions
10 calls per 24h per demo-session UUID · no auth required
On breach
HTTP 429 with Retry-After: 3600 · body includes limit, window, retry_after_seconds
CORS
Access-Control-Allow-Origin: * on every response · OPTIONS preflight cached 24h
HTTPS only
TLS 1.2+ enforced · HSTS max-age 2 years · HTTP permanently redirected

Response shape

Identical across SDK, REST, Web Component, and MCP. Verdict, confidence, source URL, next_steps.

// GET /api/pa-lookup?state=CA&program=medicaid_ffs&service=diagnostic_imaging
{
  "state": "CA",
  "program": "medicaid_ffs",
  "query": { "service_category": "diagnostic_imaging" },
  "result": {
    "pa_required": true,
    "pa_type": "conditional",
    "confidence": 0.75,
    "notes": "Advanced imaging requires PA under Medi-Cal FFS. DHCS criteria apply.",
    "source_url": "https://www.dhcs.ca.gov/provgovpart/Pages/TAR.aspx",
    "last_verified": "2026-04-23",
    "gold_card_exempt": false,
    "gold_card_notes": null
  },
  "next_steps": [
    { "step": 1, "title": "Gather clinical documentation", "items": [ ... ] },
    { "step": 2, "title": "Submit PA request", "items": ["Submit to: DHCS"] },
    { "step": 3, "title": "Expected turnaround", "items": ["Standard: 14 days", "Expedited: 72 hours"] }
  ],
  "served_from": "static",
  "timestamp": "2026-04-24T14:22:58.442Z"
}

Everything in one place

One click to every piece of the developer surface.

Reference
OpenAPI 3.1 + Swagger UI
Interactive API reference. Try every endpoint with your key right in the browser.
SDK
auth57-sdk on npm
TypeScript client + Web Component. Zero runtime deps.
Embed
Live Web Component demo
Paste a script tag, see a verdict. Real component, real data, real CORS.
Salesforce
External Services guide
10-minute Flow-Builder integration. No Apex, no AppExchange wait.
MCP
Model Context Protocol server
Drop into Claude Desktop, Cursor, or any MCP-compatible agent in one config line.
Security
Security & compliance
No PHI · US-hosted · TLS 1.2+ · 90-day key rotation · SOC 2 Type 1 Q2 2027.
Pricing
All plans side-by-side
$99–$1,999 tiers · API is $299/mo with 10k lookups/hr · admin plans on request.
Contact
15 min with the founder
Demo keys · custom integrations · vendor-risk questionnaires.

Stop scraping payer sites.
Build on verified data.

Grab an API key and you're 30 seconds from a working lookup. Or book 15 minutes for a 30-day demo key tuned to your use case.

Get an API key →Book 15 min