Skip to main content
  • Transport. TLS 1.2+ only; plain HTTP is rejected.
  • Authentication. API key per integration, sent as a bearer token or X-API-Key header. Keys are prefixed rec_sk_ for secret-scanner detection.
  • Data handling. Audio is transcribed and used to generate the requested note, then discarded from the processing pipeline. No patient identifiers are required by the API — you decide what context to send.
  • No persistence by default. The public API returns the note in the response and does not store it on Recnote’s side unless explicitly agreed for your integration.
  • Production hardening. For the production phase we agree on the authentication model (per-user keys, rotation, IP allow-listing) that fits your deployment.
Questions on data residency, processing agreements, or on-prem options — contact your Recnote representative.