NessyAPI

Clinical decision support API. Typed SDKs for Node and Python, webhook signing with replay protection, and a stable error catalogue. Build symptom-to-differential flows into your product in an afternoon.

Pick your SDK #

Both SDKs cover the same surface. Pick the one your stack runs. Skip ahead to the Quickstart if you already know which.

Node.js / TypeScript

@nessyapi/sdk

Zero runtime dependencies, ESM + CJS, full TypeScript types, built-in retry with idempotency keys, webhook HMAC verification. Runs on Node 18.17+, Bun, Deno, Cloudflare Workers.

Browse Node reference

Python

nessyapi-sdk

Sync and async clients, dataclass response models, webhook signature verification with replay protection. Tested against Python 3.11+.

Browse Python reference

Install #

# Node
npm install @nessyapi/sdk

# Python
pip install nessyapi-sdk

Quickstart #

Five lines from import to a ranked differential. The same flow in both languages — switch tabs to compare.

          
import { NessyClient } from "@nessyapi/sdk";

const nessy = new NessyClient({ apiKey: process.env.NESSY_API_KEY! });
const session = await nessy.sessions.create({ chiefComplaint: "chest pain" });
const result   = await nessy.sessions.runAssessment(session.id);
// result.differentials carries the ranked Dx list.
        
from nessyapi_sdk import NessyClient

nessy   = NessyClient(api_key=os.environ["NESSY_API_KEY"])
session = nessy.create_session(chief_complaint="chest pain")
result  = nessy.run_assessment(session.session_id)
# result.differentials carries the ranked Dx list.

Test keys are prefixed nsy_test_* and don't draw from your token balance. Every workspace gets one by default; rotate from the dashboard's API Keys page.

Authentication #

Every request carries a Bearer API key in the Authorization header. Keys are nsy_live_* for production, nsy_test_* for sandbox traffic. The SDKs build the header for you — never log the raw key, even at DEBUG level.

          
curl -X POST https://nessyapi.bravemeadow-4ea62cad.northeurope.azurecontainerapps.io/v1/sessions \
  -H "Authorization: Bearer nsy_live_…" \
  -H "Content-Type: application/json" \
  -d '{"chief_complaint": "chest pain"}'

Webhooks #

Subscribe in the dashboard's Webhooks page. Each delivery is signed with HMAC-SHA256 over the timestamp and body; the SDKs ship a verifier with built-in replay-window enforcement.

          
          
          
        

import { verifyWebhookSignature } from "@nessyapi/sdk";

const ok = verifyWebhookSignature({
  payload: rawBody,
  signature: req.headers["x-nessyapi-signature-256"],
  timestamp: req.headers["x-nessyapi-timestamp"],
  secret:    process.env.WEBHOOK_SIGNING_SECRET!,
});
if (!ok) return res.status(401).end();
        

from nessyapi_sdk import verify_webhook_signature

ok = verify_webhook_signature(
    payload=raw_body,
    signature=request.headers["x-nessyapi-signature-256"],
    timestamp=request.headers["x-nessyapi-timestamp"],
    secret=os.environ["WEBHOOK_SIGNING_SECRET"],
)
if not ok:
    abort(401)
        

Errors #

Every non-2xx response carries a stable error.code string. SDKs translate them into typed NessyAPIError subclasses. The full catalogue describes each code with recovery steps.

Conventions #

Pagination: cursor-based via page_token; SDKs expose async iterators.
Idempotency: SDK retries auto-attach an idempotency key; safe to replay POSTs.
Forward-compat: typed responses carry .raw so new fields don't require an SDK upgrade.
Rate limits: 60 RPM default per key; X-RateLimit-Remaining on every response.