Skip to main content
The Corti Embedded Assistant API enables seamless integration of Corti Assistant into host applications, such as Electronic Health Record (EHR) systems, web-based clinical portals, or native applications using embedded WebViews. The implementation provides a robust, consistent, and secure interface for parent applications to control and interact with embedded Corti Assistant.
The details outlined below are for you to embed the Corti Assistant “AI scribe solution” natively within your application. To lean more about the full Corti API, please see more here

Overview

The Embedded Assistant API is a communication interface that allows your application to embed and control Corti Assistant within your own application interface. It provides programmatic control over authentication, session management, interaction creation, document generation, and more. The API enables two-way communication between your application and the embedded Corti Assistant, allowing you to:
  • Authenticate users and manage sessions
  • Create and manage clinical interactions
  • Configure the Assistant interface and appearance
  • Control recording functionality
  • Receive real-time events and updates
  • Access generated documents and transcripts

Requirements

Before getting started, ensure you have:
  • Created an OAuth Client for Corti Assistant: You’ll need to create a Corti Assistant specific client from the Developer Console. Note, you may need to request access from our Activation Team.
  • Modern browser or WebView: For web applications, use a modern browser. For native apps, use a modern WebView (WebView2, WKWebView, or Chromium-based WebView)
  • HTTPS: The embedded Assistant must be loaded over HTTPS (required for microphone access)
  • Microphone permissions: Your application must request and handle microphone permissions appropriately
  • OAuth2 client: You’ll need an OAuth2 client configured for user-based authentication

Recommendations

  • Use PostMessage API for iframe/WebView integrations and cross-origin scenarios
  • Use Window API for same-origin integrations where direct JavaScript access is preferred
  • Implement proper error handling for all API calls
  • Handle authentication token refresh to maintain user sessions
  • Request microphone permissions before initializing the embedded Assistant

Available Regions

Choosing an Integration Method

The Embedded Assistant API offers two integration methods, each suited for different use cases:

When to Use PostMessage API

Use the PostMessage API when:
  • Embedding in a web application (iframe-based integration)
  • Cross-origin communication is required
  • Native applications using WebViews (iOS WKWebView, Android WebView, Windows WebView2)
  • You need secure cross-origin communication between different domains
  • Your application and Corti Assistant are served from different origins
The PostMessage API uses the browser’s postMessage mechanism, which is the standard way to communicate securely across origins. PostMessage API Quick Start - Complete guide for initializing and authenticating with the PostMessage API

When to Use Window API

Use the Window API when:
  • Same-origin integration (your application and Corti Assistant share the same domain)
  • Direct JavaScript access is preferred
  • TypeScript support and type safety are important
  • You want synchronous API calls with Promise-based methods
  • Your application is a single-page application (SPA) that can load Corti Assistant directly
The Window API provides direct access to window.CortiEmbedded.v1, offering a more traditional JavaScript API experience. Window API Quick Start - Complete guide for initializing and authenticating with the Window API

Quick Decision Guide

ScenarioRecommended Method
Web app embedding via iframePostMessage API
Native app with WebViewPostMessage API
Same-origin web integrationWindow API
Cross-origin integrationPostMessage API
Need TypeScript typesWindow API
Need cross-browser compatibilityPostMessage API
Both guides include complete code examples for authentication, configuration, and creating interactions.

Documentation

  • PostMessage API - Complete guide for iframe/WebView integrations using postMessage
  • Window API - Complete guide for direct integrations using the Window API
  • API Reference - Complete reference for all actions, events, message types, and return values
  • OAuth Authentication - Guide for implementing OAuth2 authentication flows

Next Steps

  1. Review the OAuth Authentication Guide to set up user authentication
  2. Choose your integration method based on your use case
  3. Review the detailed documentation for your chosen method
  4. Consult the API Reference for all available actions and events
  5. Implement your integration following the examples and best practices
Please contact us for help or questions.