Skip to main content

Doxy.me embeddable SDK

Easily add doxy.me's HIPAA-compliant video sessions into your app

Drop a HIPAA-compliant video consult into your application in three lines of code. Patients land directly in your provider's waiting room — no redirects, no extra clicks, no shared infrastructure to maintain.

Here's how

```javascript
import { embedPatientRoom } from 'doxy.me';

embedPatientRoom('#consultation', 'your-clinic/dr-smith', {
  username: 'Jane Doe',
  autoCheckIn: true,
});
```

What it is

  • Headless auto-check in: pre-fill the patient's name and skip every check-in step. They land straight in the waiting room.

  • Passcode support: for rooms providers have gated. Validated server-side; never bypassed.

  • V2 frontend: Opt into doxy.me's most up-to-date patient experience with `version: 'v2'`

  • Environment overrides: point at staging or QA via `baseUrl`

  • Fully backwards compatible: existing 1.1 integrations keep working unchanged.

View the full release notes on NPM →

Why teams choose the SDK

Ship telehealth in days, not quarters.

Building video infrastructure from scratch takes 6–12 months and a dedicated team. The SDK gets you to a working consultation in an afternoon. One telehealth startup integrated in two days and shipped their MVP a week later.

HIPAA-ready out of the box

End-to-end encryption, BAAs, audit logs, and access controls are part of the platform - not a feature you build. Compliance teams sign off faster because nothing PHI-related lives in your stack.

Scales without you thinking about it

Doxy.me's infrastructure handles thousands of concurrent sessions across a global CDN with automatic quality adaptation. Capacity planning becomes someone else's problem.

Pick your integration pattern

1. Provider portal: "Launch session" button

Show your providers their schedule in your portal. When they click Launch Session, the embedded sign-in opens inline and they're in a consult.

```javascript
import { embedProviderSignIn } from 'doxy.me';

function launchProviderSession() {
  embedProviderSignIn('#session-container', {
    version: 'v2',
    width: '100%',
    height: '100%',
  });
}
```

Real-world example: Telehealth platforms like Zealthy use this pattern to surface their full provider dashboard alongside live consults — providers never leave the portal.

2. Patient portal : "Join your appointment"

Patients click a button in their dashboard and land in the waiting room. With "autoCheckIn" they bypass the check-in form entirely.

```javascript
import { embedPatientRoom } from 'doxy.me';

function joinAppointment(appointment) {
  embedPatientRoom('#consultation', appointment.roomSlug, {
    version: 'v2',
    username: appointment.patientName,
    autoCheckIn: true,
  });
}
```

Real-world example: Patient-facing platforms like Teladoc use this pattern to keep the experience inside their branded app from booking through visit.

3. EHR-launched consult: fully headless

The most powerful pattern and the one most modern integrators want. The provider clicks a Start visit button inside their EHR. Their patient receives a one-click link. Both parties land in the consult with zero check-in friction.

```javascript
embedPatientRoom('#consult', `${clinic.slug}/${provider.handle}`, {
  version: 'v2',
  username: appointment.patientName,
  passcode: appointment.passcode,    // optional, if the room has one
  autoCheckIn: true,
  onLoad: () => analytics.track('visit_started', appointment.id),
});
```

Provider intent is preserved end-to-end: if a passcode is missing or wrong, the patient sees the standard passcode-entry UX as a graceful fallback. Security is never bypassed.

4. White-label platform: different brand per tenant

Multi-tenant platforms (e.g. OpenLoop) route different clients to different Doxy.me configurations. Use `embedDoxyMe` directly with a per-client URL, plus your own styling.

```javascript
import { embedDoxyMe } from 'doxy.me';

embedDoxyMe('#portal', {
  url: `https://doxy.me/v2/check-in/${clientConfig.roomSlug}`,
  className: `client-${clientId}-iframe`,
  style: clientConfig.brandStyles,
});
```

Security and compliance

  • End-to-end encrypted video: keys never touch your servers

  • BAA available on request for all customers handling PHI

  • Audit logs for every session

  • Access controls: passcode-gated rooms, validated server-side; the SDK exposes the contract but never bypasses it

  • HIPAA-compliant infrastructure: nothing PHI-related leaves Doxy.me

When integrating, follow these basics:

  1. Always serve your application over HTTPS

  2. Authenticate users in your application before embedding the SDK

  3. Validate room slugs server-side before passing them to the SDK

  4. Clean up sessions with the returned `destroy()` method

Get started

```bash
npm install doxy.me
```

The full API reference, including every option and migration notes from 1.1.0, lives in the package below.

View the full API on npm →

Talk to us

Whether you're scoping a first integration or comparing the SDK against rolling your own, our team will walk through your use case in a 30-minute call.

Request a demo
Get implementation help
View on NPM

Did this answer your question?