Build with BeamIt
Integrate medical image sharing into your workflow with our DICOMweb-native, HIPAA-compliant API platform.
Getting Started
BeamIt provides a cloud-hosted, patient-first medical image sharing platform built on the DICOMweb standard. Our API enables health systems, EHRs, and clinical applications to integrate medical image exchange seamlessly.
Cloud-Hosted
No on-prem infrastructure. Fully managed DICOM storage and viewing.
DICOMweb-Native
QIDO-RS, WADO-RS, STOW-RS — standard-compliant from day one.
Patient-First
Patients control their own images. No portal logins required for viewing.
Base URL: https://api.beamit.health/v1
All API responses are JSON unless otherwise specified (DICOM binary endpoints return multipart/related).
Authentication
BeamIt supports two authentication methods: OAuth 2.0 for user-context integrations, and API keys for server-to-server communication.
Use OAuth 2.0 when your application acts on behalf of a BeamIt user (e.g., a provider viewing studies in your EHR).
┌──────────┐ 1. Redirect ┌──────────────┐
│ Your App │ ──────────────→ │ BeamIt Auth │
│ │ │ Server │
│ │ ← ─ ─ ─ ─ ─ ─ │ │
│ │ 2. Auth Code │ │
│ │ └──────────────┘
│ │ 3. Exchange
│ │ code → tokens ┌──────────────┐
│ │ ──────────────→ │ Token │
│ │ ← ─ ─ ─ ─ ─ ─ │ Endpoint │
│ │ 4. Access + └──────────────┘
│ │ Refresh Token
│ │ 5. API calls ┌──────────────┐
│ │ ──────────────→ │ BeamIt API │
└──────────┘ └──────────────┘
# Step 1: Redirect user to authorize
https://api.beamit.health/v1/auth/authorize?
response_type=code&
client_id=YOUR_CLIENT_ID&
redirect_uri=https://yourapp.com/callback&
scope=studies:read shares:write&
state=random_state_string
# Step 3: Exchange code for tokens
curl -X POST https://api.beamit.health/v1/auth/token \
-H "Content-Type: application/json" \
-d '{
"grant_type": "authorization_code",
"code": "AUTH_CODE_FROM_CALLBACK",
"client_id": "YOUR_CLIENT_ID",
"client_secret": "YOUR_CLIENT_SECRET",
"redirect_uri": "https://yourapp.com/callback"
}'DICOMweb API Reference
BeamIt implements the DICOMweb standard (DICOM PS3.18) providing RESTful access to medical imaging data. All endpoints require authentication.
/v1/dicomweb/studiesSearch for studies matching the specified criteria. Returns DICOM JSON (application/dicom+json).
Query Parameters
| Parameter | Description |
|---|---|
PatientName | Patient name (supports wildcards *) |
StudyDate | Study date range (YYYYMMDD-YYYYMMDD) |
ModalitiesInStudy | Filter by modality (CT, MR, US, etc.) |
limit | Max results (default: 50, max: 200) |
offset | Pagination offset |
curl https://api.beamit.health/v1/dicomweb/studies?ModalitiesInStudy=CT&limit=10 \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Accept: application/dicom+json"
# Response (200 OK)
[
{
"0020000D": { "vr": "UI", "Value": ["1.2.840.113619..."] },
"00080020": { "vr": "DA", "Value": ["20260115"] },
"00080061": { "vr": "CS", "Value": ["CT"] },
"00100010": { "vr": "PN", "Value": [{"Alphabetic": "DOE^JOHN"}] },
"00201208": { "vr": "IS", "Value": [256] }
}
]Webhooks
Receive real-time notifications when events occur in BeamIt. Configure webhook endpoints from your integration dashboard.
Event Types
| Event | Description |
|---|---|
study.received | A new study has been stored via STOW-RS or upload |
study.shared | A study share link has been created |
share.accessed | A share link has been viewed by the recipient |
share.expired | A share link has reached its expiration date |
Payload Format
POST https://your-server.com/webhooks/beamit
Content-Type: application/json
X-BeamIt-Signature: sha256=abc123...
X-BeamIt-Event: study.received
{
"id": "evt_abc123",
"type": "study.received",
"createdAt": "2026-02-20T10:30:00Z",
"data": {
"studyInstanceUID": "1.2.840.113619...",
"studyDate": "20260220",
"modality": "CT",
"patientId": "patient_xyz",
"instanceCount": 256,
"studyDescription": "CT ABDOMEN PELVIS W CONTRAST"
}
}Signature Verification: Each webhook includes an HMAC-SHA256 signature in the X-BeamIt-Signature header. Verify this against your webhook secret to ensure authenticity.
Security & Compliance
BeamIt is designed from the ground up for healthcare data security and HIPAA compliance.
🔒 Encryption
- • TLS 1.2+ for all data in transit
- • AES-256 encryption at rest
- • Google Cloud KMS key management
🏥 HIPAA
- • Business Associate Agreement (BAA) available
- • PHI access logging & audit trails
- • Role-based access control (RBAC)
📋 Audit Logging
- • Every API call is logged
- • Study access tracking
- • Share link view analytics
🖥️ Zero-Footprint Viewer
- • No downloads or plugins required
- • No PHI cached on client devices
- • Automatic session expiration
DICOM Conformance Statement
BeamIt's DICOM Conformance Statement details our supported SOP Classes, Transfer Syntaxes, and network services. This document is required for health system integrations.
DICOM Conformance Statement v1.0
Covers SOP Classes, Transfer Syntaxes, Network Services, Security, and Character Sets.
View Full Conformance StatementIntegration Guide
Follow these steps to integrate BeamIt with your health system or clinical application.
Execute BAA
Sign a Business Associate Agreement with BeamIt Health. Contact our team to initiate.
Security Review
Complete a mutual security review. We'll provide our SOC 2 report and security questionnaire responses.
API Keys & Configuration
We'll provision your API credentials and configure your integration profile (PACS, EHR, or custom).
Test Environment
Develop and test against our sandbox environment with synthetic DICOM data. No PHI in testing.
Go Live
After validation, we'll promote your integration to production with full monitoring and support.
Ready to Integrate?
Contact our integration team to get started. We'll walk you through the BAA process, provide sandbox access, and help you ship your integration.
Typical integration timeline: 2–4 weeks from BAA to go-live.