Documentation
Build, scan, and monitor with Sift Health
Sift Health crawls the public pages of a healthcare website and surfaces risk indicators related to PHI exposure — third-party trackers on patient-facing pages, transport security, security headers, intake-form handling, and privacy-policy disclosures. These docs cover the product end to end, from your first scan to the API.
What Sift Health is — and is not
Start here
New to Sift Health? Run a scan against a site you own and read the report. Then register the site for monitoring so you hear about new risk indicators as they appear.
Everything in the docs
Getting Started
Run your first scan
Submit a URL, watch the scan run, and get to a risk score and top findings in a few minutes.
Read a report
Understand the score, grade, category breakdown, severity badges, and the structured disclaimer.
Glossary
Plain-language definitions for risk score, indicator, finding, severity, and the rest of the vocabulary.
Guides
Run your first scan
A walkthrough of the free on-demand scan flow and how to act on the results.
Set up continuous monitoring
Register a site, choose a cadence, and get alerted when new risk indicators appear.
Verify domain ownership
Prove control of a domain with a DNS TXT record or a meta tag before enabling monitoring.
Triage findings
Work the open / acknowledged / resolved / false-positive workflow without drowning in noise.
Configure alerts
Tune which changes notify you — new findings, score drops, and expiring certificates.
White-label a report
Export a branded PDF you can hand to a client, a web vendor, or leadership.
Teams & roles
Invite teammates and assign owner, admin, member, or read-only access.
Recipes
Solo practice
A lean setup for a single therapist, dentist, or independent clinician.
Multi-location group
Monitor many locations or brands under one organization with shared triage.
Telehealth CI integration
Fail a deploy when a tracker lands on a patient-facing page — with a copy-paste curl.
Consultant bulk onboarding
Stand up a portfolio of client sites quickly via the API.
Concepts
How scoring works
The category weight table, how findings roll up to a 0–100 score, and the A–F grade bands.
Categories
The six risk categories, what each analyzer observes, and why patient-facing pages weigh more.
Severity taxonomy
What critical, high, medium, low, and info mean — with concrete examples.
Remediation catalog
How each finding code maps to a fix, with references you can hand to a developer.
API Reference
Overview
Base URL, authentication, rate limits, errors, and the structured disclaimer contract.
Create a scan
POST /v1/scans — queue a scan for a URL.
Get a scan
GET /v1/scans/{id} — poll scan status.
Get a report
GET /v1/scans/{id}/report — the full structured report.
Get a PDF report
GET /v1/scans/{id}/report.pdf — branded PDF (paid).
Register a site
POST /v1/sites — add a site for monitoring.
Verify a site
POST /v1/sites/{id}/verify — check DNS TXT / meta-tag proof.
List findings
GET /v1/sites/{id}/findings — filter by status.
Score history
GET /v1/sites/{id}/history — score over time.
Monitoring
Configure per-site rescan cadence and alert rules.
Contact relay
POST /api/contact — the sales/support relay behind the contact form.
Internal cron
POST /internal/run-due-scans — the scheduled rescan entrypoint.