IQONEX
DEBook a call
API & integrations

GDPR-compliant AI inside your systems.

We wire Azure OpenAI, Claude and Mistral into DATEV, CRM, case-management and practice-management software. Staff don't switch between tools — the AI is where they already work.

How we buildDiscuss an API pilot

API & integrations

API integrations instead of SaaS copy-paste

A SaaS platform like Logicc ships a polished UI — but staff need to switch between their actual work tool and the AI tool, copy-paste back and forth, and the compliance architecture belongs to the vendor. We build AI into your existing systems. Staff see the AI feature where they already work. The compliance layer is yours.

Short and honest

  • SaaS platforms sell a UI — we build AI directly into your systems. Staff see the AI feature where they already work.
  • Standard architecture: Azure OpenAI in EU regions, pseudonymization per call, audit log, Entra ID auth.
  • Pilot endpoint productive in 4–8 weeks. Architecture sprint first, then implementation, then hardening.
  • Hand over to your IT with runbooks, or we keep operating it — your choice.

Why API integration over SaaS UI

Three problems we see at every customer who starts with a SaaS AI platform:

  • Workflow break: Client data lives in case-management or DATEV. Staff must copy data out, paste into the SaaS UI, copy answer back — three jumps between tools, each a source of error.
  • Compliance architecture isn't yours: pseudonymization, audit log and key rotation belong to the SaaS vendor. In a regulator audit you depend on their documentation — and on their subprocessor list.
  • Adoption gap: 30% of staff who use ChatGPT privately won't voluntarily switch to an official SaaS UI with fewer features. AI inside their own tool they see automatically — no new logins, no new habit.

What we actually build

  • Pseudonymization layer before every model call. Direct personal references (name, address, file number) replaced locally by tokens. Re-identification happens after the model response — on your side. The mapping never leaves your domain.
  • Azure OpenAI wrapper with audit log. Every call logged with user, timestamp, model used and pseudonym hash. Reproducible in dispute or regulator audit.
  • Webhook pattern for asynchronous workflows: mailbox trigger → pseudonym replacement → model call → structured output → re-identification → workflow continues.
  • Custom endpoints for industry software (DATEV API, practice-management systems, case-management tools like Advoware or RA-Micro). We know the interfaces.
  • OpenAPI spec + thin SDK layer (TypeScript, Python, optionally .NET) — committed to your repo, maintained by your team or by us.

Example architectures

IndustrySource systemAI endpointOutcome
Tax firmDATEV (receipt images)POST /classify-receipt → AI structures, output as booking suggestionReceipt processing 60% faster, manual corrections halved
Law firmCase management (Advoware/RA-Micro)POST /draft-letter → pseudonymized brief draft, lawyer reviewsRoutine briefs 30–50% faster, audit log per send
Medical practicePractice-management systemPOST /anamnesis-summary → bullet points for doctor, raw data stays in PMS5–10 minutes per first appointment, no §203 risk

Our method (4 steps)

  1. Architecture sprint (1–2 weeks): we analyze your source system, define endpoints, clarify auth + compliance, deliver an architecture document with threat model.
  2. Pilot endpoint (2–4 weeks): one use case end-to-end, with pseudonymization, audit log and test data. Runs in your staging.
  3. Hardening (1–2 weeks): load tests, quota management, error handling, monitoring dashboards. Contracts: DPA, TOMs, subprocessor list.
  4. Hand over or operate: handover to your IT with runbooks and training, or we keep operating it (see below).

Technology stack

  • Models: Azure OpenAI in EU regions (GPT-4o, GPT-5, o-series). Optional Claude via Bedrock EU for long contexts. Mistral on-prem for maximum data residency.
  • Auth: Microsoft Entra ID with Managed Identities. No API keys in code.
  • Hosting: Hetzner Falkenstein, Upsun Frankfurt, Azure Frankfurt. Never a US fallback.
  • Languages: TypeScript/Node, Python, optionally C#/.NET (for DATEV/industry integrations).
  • Logging: Azure Monitor + optionally Sentry. All logs EU-resident.

Hand over or keep operating

After the pilot you have two options. Option A: handover to your IT with complete runbooks (deployment, restore, monitoring, incident response) and a 2-day training. Assuming your IT has capacity for ongoing compliance work.

Option B: we keep operating — monitoring, quota management, model updates, security patches, compliance refresh on regulatory changes. Classic managed-service model with monthly status report. For law firms, medical practices and critical-infrastructure operators this is the default.

Ready for a call?

30 minutes, free, no strings attached. We listen to your case and tell you honestly whether and how we can help.

Pick a timeReach us in writing

Frequently asked about API integrations

How is this different from SaaS platforms like Logicc?

SaaS platforms sell a UI: staff switch between their actual work tool and the AI tool, copy-paste back and forth. We embed AI directly into your existing systems — DATEV, case-management, practice-management, CRM. Staff see the AI feature where they already work. Plus: your compliance layer is yours, not a third party's.

Which authentication do you typically use?

Microsoft Entra ID (formerly Azure AD) with Managed Identities — no API keys in code. Or OAuth2 with Conditional Access if your identity infrastructure provides that. For industry software without Entra ID integration: service principal with rotating secrets in a key vault. We decide based on your stack.

Which SDK languages do you ship?

TypeScript/Node and Python are standard. C#/.NET on request — many DATEV or industry-software integrations are .NET. Java on request. SDKs are thin wrappers around the underlying architecture, not public NPM packages — they're committed and maintained in your repo.

How long does a pilot endpoint typically take?

4–8 weeks from architecture sprint to a productive endpoint. Architecture sprint 1–2 weeks, implementation 2–4 weeks, hardening and audit log 1–2 weeks. The variable is usually the integration with your source system — the DATEV API is well documented, some PMS vendors less so.

What happens after handover? Do we have to operate it ourselves?

Two models: handover to your IT with runbooks and training, or we keep operating it (monitoring, quota, model updates, security patches). In regulated industries most customers pick option two, because compliance maintenance is its own skill.

How is your pseudonymization layer different from Logicc's §203 encryption?

Logicc encrypts before the model call — with their own architecture. We build pseudonymization as a generic layer that follows your workflow: client name → token before model, re-identification local after response. The mapping stays with you, never with us. The §203 status remains reproducible even in dispute.

Can we connect multiple models (OpenAI, Claude, Mistral) in parallel?

Yes. Our API wrappers are model-agnostic — the endpoint looks the same to your application, the backend routes to the right model per use case. Practical recommendation: Azure OpenAI as default for regulated workloads, Claude (via Bedrock EU) for long contexts, Mistral on-prem for maximum data residency.

Discuss an API pilot

30-minute intro call — you describe your setup and workflow, we sketch the architecture and a realistic pilot timeline. Written quote follows the call.

Contact form30-min AI audit