Ventus Sessions DocsDashboard

Introduction

Self-hosted, HIPAA-compliant session pool API for headful browser automation.

Ventus Sessions is a control plane for headful browser automation — think Browserbase, but self-hosted, HIPAA-compliant, and designed for the healthcare workflows that need a real Chrome, a real desktop, and an audit trail that holds up under inspection.

You hand us:

  • a workspace, an API key, and an Idempotency-Key header,

and we hand you back:

  • a CDP WebSocket URL to drive a fresh Chrome on a fresh Linux desktop,
  • a live-view URL a human can open to watch the same browser, and
  • a session ID that survives keep-alives, profile saves, and the audit log.

Who this is for

  • AI engineers plugging an LLM agent into a real browser without

babysitting Selenium grids or paying per-minute for a SaaS that won't sign a BAA.

  • RPA teams automating EHRs, payer portals, or anything stuck behind

a desktop-only UI — and needing to prove they did so without leaking PHI.

  • Platform teams building on top of automation: each workspace is a

multi-tenant boundary; each session is a disposable Pod.

How it fits together

  1. Sign in at the dashboard with a magic link. Magic-link only — no

passwords ever.

  1. Create a workspace. Workspaces are the unit of billing, audit, and

member access. You can be in many; each has its own slug.

  1. Mint an API key. Keys are scoped to one workspace and revealed

exactly once. Use it as a Bearer token.

  1. Call POST /v1/sessions. A fresh Chrome boots in a Pod and you

get a connect_url (CDP wss) plus a live_view_url (browser).

  1. Drive the browser via CDP from your code, or watch via the live

view. Both URLs are short-lived JWTs — refresh on reconnect.

  1. Release the session when you're done. The Pod is destroyed; PII is

scrubbed; the audit log records who did what.

Design constraints

A few things this product will not do, by deliberate choice:

  • No password auth. Magic-link or SSO only. We never store password

hashes.

  • No raw PHI in logs. Every log surface goes through a column-level

scrubbing pipeline; if you see a payer-bill number in a Cloud Logging record, that's a bug worth filing.

  • No background sessions. A session has an owner workspace, an owner

member, an audit entry. If you can't explain who started it, we don't start it.

Where to go next

Quickstart
Get from zero to a live CDP URL in five minutes.
Concepts
Workspaces, sessions, API keys, members, audit log.
API Reference
Every endpoint, every request shape, every error.
Python SDK
pip install ventus-sessions-sdk and a first session in one snippet.