Yes. Organizations may use an API to access data from a primary or approved source, and must provide documentation that the API collects information only from primary or approved sources.
Organizations that use an API must still meet the “Appropriate documentation” requirements in CR 1, Element A, including documentation that the organization's staff reviewed the information.
As noted in an FAQ from February 15, 2023, use of another entity’s software to collect credentialing information is not considered delegation unless the entity also reviews the information on the organization’s behalf.
HP 2023