At-Bay API Quickstart
This page will help you get started with At-Bay. You'll be up and running in no time!
At-Bay’s REST API provides automatic quote-to-bind-to-renew functionality for our four products:
- Admitted Cyber
- Surplus Cyber
- Surplus Technology Errors & Omissions (TEO)
- Surplus Miscellaneous Professional Liability (MPL)
To swap between each product, check out the above guides and change insurance_product
in the policy
object to ADCYB/CYB/TEO/MPL
.
API Autoquoting Parameters
Manual referrals for quotes above certain aggregate limits and company revenues
When submitting a quote outside certain parameters, the quote will be referred but they will be manually reviewed by an underwriter.
After manual review, a
GET
request to the quote option will result in a premium or decline.
Authentication
In order to get started, you’ll need two different API tokens:
- one for our demo environment
- one for our production environment.
We use a JSON Web Token for authentication.
An HTTP authorization header must be included with a specific syntax and token to make a successful API call.
These tokens are a string of about 150 to 200 characters.
-H "Authorization: Bearer {{token}}"
Location
At-Bay API is versioned: all endpoints' locations are prefixed with a version number.
The latest version of the At-Bay API is version 2.0 (v2).
There are two relevant API locations, one for testing and another for production.
API URL paths
Testing: https://api-demo.at-bay.com/v2
Production: https://api.at-bay.com/v2
Full URL example:
Testing API: https://api-demo.at-bay.com/v2/endpoint
Production API: https://api.at-bay.com/v2/endpoint
Broker of Record Logic
In our production environment, all submissions are subject to our Broker of Record (BOR) clearance process. The API will block any submission which shares a domain or physical address with another organization submitted in the previous 60 days.
Broker of Record on Demo
You will not run into Broker of Record errors. This allows you to get multiple quotes using the same domain name or address during the testing process.
Handling your first Surplus Cyber submission via API
Making a submission via API involves 3 steps:
- Make a
POST
request to our/quotes
endpoint. - Save the unique
quote_identifier
s andcompany_id
from the request. - Poll our
/quotes
endpoint by repeatedly makingGET
request to/quotes/{quote_identifier}
to view the quote.
Example Request
curl -X POST 'https://api-demo.at-bay.com/v2/quotes' \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer $YOUR_DEMO_TOKEN' \
-d '{
"client": {
"broker_email": "[email protected]",
"domains": [
"at-bay.com"
],
"name": "docs test",
"industry": "713290",
"revenue": 1000000,
"address": {
"city": "Mountain View",
"state": "California",
"street": "15 Castro Street",
"zip": "32542",
"street2": "#This is an optional field!"
}
},
"policy": {
"insurance_product": "CYB",
"quotes": [
{
"aggregate_limit": 1000000,
"aggregate_retention": 5000
},
{
"aggregate_limit": 2000000,
"aggregate_retention": 5000
},
{
"aggregate_limit": 3000000,
"aggregate_retention": 5000
}
]
},
"questions": [
{
"id": "2244",
"value": ["None of the above"]
},
{
"id": "2159",
"value": "false"
},
{
"id": "2142",
"value": "true"
},
{
"id": "2300",
"value": "true"
},
{
"id": "2301",
"value": "true"
},
{
"id": "2302",
"value": "Google"
},
{
"id": "2304",
"value": "Fortinet FortiEDR"
},
{
"id": "2146",
"value": "false"
},
{
"id": "2147",
"value": "false"
}
]
}'
The API Response
Since we requested 3 different policies, we'll get three corresponding objects for each quote.
The company_id
is the unique identifier representing the applicant.
Make sure to save the company_id
and a quote_identifier
for later!
{
"company_id": "20307",
"quotes": [
{
"aggregate_limit": 1000000, // to be deprecated
"aggregate_retention": 5000, // to be deprecated
"per_claim_limit": 1000000, // to be deprecated
"quote_identifier": "04a9e085-5f59-4c2b-8c06-66af88d23be7",
"requested_aggregate_limit": 1000000,
"requested_aggregate_retention": 5000,
"requested_per_claim_limit": 1000000
},
{
"aggregate_limit": 2000000, // to be deprecated
"aggregate_retention": 5000, // to be deprecated
"per_claim_limit": 2000000, // to be deprecated
"quote_identifier": "79ac61d1-9708-46bd-8012-4f5a88350353",
"requested_aggregate_limit": 2000000,
"requested_aggregate_retention": 5000,
"requested_per_claim_limit": 2000000
},
{
"aggregate_limit": 3000000, // to be deprecated
"aggregate_retention": 5000, // to be deprecated
"per_claim_limit": 3000000, // to be deprecated
"quote_identifier": "50a65b08-3171-4ea6-9c8c-869f3110aa40",
"requested_aggregate_limit": 3000000,
"requested_aggregate_retention": 5000,
"requested_per_claim_limit": 3000000
}
]
}
Retrieving a Completed Quote
Once a scan of the domain is completed and documents have been generated, your quote will be ready!
Our P90 for quote readiness is 40 seconds.
We recommend a polling strategy of making a GET
request every 10 seconds to retrieve the quote as soon as possible. However, your interval can vary depending on your system and user requirements.
For retrieving the $1M quote above, our GET
request will look like:
curl 'https://api-demo.at-bay.com/v2/quotes/04a9e085-5f59-4c2b-8c06-66af88d23be7' \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer $YOUR_DEMO_TOKEN'
Once the quote is ready, the response will include a complete quote object.
Updated 3 months ago