At-Bay API Quickstart

This page will help you get started with At-Bay. You'll be up and running in no time!

At-Bay’s REST API provides automatic quote-to-bind-to-renew functionality for our four products:

To swap between each product, check out the above guides and change insurance_product in the policy object to ADCYB/CYB/TEO/MPL.

API Autoquoting Parameters

🚧

Manual referrals for quotes above certain aggregate limits and company revenues

When submitting a quote outside certain parameters, the quote will be referred but they will be manually reviewed by an underwriter.

After manual review, a GET request to the quote option will result in a premium or decline.

Authentication

In order to get started, you’ll need two different API tokens:

  • one for our demo environment
  • one for our production environment.

We use a JSON Web Token for authentication.
An HTTP authorization header must be included with a specific syntax and token to make a successful API call.

These tokens are a string of about 150 to 200 characters.

-H "Authorization: Bearer {{token}}"

Location

At-Bay API is versioned: all endpoints' locations are prefixed with a version number.
The latest version of the At-Bay API is version 2.0 (v2).
There are two relevant API locations, one for testing and another for production.

👍

API URL paths

Testing: https://api-demo.at-bay.com/v2
Production: https://api.at-bay.com/v2

Full URL example:

Testing API: https://api-demo.at-bay.com/v2/endpoint
Production API: https://api.at-bay.com/v2/endpoint

Broker of Record Logic

In our production environment, all submissions are subject to our Broker of Record (BOR) clearance process. The API will block any submission which shares a domain or physical address with another organization submitted in the previous 60 days.

🚧

Broker of Record on Demo

You will not run into Broker of Record errors. This allows you to get multiple quotes using the same domain name or address during the testing process.

Handling your first Surplus Cyber submission via API

Making a submission via API involves 3 steps:

  1. Make a POST request to our /quotes endpoint.
  2. Save the unique quote_identifiers and company_id from the request.
  3. Poll our /quotes endpoint by repeatedly making GET request to /quotes/{quote_identifier} to view the quote.

Example Request

curl -X POST 'https://api-demo.at-bay.com/v2/quotes' \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer $YOUR_DEMO_TOKEN' \
-d '{
    "client": {
        "broker_email": "[email protected]",
        "domains": [
            "at-bay.com"
        ],
        "name": "docs test",
        "industry": "713290",
        "revenue": 1000000,
        "address": {
            "city": "Mountain View",
            "state": "California",
            "street": "15 Castro Street",
            "zip": "32542",
            "street2": "#This is an optional field!"
        }
    },
    "policy": {
        "insurance_product": "CYB",
        "quotes": [
        		{
                “aggregate_limit”: 1000000,
                “aggregate_retention”: 5000
            },
            {
                “aggregate_limit”: 2000000,
                “aggregate_retention”: 5000
            },
            {
                “aggregate_limit”: 3000000,
                “aggregate_retention”: 5000
            }
        ]
    },
    "questions": [
        {
            "id": "2244",
            "value": ["None of the above"]
        },
        {
            "id": "2245",
            "value": "true"
        },
        {
            "id": "2159",
            "value": "false"
        },
        {
            "id": "2147",
            "value": "false"
        },
        {
            "id": "2146",
            "value": "false"
        },
        {
            "id": "2143",
            "value": "true"
        },
        {
            "id": "2142",
            "value": "true"
        },
        {
            "id": "2141",
            "value": "true"
        }
    ]
}'

The API Response

Since we requested 3 different policies, we'll get three corresponding objects for each quote.

The company_id is the unique identifier representing the applicant.

Make sure to save the company_id and a quote_identifier for later!

{
    "company_id": "20307",
    "quotes": [
        {
            "aggregate_limit": 1000000, // to be deprecated
            "aggregate_retention": 5000, // to be deprecated
            "per_claim_limit": 1000000, // to be deprecated
            "quote_identifier": "04a9e085-5f59-4c2b-8c06-66af88d23be7",
            "requested_aggregate_limit": 1000000,
            "requested_aggregate_retention": 5000,
            "requested_per_claim_limit": 1000000
        },
        {
            "aggregate_limit": 2000000, // to be deprecated
            "aggregate_retention": 5000, // to be deprecated
            "per_claim_limit": 2000000, // to be deprecated
            "quote_identifier": "79ac61d1-9708-46bd-8012-4f5a88350353",
            "requested_aggregate_limit": 2000000,
            "requested_aggregate_retention": 5000,
            "requested_per_claim_limit": 2000000
        },
        {
            "aggregate_limit": 3000000, // to be deprecated
            "aggregate_retention": 5000, // to be deprecated
            "per_claim_limit": 3000000, // to be deprecated
            "quote_identifier": "50a65b08-3171-4ea6-9c8c-869f3110aa40",
            "requested_aggregate_limit": 3000000,
            "requested_aggregate_retention": 5000,
            "requested_per_claim_limit": 3000000
        }
    ]
}

Retrieving a Completed Quote

Once a scan of the domain is completed and documents have been generated, your quote will be ready!

Our P90 for quote readiness is 40 seconds.
We recommend a polling strategy of making a GET request every 10 seconds to retrieve the quote as soon as possible. However, your interval can vary depending on your system and user requirements.

For retrieving the $1M quote above, our GET request will look like:

curl 'https://api-demo.at-bay.com/v2/quotes/04a9e085-5f59-4c2b-8c06-66af88d23be7' \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer $YOUR_DEMO_TOKEN'

Once the quote is ready, the response will include a complete quote object.