Configuring calls between InsuranceSuite applications
In the base configuration, InsuranceSuite applications do not make calls to the Cloud API endpoints of other InsuranceSuite applications. For example, the base configuration of ClaimCenter does not make calls to Cloud API for PolicyCenter. However, through configuration, an insurer can enable this type of interaction.
To describe this behavior, this documentation uses the following terminology:
-
The calling application is the caller application.
-
The application whose Cloud API endpoints are being called is the responder application.
-
<callerAppCode>and<responderAppCode>are values that represent the two-letter code for the appropriate application (cc,pc,bc, orab).
Configuration is needed in both applications to ensure the caller application has the proper authorization.
API role in the responder application
The responder application must have an API role that defines the endpoint
access granted to the caller application. This role must be named
gw_<callerAppCode>_ext.
Scopes for the caller application
The caller application is considered to be a standalone service. Guidewire automatically registers it with the following scopes:
-
<responderAppCode>.service- This allows the caller application to use the resource access strategy for services as defined in the responder application.
scp.<responderAppCode>.gw_<callerAppCode>_ext- This is used to verify that the caller application can be granted the
gw_<callerAppCode>_extrole.
- This is used to verify that the caller application can be granted the
Example
Suppose that you have instances of both ClaimCenter and PolicyCenter. You want ClaimCenter to make calls to Cloud API for PolicyCenter. To enable this, the following must be true:
-
In PolicyCenter, there is an API role named
gw_cc_ext. This role is declared in a file whose name isgw_cc_ext.role.yaml. -
ClaimCenter is registered with the following scopes:
-
pc.service -
scp.pc.gw_cc_ext
-
- When ClaimCenter makes a call to PolicyCenter, the JWT includes this claim:
"scp": [ "pc.service", "scp.pc.gw_cc_ext", <additional tenant, project, and planet values> ]
Enabling cross-application Cloud API calls
Guidewire automatically registers every cloud instance of every InsuranceSuite application with all of the scopes needed to make cross-application calls. Specifically:
-
Instances of ClaimCenter have the following scopes registered:
-
pc.service -
bc.service -
ab.service -
scp.pc.gw_cc_ext -
scp.bc.gw_cc_ext -
scp.ab.gw_cc_ext
-
-
Instances of PolicyCenter have the following scopes registered:
-
cc.service -
bc.service -
ab.service -
scp.cc.gw_pc_ext -
scp.bc.gw_pc_ext -
scp.ab.gw_pc_ext
-
-
Instances of BillingCenter have the following scopes registered:
-
cc.service -
pc.service -
ab.service -
scp.cc.gw_bc_ext -
scp.pc.gw_bc_ext -
scp.ab.gw_bc_ext
-
-
Instances of ClaimCenter have the following scopes registered:
-
cc.service -
pc.service -
bc.service -
scp.cc.gw_ab_ext -
scp.pc.gw_ab_ext -
scp.bc.gw_ab_ext
-
However, none of the applications have the corresponding API roles.
To enable cross-application Cloud API calls, you must create
one API role in each responder application. The API role's name must adhere to the
scp.<responderAppCode>.gw_<callerAppCode>_ext naming
convention. The API role must also define whatever endpoint access is appropriate
for the caller application.
Making cross-application calls
Whenever any service calls a Cloud API endpoint, the service must acquire a JWT from
Guidewire Hub and include that JWT with the call. In the JWT, the
scp claim must specify the service's resource access strategy
and API role.
When the service is a Guidewire application that is calling Cloud API endpoints of another Guidewire InsuranceSuite application (ClaimCenter, PolicyCenter, BillingCenter, or ContactManager), the caller application is already registered with Guidewire. To acquire a JWT, the caller Guidewire application must call platform code in the same as if the caller was making a call to an Integration Gateway API.
For more information on how to do this, refer to the Integration Gateway documentation.