API Authentication
In general, all API callers must authenticate with the server and pass authorization requirements before the API request is executed by the server.
Authenticate from Interactive API
When you use the interactive API to submit API requests to the server, the authentication details for each API request are populated by the interactive tool.
- A user with the REST API Documentation View and the Administrator role accesses the interactive API.
- The user enters authorization details in the Available
Authorizations dialog.Users have the option to authorize with the following options:The authentication details apply to all API calls submitted from the interactive API for the current session unless the user selects a different authentication method.
- Basic authentication
- A valid InsuranceNow username and password provide authentication.
- JWT
- An Okta-provided JWT provides authentication.
- OAuth2
- An internally configured
swagger-api
client is used to obtain a JWT. In this case, InsuranceNow is the identity provider.Note: From the interactive API, the OAuth2 option must only be used for testing purposes.
- The user selects an API to try, enters the required parameters, and executes the API request. Before the request is executed by the server, the server validates the authorization details.
Authenticate from a Consumer Sales Portal
The Consumer Sales Portal uses a JWT from Okta to authenticate with InsuranceNow. When a consumer sales portal submits API requests to the server, the following steps occur:
When a consumer service portal user has not logged in:
- Portal submits the
POST /clients/{clientId}/sessions
API endpoint. - InsuranceNow requests an Okta-issued JWT through the Guidewire Hub.
- As requests from the Consumer Sales Portal are anonymous, Okta generates a JWT for the
directportal
user. - InsuranceNow includes the Okta-issued JWT in the API response.
- The portal includes the Okta-issued JWT in HTTP authorization header of each API request for that session.
- InsuranceNow validates the Okta-issued JWT prior to executing each API request. For more information, see Manage access to quote.
When a consumer service portal user has logged in:
- Okta generates a JWT upon user login.
- The portal included the Okta-issued JWT in HTTP authorization header of each API request for that session.
- InsuranceNow validates the Okta-issued JWT prior to executing each API request.
Authenticate from an Agent Portal
- The Agent Portal uses OAuth2 to authenticate with the server as the InsuranceNow agent user.
- The identity provider generates a JWT for the InsuranceNow agent user using OAuth2.
- The Agent Portal includes the JWT in the HTTP authorization header of each API request.
For the steps to configure Agent Portal authentication, see Agent Portal authentication.
Authenticate from a Consumer Service Portal
The Consumer Service Portal uses a JWT from Okta to authenticate with InsuranceNow. JWT client authentication requires that InsuranceNow is configured with the required settings and credentials to request and decode a JWT from Okta.
- When a consumer service portal user has not logged in:
- Portal submits the
POST /clients/{clientId}/sessions API
endpoint. - Portal submits the
POST /clients/{clientId}/sessions API
endpoint. - InsuranceNow requests an Okta-issued JWT through the Guidewire Hub.
- Okta generates a JWT for the portal user.
- InsuranceNow includes the Okta-issued JWT in the API response.
- The portal includes the Okta-issued JWT in HTTP authorization header of each API request for that session.
- InsuranceNow validates the Okta-issued JWT prior to executing each API request.
- Portal submits the
- When a consumer service portal user has logged in:
- Okta generates a JWT upon user login.
- The portal included the Okta-issued JWT in HTTP authorization header of each API request for that session.
- InsuranceNow validates the Okta-issued JWT prior to executing each API request.