API Authorization
Authorization to execute APIs can be based on the authentication method and user authority. The server allows clients to submit API calls to the APIs associated with the API group or list of API groups defined for the user's APISecurityGroups authority.
Authorization from InsuranceNow Interactive API
When the InsuranceNow interactive API authenticates with basic authentication, the user can submit API calls to the APIs associated with the API groups defined by user's APISecurityGroups authority. In this case, the user is based on the credentials provided to the Basic Authentication option.
When the InsuranceNow interactive API authenticates with JWT, the server allows the client
to submit API calls to the APIs associated with the API groups defined by user's
APISecurityGroups authority. By default, the JWT is created for the
DirectPortal user which has access to API provided to the
DirectSalesPortalGroup
security group.
When the InsuranceNow interactive API authenticates with OAuth2, the server verifies the user's APISecurityGroups authority setting before executing the API request. In this case, the user is the user that logged into InsuranceNow.
Authorization from Consumer Sales Portals
Consumer Sales Portals use JWT client authentication to submit API requests. By default, Consumer Sales Portal accesses the API as the DirectPortal user which has access to APIs provided to the DirectSalesPortalGroup security group.
Authorization from Consumer Service Portals
Consumer Service Portals use JWT client authentication to submit API requests. By default, the Consumer Service Portal accesses the API as the Service Portal web portal user which has access to APIs provided to the ServicePortalGroup.
Authorization from Agent Portals
Agent Portal uses OAuth 2 authentication to submit API requests. The Agent Portal accesses
the APIs as the InsuranceNow agent user that logged into the Agent Portal. By default,
InsuranceNow agent users that access the Agent Portal have access to API provided to the
AgentPortalGroup
security group.
API Security Group
InsuranceNow uses API security groups to determine which API endpoints a user has authorization to execute. The following API security groups are available:
- DirectSalesPortalGroup
- Provides access to APIs required by the consumer sales portal.
- AgentPortalGroup
- Provides access to APIs required by the agent portal.
- DataServiceGroup
- Provides access to APIs required by data services.
- ServicePortalGroup
- Provides access to APIs required by the consumer service portal.