Types of callers

Within the context of system API authentication, a caller is a user or service who triggers a system API call from a caller application.

There are several different types of callers. This documentation uses the following terms to identify them:

  • Internal user - This is a person who is listed as a user in the PolicyCenter operational database. For example, Alice Applegate, a PolicyCenter underwriter, is an internal user.
    • Note that internal users can use caller applications and trigger system API calls from those applications. For example, suppose there is a location photography portal that contains pictures of covered buildings taken by a third-party field agent. An underwriter reviews and selects pictures to be saved to PolicyCenter. This action triggers a system API call by an internal user from a caller application.
  • External user - This is a person who is known to the insurer but who is not listed as a user in the PolicyCenter operational database. For PolicyCenter, there is one typical type of external user:
    • Account holders - Users who want to interact with information about their accounts and policies. For example, Ray Newton, who is a policyholder and wants to verify what coverages he has.
  • Anonymous user - This is a person who is not yet known to the insurer but who may establish a business relationship with the insurer. Typically, an anonymous user can only create an account (and its associated objects), quote a submission, and bind a submission. Once an anonymous user binds a submission, they logically move from being an anonymous user to an external user.
  • Service - This is a service, also referred to as a service-to-service application. For example, a billing service that processes premium payments and periodically reports to PolicyCenter when a policy is delinquent. There are several ways in which a service can make a call:
    • As a standalone service, in which the service executes the call as itself. It does not execute the call on behalf of a specific person or through a PolicyCenter user account.
    • As a service with user context, in which the service presents information about itself and about a specific user. The call is able to do only the things that both the service by itself could do and the user by itself could do.
    • As a service with service account mapping, in which the service is mapped to an account in the PolicyCenter database and has access as determined by that account.
  • Unauthenticated caller - This is a user or service who provides no authentication information. Unauthenticated callers can access only metadata endpoints. Unauthenticated callers are typically callers who need information about the system APIs.

Within the context of authentication and authorization, this documentation uses the following terms in the following way:

  • User is used exclusively for callers that are people.
  • Service is used exclusively for callers that are not people and that take action without direct action from a person.
  • Service account is used to refer to an account in the PolicyCenter database that is used exclusively by a service and that defines access for that service.
  • Caller is used to collectively refer to users and services.