Cloud API calls

InsuranceSuite Cloud API is a set of RESTful system APIs that caller applications can use to request data from or initiate action within an InsuranceSuite application. These APIs can be used by browser-based applications and service-to-service applications. This documentation uses the term caller application to generically refer to any application or service calling Cloud API.

Making Cloud API calls

The following diagram provides a high-level overview of the interaction between the caller application and the Cloud API.


Flow of request to and response from the system APIs
  1. The caller application constructs a request object. The request object consists of:
    • A header, which can contain authentication information and other metadata.
    • A payload, when necessary.
  2. The caller application sends the request to Cloud API using an HTTP command.
    • The command calls a specific endpoint.
    • The command may include query parameters that further identify the data that is desired.
    • The request object is sent with the command.
  3. Cloud API processes the request.
    • This activity uses all of the InsuranceSuite application logic, such as validation logic and pre-update rules.
    • The request is restricted by authorization controls within Cloud API.
  4. Cloud API responds with an HTTP response code (such as 200 for success) and a response object. The response object consists of:
    • A header
    • A payload, when necessary.

Cloud API and InsuranceSuite logic

In the software industry, some RESTful APIs are configured to interact directly with the database. Cloud API is not configured to behave this way. Cloud API interacts with operational data only through the layer of the application's business logic. Therefore, Cloud API always leverages the existing business logic of the application.

For example:

  • Suppose an internal user does not have permission to create an activity. If the internal user attempts to create an activity through Cloud API, the attempt results in an insufficient permissions error.
  • Suppose there is a validation rule that requires an activity's due date to be set in the future. If an external system attempts to create an activity with a due date in the past, the attempt results in a validation error.
  • Suppose there is a pre-update rule that creates an approval activity whenever a document is marked as "Final". If an external system creates a "Final" document through Cloud API, the pre-update rule will create an approval activity.