Creating an account as an unauthenticated user
Unauthenticated users have the ability to create accounts by POSTing to the
/accounts endpoint.
- Unauthenticated users can also create contacts and locations for the account using POST
/accounts/*/contactsand POST/accounts/*/locations. However, this must be done in a single POST/accountscall that uses request inclusion for any contacts and locations. You cannot call the POST/accounts/*/contactsor POST/accounts/*/locationsendpoints on their own. - For a complete list of the endpoint access available to unauthenticated users, refer to
the
Unauthenticated.role.yamlfile in the directory. - For more information on how to create accounts using the
/accountsendpoint, see the Cloud API Consumer Guide.
In response to this POST, PolicyCenter sends a response object. The body of the response
contains information about the new account, such as the account's account number. The response
header contains a GW-Access-Token attribute whose value is a self-signed JWT.
The caller application must save this JWT so that it can be included in any subsequent call
that the caller wants to make for the account that was just created.
For example, suppose there is an unauthenticated user who wants to create an account. The following information is true about this user:
- Name: Bill Presley
- Primary Address: 1234 Hillsdale Blvd, Foster City, CA, 12345
- Producer: Armstrong and Company (whose public ID is "pc:6")
The caller application can create an account for this user by executing a POST
/accounts with the following request payload:
{
"data": {
"attributes": {
"accountHolder": {
"refid": "newperson"
},
"organizationType": {
"code": "individual"
},
"preferredCoverageCurrency": {
"code": "USD"
},
"preferredSettlementCurrency": {
"code": "USD"
},
"primaryLocation": {
"refid": "newloc"
},
"producerCodes": [
{
"id": "pc:6"
}
]
}
},
"included": {
"AccountContact": [
{
"attributes": {
"contactSubtype": "Person",
"firstName": "Bill",
"lastName": "Presley",
"primaryAddress": {
"addressLine1": "1234 Hillsdale Blvd",
"city": "Foster City",
"postalCode": "12345",
"state": {
"code": "CA"
}
}
},
"method": "post",
"refid": "newperson",
"uri": "/account/v1/accounts/this/contacts"
}
],
"AccountLocation": [
{
"attributes": {
"locationCode": "0001",
"locationName": "Location 0001",
"nonSpecific": true,
"postalCode": "12345",
"state": {
"code": "CA"
}
},
"method": "post",
"refid": "newloc",
"uri": "/account/v1/accounts/this/locations"
}
]
}
}PolicyCenter creates an account, which in this case is assigned an account number of
2558363138. PolicyCenter also sends a response object. In the response header, the
GW-Access-Token attribute is set to the following:
eyJhbGciOiJIUzUxMiIsImtpZCI6ImN1cnJlbnRfa2V5IiwidHlwIjoiSldUIn0.eyJleHAiOjE1OTU1NjYzNjksImdyb3VwcyI6WyJwYy5hbm9ueW1
vdXMiXSwiaWF0IjoxNTk1NTU1NTY5LCJpc3MiOiJQQyIsImp0aSI6InJCMEVDYVdoOVh1Y2U5M3cyYkFETnVXOUszdkZoUGxuS0FpbVR3NVdFNWNueW
9VM0FBQUFCQS4uIiwicGNfYWNjb3VudE51bWJlcnMiOlsiMjU1ODM2MzEzOCJdLCJzdWIiOiJhdXRoIiwidGVuYW50X2lkIjoiTm9UZW5hbnQiLCJ0e
XBlIjoiYWNjb3VudEhvbGRlciJ9.Ix4GCz4nJg_QM3AsC-jVyZU_V8ysGBgWfvIxAIS59t7EN2C6Pi2QgJRs09y0ThqFX-_1-ucD58Vunqs5dMivJgThe decoded payload for this JWT is:
{
"exp": 1595566369,
"groups": [
"pc.anonymous"
],
"iat": 1595555569,
"iss": "PC",
"jti": "rB0ECaWh9Xuce93w2bADNuW9K3vFhPlnKAimTw5WE5cnyoU3AAAABA..",
"pc_accountNumbers": [
"2558363138"
],
"sub": "auth",
"tenant_id": "NoTenant",
"type": "accountHolder"
}Note the following:
- The
groupstoken claim includespc.anonymous. On subsequent calls, the bearer of this token will be granted the API role named "anonymous". - The
pc_accountNumberstoken claim lists 2558363138. On subsequent calls, the bearer of this token will be able to view and create data related to account 2558363138 and any of its related information.