Great American Insurance - Risk Assessment

Summary

Environment Base URLs
Environment	External URL
DEV	https://dev01.api.gaig.com/risk-assessment
UAT	https://uat01.api.gaig.com/risk-assessment
PROD	https://prod01.api.gaig.com/risk-assessment

Open API Specification

Authorization

All endpoints on this API are secured with OAuth 2.0, using the client_credentials grant type.

Environment	External URL
DEV	https://dev01.api.gaig.com/oauth/token
UAT	https://uat01.api.gaig.com/oauth/token
PROD	https://prod01.api.gaig.com/oauth/token

Environment

External URL

DEV

https://dev01.api.gaig.com/oauth/token

UAT

https://uat01.api.gaig.com/oauth/token

PROD

https://prod01.api.gaig.com/oauth/token

Example HTTP Request

POST /oauth/token HTTP/1.1
Authorization: Basic {{base64 encoded clientId:clientSecret}}
Content-Type: application/x-www-form-urlencoded

grant_type=client_credentials

Example HTTP Response

HTTP/1.1 200 OK
Content-Type: application/json

{
  "api_product_list_json": [
    "issuance-dev",
    "rating-dev"
  ],
  "token_type": "Bearer",
  "access_token": "",
  "expires_in": 3599,
}

Authorization Response Fields
Field	Type	Description
api_product_list_json	array	Array of strings indicating the authorities granted to the client.
token_type	string	This value should be placed in the Authorization header for API requests. `Authorization: {{token_type}} {{access_token}}`
access_token	string	This value should be placed in the Authorization header for API requests. `Authorization: {{token_type}} {{access_token}}`
expires_in	number	The time in seconds when the access token will expire.

Dynamic Documentation

/api/endpoints

Call this endpoint first to determine which endpoints are available to you, as a consumer. This API serves multiple business divisions, and a variety of complex insurance products. Therefore, not all endpoints apply to all consumers.

Example HTTP Request

GET /api/endpoints HTTP/1.1
Authorization: Bearer {{access_token}}

Example HTTP Response

HTTP/1.1 200 OK
Content-Type: application/json

{
    "endpoints": [
        "/api/example1",
        "/api/example2"
    ]
}

/api/docs

Call this endpoint to get specific request and response body details, which can vary based on factors such as the consumer, business division and product. The /api/docs endpoint provides dynamic documentation based on those factors.

Determine the request body required by an endpoint.

Example HTTP Request

POST /api/docs HTTP/1.1
Authorization: Bearer {{access_token}}
Content-Type: application/json

{
    "type": "request",
    "endpoint": "/api/example1",
    "format": "json",
    "scope": {
        "state": "OH"
    }
}

Determine the response body returned by an endpoint.

Example HTTP Request

POST /api/docs HTTP/1.1
Authorization: Bearer {{access_token}}
Content-Type: application/json

{
    "type": "response",
    "endpoint": "/api/example1",
    "format": "json"
}

Request Body Fields
Field	Type	Required	Description
type	string	true	Valid values: `request`, `response`
endpoint	string	true	One of the available API endpoints.
format	string	true	Valid values: `json`, `details`
scope	object	false	Additional scoping necessary for the request.

Endpoints

/api/businessClassification

Retrieves Business Classification related information from Third Party.

/api/coastalDistance

Produces coastal distances for an address.

/api/crimeScore

Produces crime scores for an address.

/api/getDriverReport

Retrieves a motor vehicle report for requested parameters.

/api/floodScore

Produces flood scores for an address.

/api/location/lookup

Looks up city state, province (applicable to Canada) or counties information based on input information such as zip code.

/api/location/recommendAddress

Recommends an address based on request information.

/api/location/validateAddress

Validates full address information.

/api/moratorium

Checks if a moratorium is in effect for a given product, county, and state.

/api/motorCarrierReport

Retrieves Carrier data via dot number.

/api/orderDriverReport

Creates a motor vehicle report for requested parameters.

/api/organization

Retrieves Non-Profit organization information.

/api/organization/search

Retrieves Non-Profit organization information.

/api/propertyValuation

Retrieves Property Valuation related information.

/api/protectionClass

Retrieves Protection Class related information.

/api/sanctionCompliance

Retrieves Sanction Compliance related information.

/api/taxonomyCodes

Retrieves taxonomy codes based on a query string.

/api/vin/lookup

Retrieves vehicle information for requested parameters.

/api/vin/verify

Verifies a vehicle identification number.

/api/wildfireScore

Produces wildfire scores for an address.

/api/zipGuidelines

Produces eligibility data for Convective Wind, Earthquake, Hurricane Wind, and Terrorism based on a Zip Code.

Example HTTP Request

POST /api/zipGuidelines HTTP/1.1
Authorization: Bearer {{access_token}}
Content-Type: application/json
Accept: application/json

{
    ...see /api/docs
}

Example HTTP Response

HTTP/1.1 200 OK
Content-Type: application/json

{
    ...see /api/docs
}

HTTP Status Codes

Successful Responses

200 - OK

The request has succeeded.

Note: Please refer to /api/docs for documentation regarding successful response bodies.

Client Errors

400 Bad Request

The server could not understand the request due to invalid syntax. Most 400 responses will contain the JSON structure in the example below. The field errors will contain an array of objects. Each object will have the fields: category, code and message. Some 400 responses may also contain additional JSON structure.

Example HTTP Response

HTTP/1.1 400 Bad Request
Content-Type: application/json

{
    "errors": [
        {
            "category": "Invalid Request",
            "code": "INVALID",
            "message": "The request was missing some piece of data."
        }
    ]
}

400 Response Fields
Field	Description
category	The category of the error.
code	This value is meant to be read by code, so that the consuming system can respond to a give error programmatically.
message	A human readable message describing the error.

401 - Unauthorized

Although the HTTP standard specifies "unauthorized", semantically this response means "unauthenticated". That is, the client must authenticate itself to get the requested response.

Example HTTP Response

HTTP/1.1 401 Unauthorized
Content-Type: application/json

{
    "fault": {
        "faultstring": "Invalid Access Token",
        "detail": {
            "errorcode": "keymanagement.service.invalid_access_token"
        }
    }
}

403 - Forbidden

The client does not have access rights to the content; that is, it is unauthorized, so the server is refusing to give the requested resource. Unlike 401, the client’s identity is known to the server.

404 - Not Found

The server can not find the requested resource. This means that the endpoint is not available on this API.

Server Errors

500 - Internal Server Error

The server has encountered a situation it doesn’t know how to handle.

Example HTTP Response

HTTP/1.1 500 Internal Server Error
Content-Type: application/json

{
    "timestamp": "2021-05-01T12:00:00.000-0400",
    "status": 500,
    "error": "Internal Server Error",
    "message": "Something went wrong. Please contact CustomerCare@GAIG.COM",
    "path": "/api/path"
}

501 - Not Implemented

The request method is not supported by the server and cannot be handled.

Note: This response may be returned if the endpoint is not relevant for the client. Please refer to /api/docs for the list of endpoints available for a client.

Example HTTP Response

HTTP/1.1 501 Not Implemented
Content-Type: application/json

{
    "timestamp": "2021-05-01T12:00:00.000-0400",
    "status": 501,
    "error": "Not Implemented",
    "message": "API not yet implemented.",
    "path": "/api/path"
}