The examples below use Postman as the API execution tool. If you are not familiar with Postman, please visit their site at https://www.getpostman.com. We will provide a Postman collection for your use. You may use the API tool of your choice to execute requests. To consume the APIs, carrier must have an “Access Token” which can be generated using below steps:
1. Select the token endpoint from table below based on environment.
2. Receiving the client_id, client_secret, grant_type and available scopes first for Test environment and subsequently for the production environment from Product Representative at Assurant. New APIs are secured using OAuth 2.0 and JSON Web Token (JWT) as the access token.
3. Once the details are available, you can create an http POST request to get the access token using below steps.
4. Setting Authorization as “Basic Auth” and passing client_Id and client_secret.
5. In the request header selecting the Authorization as Basic and in request body passing the OAuth grant type and scope.
6. A successful call will return Access Token in response body.
7. The Access Token can then be used in subsequent calls to the APIs.
8. Separate disclosures and instructions for using them will be provided to you by your Account Executive, those will need to be displayed, and in some cases, agreed to from your site.
In the Authorization tab for a request in Postman, use the client_id in the Username field and client_secret in the password field.
How to select Authorization as Basic
In the Headers tab please ensure a header with the key of “Authorization” is present and that its value is “Basic”.
How to pass grant_type and scope
To get a valid token, oauth requires two key value pairs. Please ensure that your body type is x-www-form-url encoded and that both key/value pairs below are passed in the body. The scope value will be provided to you by Assurant. Once all have been provided, click Send to have the request sent to our identity provider.
The access token received in response body as below
The access token received above is an encoded JWT, it expires in 15 minutes (this can change) and can be used multiple times for API requests until it expires, at which point a new one will be required.