InsurGrid Public API

The InsurGrid Public API provides programmatic access to manage agencies, agents, clients, and webhook subscriptions within the InsurGrid platform. This documentation outlines all available endpoints, request formats, and response structures.

Base URL

All API requests should be made to the following base URL:

https://api.insurgrid.com

Replace this with the appropriate InsurGrid API hostname provided during onboarding.

Authentication

The InsurGrid API uses two authentication methods:

  1. OAuth 2.0 Client Credentials - For programmatic access to agency/agent provisioning endpoints
  2. Agent Access Tokens - For agent-specific operations

OAuth Client Authentication

To access the API programmatically, you'll need to generate an access token using your client credentials.

POST /oauth/token

Request Body
{
    "grant_type": "client_credentials",
    "client_id": "YOUR_CLIENT_ID",
    "client_secret": "YOUR_CLIENT_SECRET"
}
Response
{
    "access_token": "YOUR_ACCESS_TOKEN",
    "token_type": "bearer",
    "expires_in": 3600
}

Use the returned access token in the Authorization header for all API requests:

Authorization: Bearer YOUR_ACCESS_TOKEN
Sample Code
cURL
JavaScript
Python
curl -X POST \
  https://api.insurgrid.com/oauth/token \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json' \
  -d '{
    "grant_type": "client_credentials",
    "client_id": "YOUR_CLIENT_ID",
    "client_secret": "YOUR_CLIENT_SECRET"
}'

Error Handling

The API returns standard HTTP status codes:

Status Code Description
200 OK Request successful
204 No Content Request successful, no content returned
400 Bad Request Invalid request parameters
401 Unauthorized Invalid or missing authentication
403 Forbidden Authenticated but insufficient permissions
404 Not Found Resource not found
422 Unprocessable Entity Validation errors
429 Too Many Requests Rate limit exceeded
500 Server Error Internal server error

Error responses include a JSON body with details:

{
    "error": {
        "message": "Error description",
        "details": [...]  // Optional field with specific error details
    }
}

Common Error Scenarios

  • Attempting to access an agency not associated with your OAuth client
  • Attempting to reassign a client to an agent in a different agency
  • Insufficient permissions for the requested operation
  • Invalid UUID format for client, submission, or declaration page identifiers

Rate Limiting

API requests are subject to rate limiting. The current limits are:

  • OAuth token generation: 10 requests per minute
  • All other endpoints: 60 requests per minute per OAuth token or agent access token

When rate limited, the API will return a 429 Too Many Requests status code with headers indicating the rate limit and when you can retry:

X-RateLimit-Limit: 60
X-RateLimit-Remaining: 0
X-RateLimit-Reset: 1620000000
Retry-After: 60

Agency & Agent Provisioning

GET /v1/agents

Lists all agents provisioned in the system.

Authentication

OAuth Client Access Token

Query Parameters

Parameter Type Description
filterByEmail optional string Email address filter
includeDeactivated optional boolean Whether to include deactivated agents (Default: false)
page optional integer Page number for pagination
perPage optional integer Number of results per page

Response

Collection of agents with their details and their associated agencies

{
    "data": [
        {
            "id": 123,
            "first_name": "John",
            "last_name": "Doe",
            "email": "john.doe@example.com",
            "slug": "john-doe-xyz",
            "phone_number": "555-123-4567",
            "is_admin": true,
            "agency": {
                "id": 456,
                "name": "Example Insurance Agency",
                "color_code": "3A71F8"
            }
        },
        // Additional agents...
    ],
    "links": {
        "first": "https://api.insurgrid.com/v1/agents?page=1",
        "last": "https://api.insurgrid.com/v1/agents?page=5",
        "prev": null,
        "next": "https://api.insurgrid.com/v1/agents?page=2"
    },
    "meta": {
        "current_page": 1,
        "from": 1,
        "last_page": 5,
        "path": "https://api.insurgrid.com/v1/agents",
        "per_page": 25,
        "to": 25,
        "total": 125
    }
}

Implementation Notes

  • Results are paginated
  • Filtered by OAuth Client - only returns agents associated with agencies linked to the authenticated OAuth client

Sample Code

cURL
JavaScript
Python
curl -X GET \
  'https://api.insurgrid.com/v1/agents?filterByEmail=john@example.com&includeDeactivated=false&page=1&perPage=25' \
  -H 'Authorization: Bearer YOUR_ACCESS_TOKEN' \
  -H 'Accept: application/json'

POST /v1/agencies

Creates a new agency and admin agent.

Authentication

OAuth Client Access Token

Request Body

{
    "agency_name": "Agency Name",
    "email": "agent@example.com",
    "first_name": "First",
    "last_name": "Last",
    "referral": "optional-referral-source"
}
Parameter Type Description
agency_name required string Name of the agency
email required string Email address of the agency owner/admin
first_name required string First name of the agency owner/admin
last_name required string Last name of the agency owner/admin
referral optional string Referral source information

Response

{
    "data": {
        "agency": {
            "id": 123,
            "name": "Agency Name",
            "color_code": "3A71F8"
        },
        "agent": {
            "id": 456,
            "first_name": "First",
            "last_name": "Last",
            "email": "agent@example.com",
            "slug": "first-last-xyz",
            "is_admin": true,
            "access_token": "OWNER_ACCESS_TOKEN"
        }
    }
}

Implementation Notes

  • The created agency will be automatically associated with the authenticated OAuth client
  • An owner agent is automatically created with admin privileges
  • The returned access token should be securely stored for the agent

Sample Code

cURL
JavaScript
Python
curl -X POST \
  https://api.insurgrid.com/v1/agencies \
  -H 'Authorization: Bearer YOUR_ACCESS_TOKEN' \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json' \
  -d '{
    "agency_name": "Example Insurance Agency",
    "email": "owner@example.com",
    "first_name": "John",
    "last_name": "Doe",
    "referral": "Partner Program"
}'

POST /v1/agencies/:agency_id/agents

Adds a new agent to an existing agency.

Authentication

OAuth Client Access Token

Path Parameters

Parameter Type Description
agency_id required integer ID of the agency

Request Body

{
    "first_name": "First",
    "last_name": "Last",
    "email": "agent@example.com",
    "slug_suffix": "custom-suffix",
    "phone_number": "202-555-0192",
    "is_admin": false
}
Parameter Type Description
first_name required string Agent's first name
last_name required string Agent's last name
email required string Agent's email address
slug_suffix optional string Custom URL slug suffix
phone_number optional string Agent's phone number
is_admin optional boolean Whether the agent has admin privileges (Default: false)
profile_picture optional file Agent's profile picture

Response

{
    "data": {
        "id": 789,
        "first_name": "First",
        "last_name": "Last",
        "email": "agent@example.com",
        "slug": "first-last-custom-suffix",
        "phone_number": "202-555-0192",
        "is_admin": false,
        "access_token": "AGENT_ACCESS_TOKEN"
    }
}

Implementation Notes

  • The agency must be associated with the authenticated OAuth client
  • A unique slug is generated for the agent (can be customized with slug_suffix)
  • Profile pictures must be sent using multipart/form-data

DELETE /v1/agencies/:agency_id

Deactivates an agency and all its agents.

Authentication

OAuth Client Access Token

Path Parameters

Parameter Type Description
agency_id required integer ID of the agency to deactivate

Response

Empty response with 204 No Content status code

Implementation Notes

  • The agency must be associated with the authenticated OAuth client
  • This action will deactivate all agents belonging to the agency
  • Deactivated agencies can still be queried with the proper includeDeactivated flag

DELETE /v1/agents/:agent_id

Deactivates an agent as OAuth client.

Authentication

OAuth Client Access Token

Path Parameters

Parameter Type Description
agent_id required integer ID of the agent to deactivate

Response

Empty response with 204 No Content status code

Implementation Notes

  • The agent must belong to an agency associated with the authenticated OAuth client
  • Deactivating an owner agent may require reassigning ownership first

POST /v1/agents/:agent_id/reset-access-token

Resets an agent's access token.

Authentication

OAuth Client Access Token

Path Parameters

Parameter Type Description
agent_id required integer ID of the agent

Response

{
    "data": {
        "agency": {
            "id": 123,
            "name": "Agency Name",
            "color_code": "3A71F8"
        },
        "agent": {
            "id": 456,
            "first_name": "First",
            "last_name": "Last",
            "email": "agent@example.com",
            "slug": "first-last-xyz",
            "access_token": "NEW_ACCESS_TOKEN"
        }
    }
}

Implementation Notes

  • The agent must belong to an agency associated with the authenticated OAuth client
  • All existing tokens for this agent will be revoked
  • The new token should be securely stored as it cannot be retrieved again later

Agent API

GET /v1/agencies/:agency_id

Retrieves information about an agency.

Authentication

Agent Access Token

Permissions Required

Any agent role

Path Parameters

Parameter Type Description
agency_id required integer ID of the agency

Response

{
    "data": {
        "id": 123,
        "name": "Agency Name",
        "color_code": "3A71F8",
        "logo_url": "https://example.com/logo.png"
    }
}

Implementation Notes

  • The authenticated agent must belong to the requested agency

PATCH /v1/agencies/:agency_id

Updates agency settings.

Authentication

Agent Access Token

Permissions Required

Admin privileges

Path Parameters

Parameter Type Description
agency_id required integer ID of the agency

Request Body

{
    "color_code": "3A71F8",
    "name": "Updated Agency Name"
}
Parameter Type Description
color_code optional string Hex color code for agency branding (without #)
name optional string Updated agency name
logo optional file Agency logo image

Response

{
    "data": {
        "id": 123,
        "name": "Updated Agency Name",
        "color_code": "3A71F8",
        "logo_url": "https://example.com/logo.png"
    }
}

Implementation Notes

  • The authenticated agent must have admin privileges in the agency
  • For uploading a logo, the request must use multipart/form-data
  • When using multipart/form-data with a PATCH request, include _method=PATCH in the form data

GET /v1/agencies/:agency_id/agents/:agent_id

Retrieves information about an agent.

PATCH /v1/agencies/:agency_id/agents/:agent_id

Updates agent information.

GET /v1/agents/:agent_id/clients

Retrieves an agent's clients with optional filtering.

GET /v1/agents/:agent_id/clients/:client_uuid

Retrieves detailed information about a specific client.

GET /v1/agents/:agent_id/clients/:client_uuid/submission/:client_submission_uuid/declaration-page/:client_submission_declaration_page_uuid

Generates a download link for a client's declaration page.

POST /v1/agents/:agent_id/clients/:client_uuid/reassign

Transfers a client from one agent to another.

POST /v1/agents/:agent_id/clients/:client_uuid/destroy

Permanently removes a client and all associated data.

DELETE /v1/agencies/:agency_id/agents/:agent_id

Deactivates an agent from the admin/owner account.

PATCH /v1/agents/:agent_id/additional-questions

Enables or disables additional questions for clients.

POST /v1/client

Creates a new client.

Webhook Events

Webhooks can subscribe to the following events:

  • * - All events
  • client-submission.complete - When a client completes their submission
  • client-submission.declaration-page-upload - When a declaration page is uploaded
  • client.reassigned - When a client is reassigned to another agent
  • client.updated - When client information is updated
  • client.sales-funnel-status-change - When a client's sales funnel status changes

POST /v1/webhooks

Creates a new webhook subscription.

GET /v1/webhooks/:webhook_uuid

Retrieves information about a specific webhook subscription.

PATCH /v1/webhooks/:webhook_uuid

Updates an existing webhook subscription.

GET /v1/webhooks

Retrieves all webhook subscriptions for the authenticated agent's agency.

DELETE /v1/webhooks/:webhook_uuid

Removes a webhook subscription.

Recommended Implementation Practices

Token Management

  • Store access tokens securely
  • Implement token refresh logic
  • Never expose tokens in client-side code

Error Handling

  • Implement comprehensive error handling for all API calls
  • Add retries with exponential backoff for rate limiting and network errors
  • Log API responses for debugging

Webhook Security

  • Verify webhook signatures (documentation provided separately)
  • Implement idempotent webhook handling
  • Set up timeouts for webhook processing

Best Practices

  • Use pagination for listing endpoints to avoid large responses
  • Include relationship loading (include parameter) only when needed
  • Implement client-side caching where appropriate

Support

For support or questions about the InsurGrid API, please contact support@insurgrid.com.

For technical assistance, include:

  • Your OAuth client ID (not the secret)
  • Request details (URL, headers, body)
  • Any error responses received
  • Timestamps of when the request was made