Cowbell Cyber Platform REST APIs (v1.0)

Download OpenAPI specification:Download

Cowbell Cyber continuous underwriting platform is open to Digital Aggregators, Wholesaler brokers, Insurance agencies and Policyholders. You can integrate Cowbell cyber insurance processes and data (account, quote and policy, risk rating and more) into your own applications and workflows using these APIs. To get access credentials and become a partner, please contact us at support@cowbellcyber.ai.

Authentication

OAuth2

Security Scheme Type OAuth2
clientCredentials OAuth Flow
Token URL: /api/auth/v1/api/token
Scopes:

    Auth API

    Cowbell Platform uses OAuth2 with a client credentials grant to authenticate all requests. This HTTP authentication scheme requires that a valid accessToken is provided with every API request. Be sure to first retrieve a valid token from the authentication endpoint

    Get JWT Token

    Generates an access JWT token which must be used on all subsequent API calls

    Authorizations:
    Request Body schema: application/json

    body

    clientId
    required
    string

    Your Client ID, public identifier for your app

    secret
    required
    string

    Your Client Secret

    Responses

    Request samples

    Content type
    application/json
    {
    • "clientId": "string",
    • "secret": "string"
    }

    Response samples

    Content type
    application/json
    {
    • "accessToken": "string",
    • "refreshToken": "string"
    }

    Refresh Access Token

    Refresh your access token before it expires

    Authorizations:
    Request Body schema: application/json

    token

    refreshToken
    required
    string

    refreshToken you received on a successful login. You can use this token to refresh your access JWT token before it expires

    Responses

    Request samples

    Content type
    application/json
    {
    • "refreshToken": "string"
    }

    Response samples

    Content type
    application/json
    {
    • "accessToken": "string",
    • "refreshToken": "string"
    }

    Roles API

    REST API to get user roles

    Get All Roles

    Get list of all roles supported for your account)

    Authorizations:
    OAuth2 (users:manageusers:viewroles:view)

    Responses

    Response samples

    Content type
    application/json
    [
    • {
      }
    ]

    Get Lower Roles

    Get list of all roles supported for your account. API only return lower roles (i.e. roles with less permissions than yours)

    Authorizations:
    OAuth2 (users:manageusers:viewroles:view)

    Responses

    Response samples

    Content type
    application/json
    [
    • {
      }
    ]

    Get Role Details

    Get permissions for a given roleId

    Authorizations:
    OAuth2 (roles:view)
    path Parameters
    roleId
    required
    string

    Unique Id of the role

    Responses

    Response samples

    Content type
    application/json
    {
    • "accountRealm": true,
    • "accountType": "AGENCY",
    • "description": "string",
    • "id": "string",
    • "name": "string",
    • "permissions":
      [
      ],
    • "realm": "a",
    • "teamRealm": true
    }

    Accounts API

    REST API for Accounts

    Register Account

    Submit a new policyholder account. Account name, address, and other firmographic data is required.

    Authorizations:
    OAuth2 (accounts:manage)
    header Parameters
    X-Forwarded-Proto
    string
    Default: http

    X-Forwarded-Proto

    Request Body schema: application/json

    body

    accountId
    string

    Account ID, only required when updating an existing account

    address1
    required
    string

    Address Line 1

    address2
    string

    Address Line 2

    agencyId
    required
    string

    ID of the Retail Agency to which the account belongs

    agencyName
    string

    Agency Registered business name (not DBA). Required if agencyId is missing and daAgencyId is provided

    agentEmail
    string

    Agent / Producer email id

    agentFirstName
    string

    Agent / Producer first name

    agentLastName
    string

    Agent / Producer last name

    agentPhone
    string

    Agent / Producer phone number

    city
    required
    string

    City

    claimHistory
    required
    integer <int32>
    Enum: 0 1 2 3 4 5

    Past Claim History. 0=Never, 1=within last 12 months, 2=with last 2 years, 3=within last 3 years, 4=within last 4 years, 5=within 5years or more

    country
    string
    Value: "US"

    Country, default is US

    daAgencyId
    string

    Digital Aggregator's provided Agency Id. Either agencyId or daAgencyId must be present in the request

    dbaOrTradestyle
    string

    DBA or Trade Style

    description
    string

    Business description

    domainName
    string

    Main domain name, e.g. abc.com

    domains
    string

    Other domains. Comma separated

    dunsNumber
    string

    DUNS Number

    ein
    integer <int32>

    Employer Identification Number (EIN)

    entityType
    string
    Enum: "Independent" "Parent" "Subsidiary"

    Entity Type

    isAuthenticatingFundTransferRequests
    required
    boolean

    Do policy holder employees authenticate funds transfer requests (e.g. by calling a customer to verify the request at a predetermined phone number)? Affirmative answer is required to be eligible for Social Engineering endorsement

    isFranchise
    required
    boolean

    Is Franchise

    isPreventingUnauthorizedWireTransfers
    required
    boolean

    Do policy holder employees prevent unauthorized employees from initiating wire transfers? Affirmative answer is required to be eligible for Social Engineering endorsement

    isSecurityOfficer
    required
    boolean

    Does the policyholder agree to be the designated Information Security Contact?

    isSecurityTraining
    required
    boolean

    Does policyholder provide mandatory information security training to all employees at least annually? If not, are they willing to implement it during the policy period?

    isVerifyingBankAccounts
    required
    boolean

    Do policy holder employees verify vendor/supplier bank accounts before adding to accounts payable systems. Affirmative answer is required to be eligible for Social Engineering endorsement

    naicsCode
    required
    integer <int32>

    6-digit NAICS Code. Use NAICS API to find teh industry code, if needed

    name
    required
    string

    Registered business name (not DBA)

    natureOfBusiness
    string

    Nature Of Business

    noOfEmployeesAll
    required
    integer <int32>

    Number of Employees

    numberOfPersonalRecords
    integer <int32>
    ownershipType
    required
    string
    Enum: "Public" "Private" "Non-Profit" "Private Sector" "Partnership" "Non-Corporates"

    Ownership Type

    percentInternationalSales
    number <float>
    phoneNumber
    string

    Business Phone Number

    policyContactEmail
    required
    string

    Policyholder Contact Email

    policyContactFirstName
    required
    string

    Policyholder Contact First Name

    policyContactLastName
    required
    string

    Policyholder Contact Last Name

    policyContactPhone
    string

    Policyholder Contact Phone number

    revenue
    required
    number <double>

    Latest revenue in USD

    state
    required
    string

    State (2-letters uppercase)

    Array of objects (Team)

    Optional List of Teams, Account is part of

    url
    string
    useCloudStorage
    required
    boolean

    Does the policyholder have sensitive information stored on the cloud?

    useEncryption
    required
    boolean

    Does the policyholder encrypt all emails, mobile and computing devices containing sensitive information (e.g., PII, PHI, PCI) sent to external parties?

    yearEstablished
    required
    integer <int32>

    Year when the business was established