PrimeOne flow is implemented via REST API, using Cowbell bespoke endpoint structure.
URLs to access staging and production environments are listed below:
This endpoint will return accountID which you can then use to submit subsequent API requests.
To update firmographics on an account, such as address, insured's name, revenue, etc. you can use Update Account endpoint.
Send Security Assessment questions. List of required PrimeOne questions is available here.
In case of a successful response, you will receive 200 status code with a JSON that includes copy of submitted security questions:
List of security assessment questions can be found below:
Field Description training Is cybersecurity training required for all employees with Computer System access at least annually?* mfaEmail Is MFA deployed uniformly across all accounts and logins for access to the following? backupFrequency How often does the Organisation perform backups of business-critical data?* backupTypes At least 1 is required if backupFrequency answer is not NEVER. Allowable values and it's descriptions are,BACKUP_FREQUENCY_SEGMENTED - Segmented(either offline or air-gapped),BACKUP_FREQUENCY_CLOUD - In a cloud service that is secured by login credentials separate from the Computer System credentials and/or requires MFA),BACKUP_FREQUENCY_TESTED_ANNUALLY - Tested at least annually,BACKUP_FREQUENCY_OTHER - Other patchingFrequency How often does the Organisation apply updates to Computer Systems and applications when a patch is released?* vendorManagement Does the Organisation have a vendor management programme to ensure third parties' levels of security are commensurate with the Organisation's cybersecurity standard?* encryptionOnDevices Is encryption of sensitive information in place for the following? - On mobile devices contentReviewProcedure Are content review procedures conducted by a qualified legal adviser (e.g. solicitor) before information is published and/or disseminated to third parties by the Organisation? copyrightClearanceSearch Has the Organisation conducted copyright and trademark clearance searches for all trade and service marks that are or have been used by the Organisation? cyberEvent Has the Organisation sustained a Cyber Incident in the last five years? edr Is an EDR tool in place across the Organisation’s Computer System? encryptionAtRest Is encryption of sensitive information at rest in place? encryptionInTransit Is encryption of sensitive information in place for information in transit? encryptionOnDevices Is encryption of sensitive information in place on mobile devices? eolProducts Are any EOL products in use? isAuthenticatingFundTransferRequests Is there an established procedure to verify changes to funds transfer instructions using a predetermined phone number of the vendor? isPreventingUnauthorizedWireTransfers Does the Organisation prevent unauthorised employees from initiating wire transfers? isVerifyingBankAccounts Does the Organisation verify vendor/supplier bank accounts before adding them to their accounts payable systems? mfaAdminAccounts Is MFA deployed uniformly across all Admin/Privileged Accounts? mfaCloud Is MFA deployed uniformly across all accounts and logins for access to the cloud? mfaEmail Is MFA deployed uniformly across all accounts and logins for access to the email? mfaRemoteSystemAccess Is MFA deployed uniformly across all accounts and logins for access to the remote systems? mfaVendor Is MFA deployed uniformly across all accounts and logins for vendor access to computer systems? ngav Is Next Generation Antivirus in place across the Organisation’s Computer System? patchingFrequency How often does the Organisation apply updates to Computer Systems and applications when a patch is released? planBusinessContinuity Does the Organisation have the written Business Continuity plan, in place and tested at least annually, related to a potential interruption of their Computer Systems? planDisasterRecovery Does the Organisation have the written Disaster Recovery plan, in place and tested at least annually, related to a potential interruption of their Computer Systems? planIncidentResponse Does the Organisation have the written Incidence Response plan, in place and tested at least annually, related to a potential interruption of their Computer Systems? priorCoverage Does the Organisation have a current in-force Cyber insurance policy? priorOrPendingClaimCircumstances Is the Organisation or any person aware of any prior or pending circumstances that could lead to a claim under the proposed policy? privacyLitigation In the past five years, has the Organisation been subject to litigation resulting from a privacy incident? This includes regulatory and civil action. unscheduledSystemDowntime During the last three years, has the Organisation suffered loss of business income as a result of unscheduled system downtime? unscheduledSystemDowntimeComments Comments on unscheduledSystemDowntime vendorManagement Does the Organisation have a vendor management programme to ensure third parties' levels of security are commensurate with the Organisation's cybersecurity standard?
Send a Request a Quote request and include the accountID in the request.
This endpoint returns information associated with the quote (premium, fees, etc.) along with a list of available cyber coverages.
Note that all brokers are set up as agency billed.
Developer Tip: please introduce a minimum latency of 15 seconds before calling this endpoint.
Information associated with the quote will be returned in the following fields:
"premium": 1276.0, "brokerFee": 100.0, "additionalBrokerFee": 0.0, "mgaFee": 0.0, "totalPremium": 1376.0,
Cowbell also returns broker's commission in the commission field.
To check the status of a quote, please use the following 2 fields:
agencyStatus (shows status of a quote)
agencyDescription (provides details of a status; e.g., in case of a declination, this field will explain declination reason).
List of all possible quote statutes is listed here.
Brokers can also upload a quote if they want an underwriter to review a particular case even if it didn't refer. The process is described in more detail on this page.
Once quote is submitted to an underwriter, quote status under 'agencyStatus' field will switch to 'IN_REVIEW'.
API Partners can subscribe to webhook notices. Whenever quote status changes, Cowbell will trigger webhook notification. Detailed instruction on how to subscribe to webhook notices is available here.
To download the quote proposal, please use this endpoint. This endpoint will return the URL to download the quote proposal PDF.
If the effective date on a quote changes, you can get the latest premium by calling Get Latest Premium for a Quote endpoint.
Please note that Cowbell Policy Specimen endpoint is coming soon.