Provide access to local business unit Policy Billing systems for current status of a payment API. Small Enterprise Tower (SME) application will allow underwriters to go through the underwriting process for new policies as well as renewals, the following API will allow the validation if the policy is waiting any payment before the final policy renewal.

How this can help you

Allow access to local business unit billing information for policies, allowing pre-checks to be used outside the local business unit, for example in global process validations.

How does it work

The Policy Payments Process API based on context information (Business Unit) will route the request to the relevant system on the Business Unit and return a common data model for policy payment status.

How do I get access

New applications wishing to use the service can request access via the API Exchange. As part of the request, you will be asked for a cost center and to select the service tier you require. Once the API Owner accepts your request you will be issued a Client ID and Secret which you can use to call the API. See Getting Start page for more information.

All our API’s are designed to be easy and fast to consume! You can play with them from day 0 through our built in mocking services (were you can explore our API's before any further engagement), but if you want the real deal go through our Terms and conditions and Pricing pages and get started without exiting this site.

Step 0. First time

If this is your first time using one of our API's we suggest to go through our SharePoint site page were you can find a lot of information, of the basic concepts used through this API page.

Step 1. Request API access

Yes, just click on the "Request Access" button in this page where you will need to:

1. Select the Environment you want to access (more details on our Environment page)
2. Select the right tier for your application, you can find more information on Pricing page and move to the next screen
3. "Select an existing client application" or "Create a new application" that will be allowed to call this api
4. Read the Terms & Conditions and check the box to accept them
   • Terms and conditions vary between API's, it is important take knowledge of this information to prevent any API misusage
   • Please read Terms and conditions page to know our global terms and this API specific terms
5. Access approval & account setup
   • All access requests are assessed and approved within 1 working day, during this phase you might be contacted for specific details (e.g. cost centre)

Step 2. Use the API

Once you client application gets approved, and you have your credentials, you can visit our Authentication page to understand which authentication mechanism should be used to interacting with our API.

You can use this API through your preferable wrapper, MuleSoft, Azure API, Java, Python... Just follow our API Run Flow to understand how to use it, or explore our API documentation to see in more detail our API documentation.

Step 3. Monitor your API

Monitorization of your API is also a key aspect to improve you API usage, our API's are actively monitored, please through our Support page to know more on our monitoring solution.

Step 4. Maintain your Application

We are always looking to improve our API's, this means that is also important for you to know how this API can evolve and how we manage it.

The Versioning page details which versioning model is being used, and how this can affect your dependent applications.

Step 5. Provide feedback and get support

Visit your Support page to know how to interact with us, but while you are here, feel free to use our Reviews section

Step 6. Decommissioning

Hope you are not thinking about it :) But if you must, simply delete your Application on "My Applications" page, and you will be unregistered from this API.

How am I charged?

To be DEFINED

When am I charged?

Charges will start 30 days after you commence using the API and you can cancel anytime during this period. Thereafter billing will occur monthly to the cost centre that you specify.

Our API is protected by Basic Auth: standard HTTP Authorization header with the authorization type to Basic

The user and password are governed through an Anypoint Platform enforced Client Id/Secret policy.

Client ID/Secret

Complete the pre-requisite steps on the Getting Started page to obtain API client credentials.

The Client Id/Secret is enforced using the Basic Authentication scheme. This requires the client_id and client_secret values are communicated using the standard HTTP Authorization header with the authorization type to Basic.

The format of the Authorization header is as follows:

Basic client_id:client_secret

In accordance with the Basic Authentication specification the client_id:client_secret value must be passed as base64-encoded string as shown below:

Basic Y2xpZW50X2lkOmNsaWVudF9zZWNyZXQ=

The API will return a 401 HTTP Status Code with code authentication_error in case of an invalid value or credential.

This API uses conventional HTTP response codes to indicate the success or failure of an API request:

• Codes in the 2xx range indicate success.
• Codes in the 4xx range indicate an error that failed given the information provided (e.g., a required field was omitted).
• Codes in the 5xx range indicate an error with the server.

The sections below explain in detail the HTTPS status codes returned by the API and the error response message returned to the user.

Error HTTP Status Code Summary

The table below contains all the possible HTTP status codes that the API returns, however, one should refer to each individual resource and method endpoint definition for specific details on the possible status codes returned.

Please refer to each individual resource and method endpoint definition for specific details on the possible status codes returned.

Error Response

Independently of the error scenario a common error structure will be returned, allowing consumers to manage error results through a common structure, below the specific attributes that compose this error message structure can be checked in more details.

Attributes

Error Response Payload Examples

{
  "code" : "RESOURCE_UPDATE_FAILED",
  "message" : "Cannot update User account groups",
  "correlationId": "3d9445ca-dd6c-4fe2-b93d-c23423f0d612",
  "causes": [
    {
      "code": FAILED_UPDATE_SECURITY_TYPE_DEFAULT,
      "message": "Failed to set security type to 1"
    }
  ]
}

Exchange: gto-p-policy-payments

Environments available.

This API is intended to support API development and operations lifecycle management functions. This API may be made available in the following environments:

By default we only publish the Mock and Production versions of the API for consumption because the underlying service is the same in all circumstances. Additional environments can be subscribed on special request.

URLs

This API is published to the following environments but may be made available in the following environments:

Please refer available APIs on Request Access section to view which deployments are available.

Additional environments are provided for development of the API but these should only be used in consultation with the API team.

The C4E is committed to continuously improving and expanding the developer experience provided to consumers of this template for Mule API/integration applications. The lifecycle of this template asset is managed using Semantic Versioning.

Where possible, the C4E team will make changes to the API but not change the version number because the changes are not considered to be backward compatible. Such changes can be any of the following:

• Addition of new resources
• Addition of new non-mandatory request parameters of attributes
• Addition of new data fields returned in the response
• Change in the order of data fields returned by the API

There might be some instances in which breaking enhancements need to happen. In such circumstances, a new version is released not to break compatibility. Such enhancements include:

• Inclusion or removal of mandatory parameters
• Restructuring of the API interface

Upon the release of a new version, applications can continue using the old version, allowing the consumer to assess the changes needed. Release notes with all the changes will be provided with every new version, describing all the changes in detail.

Upon upgrading, consumers are required to request access to the new major version of the API. Given the potential breaking changes, consumers are encouraged to perform regression testing against the new version before upgrading to the new API version in production.

Please refer to the API instances section to view which minor version is currently in use per environment and Decommissioning Process for more details on the version upgrade process.

Contact the C4E team or your local service desk for more information or support.

If you are already having a specific issue, maybe our Known Issues section may help you:

Known Issues

Nothing to report... Hooray!

API Minor / Patch / Implementation upgrade

As out Organization evolves, so do our API to keep supporting richer functionalities and keep up with business requirements, leading to API Specification changes that does not impact consumers.

As those changes are made available a specific process will be followed to allow consumers to be aware of the new functionalities but check if no side impact occurs on the consumer side, the process defined is:

Note: Hot-fixes are by nature an exception process, and will not follow the defined process (e.g.: emergency releases as experience during Log4J2 vulnerabilities). For those scenarios, a specific process will be followed.

API Major release / Decommissioning

A minor/patch upgrade version approach will be the preferable approach, although, in some scenarios that approach cannot be followed due to external factors as for example:

• Breaking changes on end systems due to system upgrade
• Change of API system provider leading to major data changes not compatible with current version
• New functionalities that forces additional data to be provided

As running parallel API versions requires additional Infrastructure and Support activities, older major releases will be decommissioned as per Terms of Service SLA, below is presented the high level process and flow in use to manage the overall decommissioning activities:

Note: For scenarios that due to external factors API co-existence cannot be met, an exception process will be shared with all API consumers to present the exception process and impact, in order to minize API Consumers impact.

For additional information please Contact the API Owner.

v1.0.0: Unreleased

Description: First release of the Policy Payments Process API

Features:

• Implementation of the following base paths:
  • /policy-payments/current-status: provide the latest status of payment instruction for a given Policy.

Known service limitations:

No limitation to report

In order to speed up your integration we prepared a curated Zurich Postman collection which you can found on Zurich Postman Enterprise - CC_API_Centre for Enablement.

If you are a Zurich employee / contractor and you don't have access, please visit Zurich Get Postman link, and take the oportunity to visit our C4E Postman Best Practices while your access is being aproved.

Configure your environment variables

As defined on the Postman Best practices, this is a shared Collection, which is already curated for initial use.

When using the provided collection, please ensure you create your own copy into your team workspace and don't update the collection.

Only current values in environment properties can be changed as presented below:

Run your postman collection

Once you have configured the environment variables feel free to invoke the available methods and retrieve the API details.

Any additional question please contact the C4E team

Global terms

1. Definitions

(a) “Terms”: refers to the API terms of use, i.e. this document.
(b) “API”: refers to the application programming interface offered by Zurich, which may include code, software libraries, software tools, sample source code, published specifications and documentation. API shall include any future, updated or otherwise modified versions.
(c) “API Content”: means information delivered through the API, subject to its appropriate license terms, as identified below, and includes portfolios, policies, claims and risk engineering information.
(d) “API Key”: means the code provided by Zurich that permits the Customer to access the API.
(e) “Documentation”: refers to the online user guides and/or help and training materials that Zurich provides regarding the use of the API.
(f) “Application”: refers to any software application, website, or product developed by the customer that interacts with the API.
(g) “Downtime”: means a period of time during which the API is unavailable and the Customer is unable to use all aspects of the service for which they have permissions. Downtime does not include the period of time when the API is not available because of:
a. a scheduled or announced maintenance outage
b. events or causes beyond Zurich’s control (e.g., natural disaster, internet outages, emergency
maintenance, etc.);
c. problems with Customer’s applications, equipment or data, or a third party’s applications,
equipment or data
d. Customer’s failure to adhere to required system configurations and supported platforms for
accessing the API, or
e. Zurich’s compliance with any designs, specifications or instructions that the Customer provides to Zurich or a third party provides to Zurich on the Customer’s behalf
(h) “Zurich”, “We”, “Our”: being the organization providing the service
(i) “Customer”, “You”, “Your”: being the owner of the application consuming the API service
(j) "Zurich Exchange": the portal that provides access to documentation and registration services related to Zurich APIs.

2. API description

The goal of the API is to provide an easy way for applications to use GTO Policy Payments Process API from cloud based services by enabling developers to create applications that integrate with a managed service account service through a global support contract, as described in the API documentation.

3. Agreement to the API terms

The API Terms describe Your rights and obligations as part of using the API. By accepting these Terms or by using the API , You are entering into an agreement regarding the access and use of the API. These Terms apply to the use of the API only and have to be accepted in addition to the Terms and Conditions of the Zurich Exchange. If You do not agree to these Terms you may not use the API.

If You are entering into these Terms on behalf of a company or other legal entity other than Zurich, You represent that You have the authority to bind such entity to these Terms. In that case, the terms “You” or “Your” shall also refer to such entity. If You do not have such authority, or if You do not agree with these Terms, You may not use the API.

Subject to these Terms, Zurich hereby grants the Customer a limited, non-exclusive, non-transferable license (without the right to sub-license) to use the API solely for the purpose of the Customer’s efforts to develop applications to work in conjunction with the Zurich products referenced in the API and for which the API was provided. The Customer shall have no right to distribute, license (whether or not through multiple tiers) or otherwise transfer the API to any third party or incorporate the API in any software, product, or technology.

4. Review of the terms

Zurich reserves the right to amend or modify the Terms at any time. Updates to the Terms will be notified to the Customer and communicated on the Zurich Exchange. The Terms will be under version control and the latest version will supersede the previous versions. You understand and agree that if You use the API after the date on which the Terms have changed, we will treat Your use as acceptance of the changed Terms. If a change is unacceptable to You, You may terminate the Terms by ceasing use of the API.

5. Registration and Access to the API

Zurich provides access to API Documentation and allows the Customer to register for the use of an API via the Zurich Exchange. Once the Customer subscribes to the API and accepts the Terms, a technical API user will be created and issued with a client ID and client secret. This user is not allowed to log in to other Zurich Services and has access to the API only. The client ID and secret are used to request an access token, which contains the scope for accessing the API. Every call to the API must contain the token to access the data.

You may only access the API with the credentials provided to You by Zurich. You will not disclose Your credentials to any person and will be responsible for ensuring they are kept secure. If You become aware of any unauthorized use of Your access credentials, You agree to notify Zurich immediately via the Service Desk. Zurich reserves the right to revoke Your API access should any aspect of the Terms be breached.

6. Changes to the API

All APIs which will be made available will be versioned. Zurich may introduce additional APIs and additional endpoints within these APIs and will endeavour to provide reasonable notice of any new API URLs. Zurich will try to ensure that future versions of the API are backwards compatible, but reserves the right to discontinue support for older versions if major modifications to an existing API URLs are applied. In such cases, this will be managed and communicated under the governance set out with the Change Management process.

7. Use of API

Use of the API is subject to information security policies and procedures of Zurich, which may be amended from time to time.

By using the API and acceptance of these terms, you assert that your use of and the API data is in compliance with your local data laws and Zurich's Security policy.

Your continued use of the API will constitute Your notice of, and agreement to, any amended policies and procedures. When using the API, You may not:

1. modify, obscure, reverse engineer, circumvent, or disable any element of the API or its access control features
2. disclose, share, or transfer Your access credentials to any third party
3. transmit any viruses, worms, defects, Trojan horses, or any other malware through Your Application or use of the API
4. use robots, spiders, crawlers, scraping or other similar technology to obtain any information beyond what Zurich provides to You under these Terms/
5. use the API in a manner that exceeds reasonable request volume, constitutes excessive or abusive usage or otherwise fails to comply or is inconsistent with any part of the Zurich API documentation.
6. infringe, misuse, or claim ownership of Zurich intellectual property or intellectual property rights therein
7. use it with an Application that is offensive, abusive, libelous, harassing, threatening, discriminatory, vulgar, pornographic, unethical, unlawful, or otherwise inappropriate as determined by Zurich in its sole discretion
8. assign or transfer Your rights or obligations under this Agreement

If We believe that You have attempted to exceed or circumvent these limitations, We may temporarily or permanently block Your ability to use the API.

8. Monitoring and Auditing

You agree that We may collect certain usage data and information related to Your use of our API and that We may use such usage data for any business purpose, internal or external, including providing enhancements to API, providing support, verifying Your compliance to these Terms or otherwise.

We may limit the number of API calls we permit You to make during any given period.

Zurich reserves the right to take actions (e.g. limiting number of calls or the amount of data returned by each call) necessary to ensure performance of the API is not impacted by limiting the access for persistent misuse of the API. Extreme cases may result in revoking the key for that user. Examples of misuse include, but are not limited to:

• An API is not being used as intended – for example a RESTful web service being invoked continuously for the same data set, i.e. invoking the API more than once in a half hour period for data that is only updated on a half hourly basis
• Unauthorized use of an API key (e.g. using another user’s key).
• Use of the API to send content that does not comply with Zurich's Security Policy.

9. Support

Zurich will provide API documentation with details on how to use the API services and the process required to access the service. Zurich will ensure that the API is functional and has no obligation to provide support beyond providing the API credentials, completing account registration and granting access.

Zurich will not provide formal client side technical assistance in API integration or GTO Policy Payments Process API configuration. Support details are provided in the Support section of the documentation and tickets can be raised via ServiceNow.

10. Service Level Agreement

The SLAs described here are not financially backed, i.e. no economic recompense will be offered for downtime exceeding the availability goals. For a calendar month, the Monthly Uptime Percentage goals are defined in the following table:

Monthly Uptime Percentage (excluding any maintenance windows)
Target 99.8%
Minimum 99.5%

The Monthly Uptime Percentage is calculated by subtracting from 100% the percentage of minutes during the month in which the API was not available. The SLA does not apply to any performance or availability issues:

• due to factors outside Zurich’s reasonable control
• resulted from Customer’s or third party hardware or software
• resulted from actions or inactions of Customer or third parties
• caused by Customer’s use of the API after Zurich advised Customer to modify its use of the API, if Customer did not modified its use as advised
• during beta and trial services (as determined by Zurich)

Changes to the SLAs will Zurich will provide at least 30 days’ notice for changes to the SLAs.

11. Term and Termination

The term will commence on the date upon which You agree to these Terms and will continue until terminated as set forth below.

You may stop using our APIs at any time with or without notice however charging will continue to apply to the next billing cycle. Further, if you want to terminate the Terms, you must provide Zurich with prior written notice and upon termination, cease your use of the applicable APIs.

Zurich may suspend or terminate the Customer’s use of the API at any time if we believe You have violated the API Terms.

Upon termination of these Terms, all rights and licenses granted to You will terminate immediately.

12. License fees and payment terms

Usage of the API is charged via an annual charge to your nominated cost centre. This charge will be applied 30 days after service commencement once the 30 day trial window has elapsed. If you notify Zurich GDP before the 30 day trial window has elapsed you can exit the service without charge. Zurich reserves the right to modify the fees for the future use of and/or continued access to the API in our sole discretion. We will provide at least 30 days' notice of any variation.

If you decide to terminate the service the service will remain available for you until the next annual cycle. Due to our need to pre-pay for the service we will not offer partial refunds.

If we do change the fee for use of the API or any tools and features, You do not have any obligation to continue to use Our resources.

13. Nondisclosure

You acknowledge and agree that Zurich considers the API access credentials and non-public information about the API and API Content disclosed to You to be confidential and proprietary information of Zurich (“Confidential Information”) which may not be disclosed to any third party, except contractors working on Your behalf who are subject to non-disclosure obligations that sufficiently protect such information, without the prior written consent of Zurich.