Top-Level Structure
Each response, whether successful or erroneous, includes arequestId field which can be used for tracing and support purposes. Response payloads are returned directly at the top level and are not wrapped in a data object.
Date Format
All date and timestamp fields are returned in ISO 8601 format:Identifier Format
All unique identifiers (e.g.,agencyId, agentId, policyId) are returned as MongoDB ObjectId strings:
Request Headers
Required Headers
| Header | Value | Description |
|---|---|---|
Content-Type | application/json | Required for POST/PUT/PATCH requests |
Authorization | Bearer <token> | OAuth JWT token |
Alternative Authentication
| Header | Value | Description |
|---|---|---|
x-restricted-access-token | <token> | Restricted access token (alternative to OAuth) |
Optional Headers
| Header | Value | Description |
|---|---|---|
idempotency-key | UUID v4 | For idempotent operations |
x-idempotency-key | UUID v4 | Alternative idempotency header |
Success Responses
Successful responses return the data directly with standard metadata:Error Responses
Error responses follow a standardized schema. For detailed information about error handling, refer to the Error Handling guide.HTTP Status Codes
| Code | Meaning |
|---|---|
200 | Success |
201 | Created |
400 | Bad Request - Invalid input |
401 | Unauthorized - Invalid or expired token |
403 | Forbidden - Insufficient permissions |
404 | Not Found - Resource doesnโt exist |
429 | Too Many Requests - Rate limit exceeded |
500 | Server Error - Internal error |