Authorization

InsureHero's REST API uses a secure authentication mechanism to protect your data. Authentication requires API keys, included in the header of each API request. These keys act as unique identifiers and secure tokens for authorizing requests.

As an organization committed to data security, it's crucial to handle API keys confidentially. Do not share them outside your organization or store them in publicly accessible areas like GitHub repositories or client-side code.

Step 1: Registration and Authentication

To begin integrating with Shield API Integrations, you must first register and authenticate on the platform. This registration provides you with a secure account through which you can manage API interactions and settings.

Step 2: Accessing Your API Key

Once logged in, you can access the API Key required for secure integration. To locate this key:

  1. Navigate to the Settings section, accessible through the aside menu on the platform’s interface.

  2. Within Settings, you will find your unique API Key, which authorizes API requests and ensures secure communication with Shield API Integrations.

Your API Key will be used to authenticate requests and securely transmit data to your external platform whenever a relevant update occurs in the database.

Access token

Get an access token to start using the Shield API

Authorize to use API

GET https://app.insurehero.io/api/shield/integrations/auth/authorize

You will need an authorization token to send requests to the integrations API.

Each token has a lifespan of 1 hour.

Headers

{
    data: string; // accessToken
}

Refresh access token

Each accessToken comes with a 1 hour lifespan. This means, you will need to check before each API call wether your accessToken is still valid.

  • If the token is still valid: We recommend at least 5 minutes remaining. If it is valid, continue making request.

  • If the token is expired or close to: We recommend if it has less than 5 minutes remaining or is already expired, then call the authorize endpoint to request a fresh accessToken.

Last updated