Inspection Assignments API

Live · v1.0 REST API · Auth0 · JSON

Inspection Assignments API (Version 1.0) is a RESTful API for importing underwriter inspection assignments in bulk and querying the current status of any assignment by policy number. Built for integration with insurance and underwriting systems.

Overview

BASE /api/v1

Authentication: All requests must include a valid JWT Bearer token obtained via Auth0. See the Authentication section for full details.

Available Endpoints

Method	Path	Description
POST	/api/v1/assignments/import	Submit one or more inspection assignments for processing
GET	/api/v1/assignments/status	Check the current status of an assignment by policy number

💡 The import endpoint returns 202 Accepted — processing happens asynchronously. Use the status endpoint to poll for results after submission.

Get Started

Obtain an access token via Auth0 Client Credentials flow
POST your inspection payload to /api/v1/assignments/import
Handle the 202 Accepted response — processing is async
Poll /api/v1/assignments/status?policyNumber=... to check results

Authentication

All API requests must include a valid JWT Bearer token obtained through Auth0. The same Auth0 tenant is used as the main BootOG platform.

Auth0 Configuration

Parameter	Value
Authorization URL	`https://dev-p4p31vijvpe6x78q.us.auth0.com/authorize`
Token URL	`https://dev-p4p31vijvpe6x78q.us.auth0.com/oauth/token`
Grant Type	`client_credentials`
Required Scopes	`openid` `profile` `email` `offline_access`

Sending the Token

Include the Bearer token in the Authorization header on every request:

HTTP

POST /api/v1/assignments/import
Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...
Content-Type: application/json

Obtaining a Token (Client Credentials)

cURL

curl -X POST \
  https://dev-p4p31vijvpe6x78q.us.auth0.com/oauth/token \
  -H "Content-Type: application/json" \
  -d '{
    "client_id":     "YOUR_CLIENT_ID",
    "client_secret": "YOUR_CLIENT_SECRET",
    "audience":      "YOUR_API_AUDIENCE",
    "grant_type":    "client_credentials"
  }'

⚠️ Never embed client secrets in frontend code. For server-to-server integrations use the Client Credentials grant type only.

Quick Start

Get your first inspection assignment imported in under 5 minutes.

1

Obtain an access token

Use the Auth0 Client Credentials flow to get a JWT. See Authentication for full details.

2

Submit an inspection assignment

POST an array of inspection objects. Each must include policy number, type, inspection type, effective date, agent, mailing address, policy holder, and at least one location.

3

Handle the 202 Accepted response

A successful import returns 202 Accepted with no body. The server queues the assignment for async processing.

4

Poll for status

After a short delay, query the status endpoint with the policy number:

cURL

curl "/api/v1/assignments/status?policyNumber=POL-2024-00123" \
  -H "Authorization: Bearer YOUR_TOKEN"

Postman Collection

The quickest way to explore and test the API is with our official Postman collection. It includes pre-configured requests for both endpoints, example bodies, and environment variables for your token.

ℹ️ Get Postman — download from postman.com, then click the button below to import the collection instantly.

▶ Run in Postman

Manual Setup — Environment Variables

Variable	Example Value	Description
base_url	`/api/v1`	API base URL
auth0_domain	`dev-p4p31vijvpe6x78q.us.auth0.com`	Auth0 tenant domain
client_id	`YOUR_CLIENT_ID`	Auth0 application client ID
client_secret	`YOUR_SECRET`	Auth0 client secret (keep private!)
access_token	auto-set by pre-request script	JWT — populated automatically

Pre-Request Script (Auto Token Refresh)

Add this to your collection's Pre-request Script tab to automatically fetch and cache tokens:

JavaScript — Postman

const tokenExpiry = pm.environment.get('token_expiry');
const now = new Date().getTime();

if (!tokenExpiry || now > parseInt(tokenExpiry)) {
  pm.sendRequest({
    url: `https://${pm.environment.get('auth0_domain')}/oauth/token`,
    method: 'POST',
    header: { 'Content-Type': 'application/json' },
    body: {
      mode: 'raw',
      raw: JSON.stringify({
        client_id:     pm.environment.get('client_id'),
        client_secret: pm.environment.get('client_secret'),
        audience:      pm.environment.get('audience'),
        grant_type:    'client_credentials'
      })
    }
  }, (err, res) => {
    const { access_token, expires_in } = res.json();
    pm.environment.set('access_token', access_token);
    pm.environment.set('token_expiry', now + (expires_in * 1000));
  });
}

ℹ️ Set Authorization to Bearer Token and use {{access_token}} as the value in each request within the collection.

Errors & Status Codes

The API uses standard HTTP status codes. Both endpoints return plain HTTP status codes — check the code to determine the outcome. No structured error body is returned on failure.

Code	Meaning	When it occurs
202	Accepted	Assignment(s) queued successfully. Processing is async — poll `/status`.
200	OK	Status query succeeded. Body contains the `StatusResponse` object.
400	Bad Request	Request body is malformed, missing required fields, or fails validation.
401	Unauthorized	Missing or invalid JWT token. Re-authenticate via Auth0.
404	Not Found	No assignment found for the given `policyNumber` on the status endpoint.

⚠️ A 400 Bad Request on the import endpoint means no inspections were queued. Fix all validation errors and resubmit the complete payload.

Import Assignments

Submit one or more underwriter inspection assignments for asynchronous processing. Assignments are queued immediately and processed in the background.

POST /api/v1/assignments/import Batch import inspections ▾

Request Body

Content-Type: application/json

Field	Type	Required	Description
inspections	InspectionRequest[]	Required	Array of one or more inspection records to import

InspectionRequest Fields

Field	Type		Description
policyNumber	string	Required	Unique policy identifier
policyType	string	Required	Policy type code e.g. `HO3`, `DP3`
inspectionType	string	Required	Type of inspection e.g. `Interior`, `Exterior`
effectiveDate	datetime	Required	ISO 8601 policy effective date
agent	AgentRequest	Required	Agent / agency details
policyHolder	PolicyHolderRequest	Required	Policy holder contact info
mailing	MailingRequest	Required	Mailing address
locations	LocationRequest[]	Required	One or more inspection locations
isRush	boolean	Optional	Mark as rush/priority inspection
yearBuilt	integer	Optional	Year the property was built
squareFeet	integer	Optional	Total square footage
numberOfStories	integer	Optional	Number of stories
coverageA	number	Optional	Coverage A limit (dwelling)
notes	string	Optional	Free-text notes for the inspector

Responses

202Accepted — inspections queued. No response body. Poll /status for results.

400Bad Request — validation failure. No inspections were queued. Fix and resubmit.

401Unauthorized — missing or invalid JWT token.

Check Assignment Status

Query the current processing status of a previously imported inspection assignment using its policy number.

GET /api/v1/assignments/status Get status by policy number ▾

Query Parameters

Parameter	Type		Description
policyNumber	string	Optional	The policy number to look up. Omitting returns all accessible assignments.

Responses

200OK — returns a StatusResponse with a Data array of assignment records.

404Not Found — no assignment exists for the specified policy number.

401Unauthorized — missing or invalid JWT token.

ℹ️ The Data array shape is dynamic and may evolve. Always handle additional fields gracefully in your consumer code.

Recommended Polling Strategy

Since import is asynchronous, implement exponential back-off polling rather than tight loops:

JavaScript

async function pollStatus(policyNumber, maxAttempts = 10) {
  let delay = 2000; // start at 2 s
  for (let i = 0; i < maxAttempts; i++) {
    await new Promise(r => setTimeout(r, delay));
    const res = await fetch(
      `/api/v1/assignments/status?policyNumber=${policyNumber}`,
      { headers: { 'Authorization': `Bearer ${token}` } }
    );
    if (res.status === 200) return res.json();
    if (res.status !== 404) throw new Error(`Unexpected ${res.status}`);
    delay = Math.min(delay * 1.5, 30000); // cap at 30 s
  }
  throw new Error('Assignment not ready after max retries');
}

Schemas

Full field reference for all request and response models used by the Inspection Assignments API.

ImportAssignmentsRequest

inspectionsInspectionRequest[]required— array of inspections to import

InspectionRequest

policyNumberstringrequired— unique policy identifier

policyTypestringrequired— e.g. HO3, DP3

inspectionTypestringrequired— e.g. Interior, Exterior

effectiveDatestring (ISO 8601 datetime)required

agentAgentRequestrequired

policyHolderPolicyHolderRequestrequired

mailingMailingRequestrequired

locationsLocationRequest[]required— minimum 1 location

isRushboolean— priority flag

yearBuiltinteger

squareFeetinteger

numberOfStoriesinteger

coverageAnumber— dwelling coverage amount

notesstring | null— inspector notes

AgentRequest

AgentRequest — all fields optional

agentCodestring | null

agencyNamestring | null

contactNamestring | null

phonestring | null

addressstring | null

PolicyHolderRequest

PolicyHolderRequest — all fields optional

firstNamestring | null

lastNamestring | null

contactNamestring | null— preferred contact if different from insured

contactEmailstring | null

cellPhonestring | null

homePhonestring | null

workPhonestring | null

MailingRequest

MailingRequest — all fields optional

street1string | null

street2string | null

citystring | null

stateOrProvincestring | null

zipCodestring | null

LocationRequest

LocationRequest — all fields optional

locationNumberinteger— 1-based index

street1string | null

street2string | null

citystring | null

stateOrProvincestring | null

zipCodestring | null

countystring | null

subDivisionstring | null

unitstring | null

buildingDescriptionstring | null

constructionTypestring | null— e.g. Frame, Masonry

buildingLimitnumber— building coverage amount

businessPersonalPropertyLimitnumber— BPP coverage

StatusResponse

Dataany[] | null— array of assignment status records; shape may vary

🔒 Security Best Practices

Follow these guidelines to ensure a secure and reliable integration with the API.

To ensure secure integration:

Store your client_secret securely (never expose in frontend code)
Use HTTPS for all requests
Cache tokens and avoid unnecessary token requests
Rotate credentials periodically if required

⏱ Token Expiry

Tokens are valid for a limited time (e.g., 24 hours). You should refresh the token before it expires.

🚫 Common Mistakes to Avoid

Requesting a new token for every API call
Exposing credentials in client-side applications
Hardcoding tokens without refresh logic

📊 Rate Limiting & Monitoring

We monitor API usage to ensure system stability.

Excessive token requests or API abuse may result in:

Temporary blocking
Throttling