Integrate CoverGuard into your own systems with API keys and webhooks — pull insurability data and push events straight into your stack.
Who this is for: Developers and partners on a Team plan. Where: Sys Admin → Developer (/developer), inside the Sys Admin sub-nav. Public reference: /api-reference; machine spec at GET /api/v1/openapi.json (OpenAPI 3.1).
Create an API key
- Go to Sys Admin → Developer.
- Click Create key. The raw key is shown once — copy it now; CoverGuard only
stores a hash + a display prefix, so it can't show it again.
- Use it as a bearer credential against the
/api/v1surface.
Rotate a key (revoke + reissue with the same config) or revoke it anytime.
Three gates every key must pass on each call
- Paying — key creation is Team-tier-gated, and every call re-checks the owner's live
entitlement (a lapsed/downgraded account → 403 SUBSCRIPTION_INACTIVE).
- Approved — a super-admin can require approval; an unapproved key gets
403 KEY_NOT_APPROVED. (New keys auto-approve unless approval is required.)
- Scoped — a call outside the key's scopes gets
403 FORBIDDEN_SCOPE.
Keys carry a per-key rate limit and monthly quota; responses include RateLimit-* / Retry-After headers.
What you can call (v1 surface)
GET /api/v1/me— introspect the calling key.GET /api/v1/properties/:id/insurability— insurability assessment.POST /api/v1/quote-requests/:id/status— report a quote-request status update
(carrier/broker ingestion; forward-only state machine; needs quotes:write).
GET/POST/PATCH/DELETE /api/v1/team/members— pull/push your company's members (3rd-party
user sync); every change emits a team.member.* webhook.
Full contract: the OpenAPI spec at /api/v1/openapi.json.
Webhooks
- In Developer, register an HTTPS endpoint — the **signing secret is returned
once**; store it.
- CoverGuard delivers events HMAC-SHA256 signed; verify the signature on your side.
- Filter by event type, toggle active, and review the per-endpoint delivery log (with
retries).
Domain events you can receive include quote/lead/subscription/team events (e.g. lead.captured, team.member.invited, subscription.payment_failed).
Troubleshooting
- Developer tab is locked → API access is Team-tier. See
- `403 KEY_NOT_APPROVED` → an admin must approve the key.
- `403 SUBSCRIPTION_INACTIVE` → the owning account lapsed/downgraded below Team.
- `403 FORBIDDEN_SCOPE` → the key lacks the scope for that call.
- `429` / `Retry-After` → you hit the key's rate limit or monthly quota; back off.
- Webhook not delivered → check the delivery log + retries and that your endpoint is
HTTPS and returns 2xx. See Integrations & API.
Do this next
Create your first API key, introspect it with GET /api/v1/me, then register an HTTPS webhook so events reach your systems. Full contract: /api-reference.
- Integrations (Integration Hub) — no-code sync as an alternative
- Teams, seats & billing — the Team tier the API needs
- Integrations & API troubleshooting