Getsafe - insurance to go and it's API

Getsafe is a mobile insurance company built on stateoftheart technology. All transactions (getting a price, buying a policy, filing a claim and many more) can be executed using its API. Getsafe currently offers
● Private Liability insurance (“Privathaftpflichtversicherung”)
● Legal insurance (“Rechtsschutzversicherung”)
● Personal injury insurance (“Unfallversicherung”)
● Dental insurance (“Zahnzusatzversicherung”)

For all those insurance products, data can be used to reward cautious or beneficial behaviour, e.g. data from riding a bike, booking a dentist appointment.
The API delivers the insurance policy instantly, while a topup/credit mechanism can be pinged to reward the user by adding credit to their
account. So instead of paying the full price, they get an effective discount from the topup credits. This allows hackers to reward “good” behaviour whenever the data from a 3rd party device/API suggests that the insured person did/does something good.

Goal

This document should give you a brief overview over the most important API endpoints of the Getsafe API and how it works.

Sources

1. OpenAPI Docs: https://nxtinsurance.
github.io/apidocs/
2. Postman Collection with example requests:
https://drive.google.com/file/d/1y4niM98kqGQbjxJ9Ensk2nvEaZifeCmH/vie
w?usp=sharing
3. Getsafe AdminPanel:
https://adminpanel.
gtsf.insure/users

API Principles

The Getsafe API is a RESTlike web API that consumes and renders JSON documents. Most of the endpoints require the client to authenticate as a user by a token that is returned after the signup or by logging in via email and password.

Headers

Always send ContentType: application/json and Accept: application/json
If the endpoint requires user authentication, send Authorization: Token token=”<some token>”
Whenever you call a “S2SEndpoint (identified by having /s2s/ in the path”), use the token: “HACKATHON_STUTTGART_2018

Introduction

There are three main steps required to get insured. The detailed API requests are part of the postman collection. Here’s a short overview.
First, a user profile has to be created. The API offers three sequential API calls to do this.
(1)Register a user by email. This returns the authentication token required for all subsequent steps.
(2)Update the user’s personal data.
(3)Add an address to the user’s profile.
Second, add a payment method connected to the user. This is required to charge the premiums. We currently support SEPA Direct Debit and Credit
Cards. However for prototyping and testing purposes SEPA Direct Debit works best with this entirely fictional testing account you can use:
IBAN: DE89370400440532013000
Now you can create a contract. You have to submit the insurance products including their configuration (such as a deductible) you want to be part of
it and a start date that must be in the future (tomorrow is enough).

After that, many other actions can be performed through the API, such as changing coverage of the contract, fetching contract documents, filing
claims and more.