Getting Access

In order to access the API you will need to request access from your account manager. They will then provide you with your client id and client secret which you will require in order to generate a token to use to authenticate at the various endpoints.

Authentication

Authentication is provided using OAuth 2.0 with the client credentials workflow. Each of the endpoints requires a bearer token to be passed in the headers in order to grant access to the resource. The bearer token can be obtained from the token endpoint.

Environment	Token Endpoint	Audience
Staging	https://auth-stage.crawco.com/oauth/token	https://api.claimsmanagertest.crawco.co.uk
Live	https://auth.crawco.com/oauth/token	https://api.claimsmanager.crawco.co.uk

To obtain a token from the token endpoint, you will need to make a request as shown below (you will need to substitute the client_id and client_secret with the ones provided to you by your account manager.

curl --location --request POST 'https://auth-stage.crawco.com/oauth/token' \
--header 'Content-Type: application/json' \
--data-raw '{
    "client_id":"CPt28NGWp4pThixDeekAIZ1AjzRighwt" 
    "client_secret":"tMubQrsY1_TD3kA1tHI4WOJTJri9LoqiBFfkwg1Ceo-liKPACX_Kp-0ly4tu9xtR"
    "audience":"https://api.claimsmanagertest.crawco.co.uk"
    "grant_type":"client_credentials"
}'

Provided the details were correct, you will receive the following response which includes the access token. The expires_in property gives the time in seconds that the token is valid for. Once this period has elapsed a new token will need to be generated.

{
    "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IkE4VGs2OTBYUm83YzBWaW5VMnFMUyJ9.eyJpc3MiOiJodHRwczovL2Rldi1kanNlOXhjZS51cy5hdXRoMC5jb20vIiwic3ViIjoiQ1B0MjhOR1dwNHBUaGl4RGVla0FJWjFBanpSaWdod3RAY2xpZW50cyIsImF1ZCI6Imh0dHBzOi8vYXBpLmJlbnBvcnRlci5vcmciLCJpYXQiOjE2MzE2MTQ1MzksImV4cCI6MTYzMTcwMDkzOSwiYXpwIjoiQ1B0MjhOR1dwNHBUaGl4RGVla0FJWjFBanpSaWdod3QiLCJzY29wZSI6ImFkZDphdHRhY2htZW50cyIsImd0eSI6ImNsaWVudC1jcmVkZW50aWFscyIsInBlcm1pc3Npb25zIjpbImFkZDphdHRhY2htZW50cyJdfQ.VZZ5QJ5yPNqiL1AbnflUUEocYz65UsbnGkWgUJQEWpMPBUoh_hgJcWFQpq9iHvGBUf3bXw48KhqO9qSHiv1tdr5UkdX77P3xHlI4D6tu6dzOX-vQrqu_UuaQSkl-Y3NQU_Hl_jDD6OUNkazo5g7l7phrZZy7MhF3qkJR0Ze-dKOv6T8dlM3IdzzOaZnacc-r6vc1IYiQPhGI1kt-xRFp3WbnvNgx6WDhXiM32tBX7DdDKEFg9NBoKd4SwILta4Ef6ZDuMiFctcMw4BFwVGMnVdTsnhs28lnUHHYCQb1O4EEyA7wjg2pYZpg-Pk_MZjIxE9oZL4TYZeeG30mwBDk7ig",
    "expires_in": 86400,
    "token_type": "Bearer"
}

A valid access token must be sent with every request to the Claims Manager Api in an Authentication Header as shown below.

curl --location --request POST 'https://api.claimsmanagertest.crawco.co.uk/incidents' \
    --header 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IkE4VG s2OTBYUm83YzBWaW5VMnFMUyJ9.eyJpc3MiOiJodHRwczovL2Rldi1kanNlOXhjZS51cy5hdXRoMC5jb20vIiwic3ViIjoiQ1B0MjhOR1dwNHBUaGl4RGVla0FJWjFBanpSaWdod3RAY2xpZW50cyIsImF1ZCI6Imh0dHBzOi8vYXBpLmJlbnBvcnRlci5vcmciLCJpYXQiOjE2MzE2MTQ1MzksImV4cCI6MTYzMTcwMDkzOSwiYXpwIjoiQ1B0MjhOR1dwNHBUaGl4RGVla0FJWjFBanpSaWdod3QiLCJzY29wZSI6ImFkZDphdHRhY2htZW50cyIsImd0eSI6ImNsaWVudC1jcmVkZW50aWFscyIsInBlcm1pc3Npb25zIjpbImFkZDphdHRhY2htZW50cyJdfQ.VZZ5QJ5yPNqiL1AbnflUUEocYz65UsbnGkWgUJQEWpMPBUoh_hgJcWFQpq9iHvGBUf3bXw48KhqO9qSHiv1tdr5UkdX77P3xHlI4D6tu6dzOX-vQrqu_UuaQSkl-Y3NQU_Hl_jDD6OUNkazo5g7l7phrZZy7MhF3qkJR0Ze-dKOv6T8dlM3IdzzOaZnacc-r6vc1IYiQPhGI1kt-xRFp3WbnvNgx6WDhXiM32tBX7DdDKEFg9NBoKd4SwILta4Ef6ZDuMiFctcMw4BFwVGMnVdTsnhs28lnUHHYCQb1O4EEyA7wjg2pYZpg-Pk_MZjIxE9oZL4TYZeeG30mwBDk7ig'

Any calls to endpoints without a valid access token will be rejected with a status of 401 - Unauthorized. For brevity, all future examples will replace the actual token with the placeholder {access token}.

---