API Reference
Build on top of CoverGuard. Property risk, carrier availability, and quote workflows — REST + JSON over HTTPS, with a self-serve sandbox so you integrate without touching real money or real binds.
Fast
Sub-200ms p95 on read endpoints.
Secure
OAuth 2.0 bearer tokens, TLS 1.3.
Predictable
Resource-oriented URLs, stable JSON.
Quickstart
Self-serve sandbox
Create an account and generate a CG_TEST_* key from Settings → Developer. Test keys hit live data but never bind real policies or move money.
curl https://api.coverguard.io/v1/searches \
-H "Authorization: Bearer $CG_TEST_KEY" \
-H "Content-Type: application/json" \
-d '{ "address": "1247 Ridgeline Dr, Boulder, CO 80302" }'{
"id": "prop_8f2a...",
"insurability": { "score": 4, "scale": 10, "level": "HIGH",
"confidence": "MEDIUM", "asOf": "2026-06-16" },
"perils": { "flood": 8, "fire": 3, "wind": 6, "earthquake": 7, "crime": 6 },
"sources": ["FEMA NFHL", "USFS WUI", "USGS", "..."]
}Endpoints
/v1/searchesSubmit a property by address or coordinates and receive a risk + insurability report.
/v1/properties/:id/riskComposite risk profile: flood, fire, wind, earthquake, and crime sub-scores with provenance.
/v1/properties/:id/carriersCarriers currently writing coverage for this property, with appetite indicators and as-of timestamp.
/v1/quotes/:idStatus of a quote request and the carrier responses received so far.
Webhooks
Subscribe to events so your UI stays consistent with ours. Every delivery is signed, retried with exponential backoff for 24h, and carries an Idempotency-Key so you can safely de-duplicate.
| Event | Fires when |
|---|---|
score.updated | A property re-scores on new source data. |
quote.ready | A carrier returns a quote for a request. |
quote.expiring | A bindable quote is within 48h of expiry. |
policy.bound | A quote is bound into a policy. |
{
"id": "evt_3b1c...",
"type": "quote.ready",
"created": "2026-06-16T18:04:22Z",
"data": { "quoteId": "qt_77a...", "propertyId": "prop_8f2a...",
"carrier": "Example Mutual", "premium": { "amount": 5200,
"currency": "USD", "period": "year", "status": "estimate" } }
}Errors
Errors are designed copy you can surface to your own users. Each response includes a stable error.code, a human message, and where relevant an error.param.
| Status / code | Meaning | Remediation |
|---|---|---|
400 invalid_request | Malformed body or missing field. | Check the field named in `error.param`. |
401 unauthorized | Missing or invalid bearer token. | Send a valid key in the Authorization header. |
402 free_limit_reached | Free-tier capability cap hit. | Upgrade the account or use a paid key. |
404 not_found | No such property or quote. | Verify the resource id. |
429 rate_limited | Too many requests. | Back off; honor the `Retry-After` header. |
503 source_unavailable | An upstream data source is degraded. | Retry with backoff; partial data may be flagged low-confidence. |
Versioning & deprecation
- • The API is versioned in the path (
/v1). You pin a version and upgrade deliberately. - • No silent breaking changes. Deprecations follow: announce → migration guide → ≥6-month support window → remove.
- • Additive changes (new fields, new endpoints) can ship within a version; clients must ignore unknown fields.
Ready to integrate?
Generate sandbox keys in-app, or talk to us about production access and partner embeds.