Connectivity
Connectivity test can be performed using a tool like cURL, Telnet or Postman.
Using Telnet
Test the connectivity to Allianz API by performing the following in Telnet from each host that has been whitelisted:
telnet services.allianz.com.au 446
Note: The host and port are environment specific so will need to be Telnet accordingly. Refer to host and port list for each environment.
Using cURL
Construct the request and basic auth headers as follows:
1. Build a string of the form username:password
2. Base64 encode the string
3. Supply an "Authorization" header with content "Basic" followed by the encoded string. For example, the string "fred:fred" encodes to "ZnJlZDpmcmVk" in base64, so you would make the request as follows:
curl -v -X PUT -d '{}' -H "Authorization: Basic ZnJlZDpmcmVk" -H "Content-Type: application/json" https://services.allianz.com.au:446/MPG_AAL_SAF2_EXT/safireServices/rest/v1/policy/estimate/property
For Motor use the following:
https://services.allianz.com.au:446/MPG_AAL_SAF2_EXT/safireServices/res…
Note: You may need to additionally specify the path to your local trust store containing the Allianz certificate. See https://curl.haxx.se/docs/ssl certs.html for more information.
Service API Definition for Customer
Allianz provides API service definition in JSON and YAML format which can be converted to client-side code using tools available on web. Please refer to service definition for more details.
Sample API service definition and YAML are attached in the attachment sections.
Security Model
The following mechanisms are in place to secure the API:
1.Transport level encryption (HTTPS) will be used to encrypt data during transmission between the partner system system and Allianz system.
2. SOAP and REST over HTTPS will use SSL (x509 certs).
3. Hardware IP Firewall will restrict inbound comms to Allianz to a known list of trusted IPs.
Encryption
Transport level encryption (over HTTPS) will be used to encrypt data during transmission between the partner system and the Allianz Integration API.
HTTPS will use TLS (x509 certs). Allianz will provide these certificates to the partner prior to commencement of connectivity.
Authentication
Username and password credentials are partner system and environment specific. Allianz will provide these details prior to commencement of partner connectivity.
REST Request Header
The following custom HTTP headers are required to be added to each API invocation for traceability purposes. All fields are mandatory.
| Header Field | Type | Description | Example |
|---|---|---|---|
| MessageId | string | A UUID generated by the originating system. (Unique for every message). | "f960f054-2fb2-472d-bfc9-b561abac8d71" |
| CorrelationId | string | A UUID generated by the originating system. (Unique across a transaction). Can be the same as messageId if service invocation represents a whole business transaction. | "61debe47-b538-4a59-970a-66e967303fc8" |
| MessageDateTime | string | The date/time the message was created/sent in UTC. Format yyyy-MM-dd HH:mm:ss Z | “2017-03-20 16:28:19” |
| BusinessId | string | The primary identifier of the business transaction in the partner system e.g. Transaction number, Home Loan number, Finance application Number | “1234567890” |
| UserId | string | The business user performing the transaction in the partner system | “Test User Id” |
| ApplicationName | string | Used to identify the calling partner system. | “Test SYSTEM” |
| SystemVendorId | string | A code for the organisation. (logged). | “Test” |
| SystemVendorName | string | Name of the organisation. (logged). | “Test” |
| VendorProductName | string | The name of Organisation’s application. (logged). | “Test SYSTEM” |
| VendorProductVersion | string | Used for versioning and allows mapping differences without needing to change namespaces. | “1” |
REST Based Error Codes
Either when an error occurs or when a response is unsuccessful, the response header contains an HTTP code, and the response body usually contains:
• The HTTP response code,
• The message accompanying the HTTP response code,
• The field or object where the error occurred (if the response returns information about the error).
| HTTP Code | Description |
|---|---|
| 200 – Ok | OK success code |
| 201 - Created | Created success code |
| 204 - No content | No content success code for delete and patch requests |
| 300 – Multiple List | The value returned when an external ID exists in more than one record. The Response body contains list of matching records |
| 304 – Not Modified | This is the response code to an If-Modified-Since or If-None-Match header, where the URL has not been modified since the specified date. |
| 400 - Bad Request | The server did not understand the request. |
| 400 – Bad Request QUOTE_ESTIMATE_ADDR_DECLINE | Address is not rateable. |
| 400 - Bad Request INVALID_SUBURB_NAME | Suburb is not matched to postcode. |
| 400 - Bad Request INVALID_RISK_ADDRES | Returned harmony address postcode/suburb does not match to input postcode/suburb. |
| 400 - Bad Request INVALID_POSTAL_RISK_ADDRESS | Input address is a postal address. |
| 400 – Bad Request HARMONY_SERVICE_UNAVAILABLE | Harrmony service is down. |
| 401 – Unauthorized | The requested page needs a username and a password. |
| 403 - Forbidden | Access is forbidden to the requested page. |
| 404 - Not Found | The server cannot find the requested page. |
| 405 - Method Not Allowed | The method specified in the request is not allowed. |
| 409 - Not Acceptable | The server can only generate a response that is not accepted by the client. |
| 412 - Precondition Failed | The pre-condition given in the request evaluated to false by the server. |
| 414 - Request-URL Too Long | The server will not accept the request, because the URL is too long. Occurs when you convert a "post" request to a "get" request with a long query information. |
| 415 - Unsupported Media Type | The server will not accept the request, because the media type is not supported. |
| 500 - Internal Server Error | The request was not completed. The server met an unexpected condition. |
Applicable to Motor:
| HTTP Code | Description |
|---|---|
| 400 – DOB Missing / Not Included | We didn’t recognise the date of birth. Please check you’ve entered it and try again. |
| 400 – DOB is a future Date Eg. 21/3/2050 |
The date of birth can’t be in future. Please check and try again. |
| 400 - DOB less than 16 Years from today's date Eg. 21/3/2022 | We don’t insure people under 16 years old. Please make sure the policy holder will be at least 16 at the start of the policy. |
| 400 - Invalid DOB Eg. 21/13/1980 | We don’t recognise the date of birth. Please check you've entered it correctly and try again. |
| 400 - Registration invalid | We couldn’t find the vehicle registration. Please check it is correct and try again. |
| 400 - VIN invalid | We couldn’t find the vehicle VIN number. Please check it is correct and try again. |
| 400 - Redbook invalid | We couldn’t find the vehicle redbook code. Please check it is correct and try again. |
| 400 - Can't find vehicle details Vehicle details don't match (Condition, year, transmission, make, model, bodytype.) |
We couldn’t find the details of the vehicle. Please check the condition, year, make and model and try again. |
| 400 - Performance vehicle, can't provide an IQ Vehicle code is 'P'. |
Unfortunately we can't provide an indicative quote on this vehicle. You can complete a standard quote instead. |
| 400 - Uninsurable vehicle Eg. Commercial products, volkswaken Crafter, RAM, LDBs. Tonnage use. Vehicle code is 'D'. |
Unfortunately we can't provide an indicative quote on this vehicle. |
| 400 - Referral, can't provide an IQ Vehicle code is 'R'. |
Unfortunately we can't provide an indicative quote on this vehicle. You can complete a standard quote instead. |
Timeouts
A default timeout of two minutes is placed on synchronous calls. This value is configurable per service per environment.
SOAP Based Error Codes
| SOAP Error | Example |
|---|---|
|
B2B Processing Error If a system error occurs during processing (implying there is a coding bug or reference data is not synchronized) the response will be a SOAP-FAULT. Remediation: In this case the fault code can be used to direct the customer to the appropriate call centre/helpdesk. Specific error codes should be specified during system integration testing with the partner’s system. |
<NS1:Fault xmlns:NS1=http://schemas.xmlsoap.org/soap/envelope/> <faultcode>TBD</faultcode> <faultstring>More details here</faultactor> </NS1:Fault> |
|
B2B Processing Error If a system error occurs during processing (implying there is a coding bug or reference data is not synchronized) the response will be a SOAP-FAULT. Remediation: In the case of a SOAPFault, the "detail" is subject to change without notice. It is intended to be read by support staff. Specific error codes should be identified during system integration testing. |
<soapenv:Fault xmlns:NS1="http://schemas.xmlsoap.org/soap/envelope/"> <faultcode>TBD</faultcode> <faultstring>WMB_SocketException</faultstring> <detail>A Web Service request has detected a SOCKET error ..</detail> </soapenv:Fault> |
|
B2B Errors The intermediary ID field will be checked by the sales application. In the case of an error an invalid status code will be returned. Remediation: All other errors will take the form of "SOAP Faults" or potentially "HTTP Transport" errors. These errors should be handled as a general system failure requiring IT Support to resolve the issue. |
<ns2:MessageResult> <ns2:StatusCode>Invalid</ns2:StatusCode> <ns2:ExtendedStatus> <ns2:EntityId></ns2:EntityId> <ns2:EntityType>Intermediary</ns2:EntityType> <ns2:ElementPath>IntermediaryId</ns2:ElementPath> <ns2:StatusCode>INVALID</ns2:StatusCode> <ns2:MessageCode>REQUIRED</ns2:MessageCode> </ns2:ExtendedStatus> </ns2:MessageResult> |
|
Browser based - Login If a system error occurs during SSO login the browser will be redirected to a login failure page. Remediation: The user will need to exit the browser re-commence processing from their partner system. |
|
|
Browser based - Processing If a system error occurs during SSO login the browser will be redirected to an error page. Remediation: The user will need to exit the browser re-commence processing from their partner system. (“F5” or “Back” may also work). |
Environment URLs
Production
| API Name | URL |
|---|---|
| createPolicyEstimate | https://services.allianz.com.au:446/MPG_AAL_SAF2_EXT/safireServices/res…{product} |
| createPolicyEstimateAndEmailCustomer | https://services.allianz.com.au:446/MPG_AAL_SAF2_EXT/safireServices/res…{product}/emailcustomer |
| createPolicyEstimateSelfService | https://services.allianz.com.au:446/MPG_AAL_SAF2_EXT/safireServices/res…{product}/selfserve |
| getPolicySummary | https://services.allianz.com.au:446/MPG_AAL_SAF2_EXT/safireServices/res…{intermediaryId}&token={tokenised_ uuid} |
| PolicyLeadService | https://services.allianz.com.au:446/ WMB_GATEWAY_EXT/DP_GW/lead |
| PolicyLeadService | https://services.allianz.com.au:446/WAS_SAF2_EXT/safireServices/ws/Poli… |
| IncompleteQuoteService | https://services.allianz.com.au:446/WAS_SAF2_EXT/safireServices/ws/Poli… |
| getCertificateOfCurrency | https://services.allianz.com.au:446/MPG_AAL_SAF2_EXT/safireServices/res… |
(UAT) USER ACCEPTANCE TEST
| API Name | URL |
|---|---|
| createPolicyEstimate | https://testu1.services.allianz.com.au:446/MPG_AAL_SAF2_EXT/safireServi…{product} |
| createPolicyEstimateAndEmailCustomer | https://testu1.services.allianz.com.au:446/MPG_AAL_SAF2_EXT/safireServi…{product}/emailcustomer |
| createPolicyEstimateSelfService | https://testu1.services.allianz.com.au:446/MPG_AAL_SAF2_EXT/safireServi…{product}/selfserve |
| getPolicySummary | ttps://testu1.services.allianz.com.au:446/MPG_AAL_SAF2_EXT/safireServices/rest/v1/policy/summary?fi={intermediaryId}&token={tok enised_uuid} |
| PolicyLeadService | https://testu1.services.allianz.com.au:446/WMB_GATEWAY_EXT/DP_GW/lead |
| PolicyLeadService | https://testu1.services.allianz.com.au:446/WAS_SAF2_EXT/safireServices/… |
| IncompleteQuoteService | https://testu1.services.allianz.com.au:446/WAS_SAF2_EXT/safireServices/… |
| getCertificateOfCurrency | https://testu1.services.allianz.com.au:446/MPG_AAL_SAF2_EXT/safireServi… |
Reference Data Design
Note: Only code/abbreviation values in each lookup table within this section should be used in API request payload, e.g., title Father should be FAHR in request, street type Street should be ST in request etc.
Text
| Reference Data | Code | Description |
|---|---|---|
| Structure.BuildingStyleCode | H | |
| D | ||
| U | ||
| S | ||
| Structure.Construction.TypeCode | T | |
| V | ||
| Structure.Construction.TypeCode | Value passed should be a valid PAF/Australia Post value. | |
| Code | Example | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Structure.BuildingStyleCode |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Structure.Construction.TypeCode |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Structure.Roof.TypeCode |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Address.StateOrProvinceCode | Value passed should be a valid PAF/Australia Post value. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Address.PostalCode | Value passed should be a valid PAF/Australia Post value. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Address.CountryCode | Use "AUS" for Australia. Value passed should be a valid PAF/Australia Post value. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Address.LineOneDetails.AddressNumberCode | Value passed should be a valid PAF/Australia Post value. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Address.LineOneDetails.StreetTypeCode | Value passed should be a valid PAF/Australia Post value. Street type lookup the street type code lookup is from Australia Post that is available on url: https://auspost.com.au/content/dam/auspost_corp/media/documents/australia-post-data-guide.pdf | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Address.LineOneDetails.SubdwellingCode | Value passed should be a valid PAF/Australia Post value. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Address.LineOneDetails.SubdwellingLevel | Value passed should be a valid PAF/Australia Post value. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Person.PersonTitlePrefix |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Occupancy codes |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Tax Statuses |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Vehicle Business use codes |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Vehicle Finance codes |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Vehicle Garage codes |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Vehicle Commute frequency codes |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Glossary
| Term | Description |
|---|---|
| AAL | Allianz Australia Limited. |
| DPI | Distribution Point Identifier. |
| Estimate | Information that has been supplied by the customer (via the home loan process) are called facts. Facts are supplemented with Allianz assumptions to produce an estimate. The estimate is actioned by the consultant i.e., the consultant chooses to: • Complete the associated quote on behalf of the customer (if licensed to do so) OR • Refer the customer to the Allianz Contact Centre whereby the Allianz Consultant will contact to customer and complete the associated quote on behalf of the customer OR • Email a summary of the estimate to the customer which contains a link and a reference to the quote. The customer can then complete the quote. Also called as indicative quote, indicative price, policy estimate |
| FI | Financial Institute / Partner (e.g.: Bank ABC, Broker XYZ). |
| IQ | Indicative Quote a.k.a. Price Estimate. |
| Notification (Message) | A message between two systems where there is no response or only an acknowledgement response. (A-Synchronous processing). |
| Quote | The quote only contains information that has been confirmed by the customer i.e., facts. It does not contain any assumptions. The quote is completed by either the Customer or Consultant. Also called as full quote, real quote |
| Quote Summary | Summary information of the quote. Can be used to determine how the quote is progressing. The quote summary information does not include any information pertaining to the estimate. Also called as policy summary |
| Request (Message) | A message between two systems where there is response. This may be synchronous (block waiting) or a synchronous. |
