We’ll show you how to successfully call our REST and SOAP APIs with your own application.
We provide our API service definition in both JSON and YAML formats. These can be converted to client-side code using various online tools.
Get onboarded with us in four easy steps
- Choose the best integration model for your business
- Map your data to sample requests
- Test our APIs on a non-production endpoint
- Connect your customers with your whitelisted IP
Allianz APIs
You can use any combination of our APIs to meet your business needs. These options depend on how you plan to use each API. For example, you might want your customers to get a price estimate directly, or you may prefer it to be communicated via your sales team. Some people may also prefer an API that uses REST.
These APIs are divided into two categories: Price Estimate and other APIs. The Price Estimate APIs are purely focused on providing your customers with an indicative quote. The other API let you perform other tasks like referring a customer, purchasing a product, and retrieving a certificate of currency.
Price Estimate APIs
| Price Estimate – Assisted Formerly Indicative Quote POS |
Price Estimate – Send email Formerly Indicative Quote safety net |
Price Estimate – Self-Service Formerly Indicative quote Self Service |
Price Estimate – Get Summary Formerly Indicative Quote Get Summary |
Price Estimate – Get Rating Factors Formerly IQ Rating Factors API |
| REST-based | REST-based | REST-based | REST-based | REST-based |
| ✓ Home ✓ Landlord ✓ Motor ✗ Caravan and trailer |
✓ Home ✓ Landlord ✓ Motor ✗ Caravan and trailer |
✓ Home ✓ Landlord ✓ Motor ✗ Caravan and trailer |
✓ Home ✓ Landlord ✓ Motor ✗ Caravan and trailer |
✓ Home ✓ Landlord ✓ Motor ✗ Caravan and trailer |
| Provides instant insurance price estimates based on your existing customer data. | Delivers insurance quotes directly to customers during the loan approval or purchase journey. | Provides Insurance quotes directly to customers, via their internet banking. | Obtains details about previously provided estimates using a unique identifier. | Fetches the facts, assumptions and premium details of the price estimate. |
Other APIs
| Instant Lead Referral | Get Details – Assisted | Get Details – Self-Service | Get Certificate of Currency |
| Formally Spot and Refer | Formally Quote and Bind | Formally Internet Banking | |
| SOAP-based | SOAP-based | SOAP-based | SOAP-based |
| ✓ Home ✓ Landlord ✓ Motor ✓ Caravan and trailer |
✓ Home ✓ Landlord ✓ Motor ✓ Caravan and trailer |
✓ Home ✓ Landlord ✓ Motor ✓ Caravan and trailer |
✓ Home ✓ Landlord ✓ Motor ✗ Caravan and trailer |
| Helps push insurance sales to us. Leads are followed up by our team on your company’s behalf. | Helps your sales representatives purchase policies on behalf of your customers. | Provides Insurance quotes directly to customers visa internet banking. | Fetches your customer’s Certificate of Currency on their behalf. |
Connectivity test
You can check if you can connect to our API using tools like cURL, Telnet or Postman.
Using Telnet
To test connectivity with Telnet, do the following from each whitelisted host:
telnet services.allianz.com.au 446
The host and port might be different depending on the environment, so check the list for each specific environment.
Using cURL
Here’s how to set up a request with basic authorisation:
- Create a string in the format: username:password
- Convert the string to Base64
- Add an "Authorisation" header with "Basic" followed by the encoded string. For example, the string "fred:fred" becomes "ZnJlZDpmcmVk" in base64, so your request would look like this:
curl -v -X PUT -d '{}' -H "Authorization: Basic ZnJlZDpmcmVk" -H "Content-Type: application/json" https://services.allianz.com.au:446/MPG_AAL_SAF2_EXT/safireServices/rest/v1/policy/estimate/property
For motor-related requests, use this URL: https://services.allianz.com.au:446/MPG_AAL_SAF2_EXT/safireServices/rest/v1/policy/estimate/vehicle"
You might need to specify the path to your local trust store that contains the Allianz certificate. For more details, head to: https://curl.haxx.se/docs/ssl certs.html
Security model
We have several security measures in place for our API:
- We use HTTPS to encrypt data when it’s being sent between your system and ours
- Both SOAP and REST services will use SSL certificates over HTTPS for security
- A hardware IP Firewall will only allow communication from a list of trusted IPs.
Encryption
We use HTTPS to encrypt any data sent between your system and our API. This uses TLS (x509 certs) with SSL certificates. We’ll give you these certificates before you start connecting.
Transport level encryption (over HTTPS) will be used to encrypt data during transmission between the partner system and the Allianz Integration API. HTTPS will use TLS (x509 certs). Allianz will provide these certificates to the partner prior to commencement of connectivity.
Authentication
Username and password credentials are partner system and environment specific. Allianz will provide these details prior to commencement of partner connectivity.
REST request headers
The following custom HTTP headers need to be added to each API invocation for traceability purposes. All fields are mandatory.
| HTTP header | HTTP type | Description | Example |
|---|---|---|---|
| MessageId | String | A UUID generated by the originating system. This is unique for each message. | "45af579b-38f2-47c4-9894-42ece56a6702" |
| CorrelationId | String | A UUID generated by the originating system which is unique to each transaction. It can be the same as the MessageId string if the service call represents the entire business transaction. |
“349c81ed-c4a8-41c0-bdd9-66804b7b5c51" |
| X-Global-Transaction-ID | String | A UUID generated by the originating system which is unique for each transaction. This is the same as CorrelationId. | “349c81ed-c4a8-41c0-bdd9-66804b7b5c51” |
| MessageDateTime | String | The date and time the message was created or sent in UTC. Format: yyyy-MM-dd HH:mm:ss |
“2017-10-12 10:00:20 +1100” |
| BusinessId | String | The main identifier for the business transaction in your system. E.g. transaction numbers, home loan numbers and finance application numbers. |
“NUM123” |
| UserId | String | The business user performing the transaction in your system. | “BIZUSER123” |
| ApplicationName | String | Identifies your system when you call our API. | “PARTNERSYSTEMA” |
REST-based error codes
When there’s an error or the response is unsuccessful, you will receive an alert message with the following information:
- The HTTP response code
- A message explaining the error
- The field or object where the error occurred (if available)
| HTTP code for all products | Description |
|---|---|
| 200 – Ok | OK success code |
| 201 – Created | Created success code |
| 204 – No content | No content success code for delete and patch requests |
| 300 – Multiple list | The value returned when an external ID exists in more than one record. The Response body contains list of matching records |
| 304 – Not modified | This is the response code to an If-Modified-Since or IfNone-Match header, where the URL has not been modified since the specified date |
| 400 – Bad request | The server did not understand the request |
| 400 – Bad request QUOTE_ESTIMATE_ADDR_DECLINE |
Address is not rateable |
| 400 – Bad request INVALID_SUBURB_NAME |
Suburb is not matched to postcode |
| 400 – Bad request INVALID_RISK_ADDRESS |
Returned harmony address postcode/suburb does not match to input postcode/suburb |
| 400 – Bad request INVALID_POSTAL_RISK_ADDRESS |
Input address is a postal address |
| 400 – Bad request HARMONY_SERVICE_UNAVAILABLE |
Harmony service is down |
| 401 – Unauthorised | The requested page needs a username and a password |
| 403 – Forbidden | Access is forbidden to the requested page |
| 404 – Not found | The server cannot find the requested page |
| 405 – Method not allowed | The method specified in the request is not allowed |
| 409 – Not acceptable | The server can only generate a response that is not accepted by the client |
| 412 – Precondition failed | The pre-condition given in the request evaluated to false by the server |
| 414 – Request URL too long | The server will not accept the request, because the URL is too long. Occurs when you convert a "post" request to a "get" request with a long query information |
| 415 – Unsupported media type | The server will not accept the request, because the media type is not supported |
| 500 – Internal server error | The request was not completed. The server met an unexpected condition |
| HTTP codes for motor products | Description |
|---|---|
| 400 – DOB mission/not included | We didn’t recognise the date of birth. Please check you’ve entered it and try again |
| 400 – DOB is a future date E.g. 21/03/2050 |
The date of birth can’t be in future. Please check and try again. |
| 400 – DOB less than 16 years from today’s date E.g. 21/3/2022 |
We don’t insure people under 16 years old. Please make sure the policy holder will be at least 16 at the start of the policy. |
| 400 – Invalid DOB E.g. 21/13/1980 |
We don’t recognise the date of birth. Please check you've entered it correctly and try again. |
| 400 – Registration invalid | We couldn’t find the vehicle registration. Please check it is correct and try again. |
| 400 – VIN invalid | We couldn’t find the vehicle VIN. Please check it is correct and try again. |
| 400 – Redbook invalid | We couldn’t find the vehicle redbook code. Please check it is correct and try again. |
| 400 – Can’t find vehicle details Vehicle details don’t match |
We couldn’t find the details of the vehicle. Please check the condition, year, make and model and try again. |
| 400 – Performance vehicle, can’t provide an IQ Vehicle code is ‘P’ |
Unfortunately, we can't provide an indicative quote on this vehicle. You can complete a standard quote instead. |
| 400 – Uninsurable vehicle E.g. commercial products, Volkswagen Crafter, RAM, LDBs Tonnage use Vehicle code is ‘D’ |
Unfortunately, we can't provide an indicative quote on this vehicle. |
| 400 – Referral can’t provide an IQ Vehicle code is ‘R’ |
Unfortunately, we can't provide an indicative quote on this vehicle. You can complete a standard quote instead |
SOAP request headers
For traceability purposes, these custom SOAP headers need to be included in every API call. This means all fields are mandatory.
| SOAP Request header | SOAP type | Description | Example |
|---|---|---|---|
| MessageId | String | A UUID generated by the originating system. This is unique for every message. | “f960f054-2fb2-472d-bfc9-b561abac8d71" |
| CorrelationId | String | A UUID generated by the originating system which is unique to each transaction. It can be the same as the MessageId string if the service call represents the entire business transaction. |
“61debe47-b538-4a59-970a-66e967303fc8" |
| MessageDateTime | String | The date and time the message was created or sent in UTC. Format: yyyy-MM-dd HH:mm:ss |
“2017-03-20 16:28:19” |
| BusinessId | String | The main identifier for the business transaction in your system. E.g. transaction numbers, home loan numbers and finance application numbers. |
“1234567890” |
| UserId | String | The business user performing the transaction in your system. | “Test User Id” |
| ApplicationName | String | Identifies your system when you call our API. | “Test SYSTEM” |
| SystemVendorId | String | A code for your organisation which is logged in our system. | “Test” |
| SystemVendorName | String | The name of your organisation which is logged in our system. | “Test” |
| VendorProductName | String | The name of your application which is logged in our system | “Test SYSTEM” |
| VendorProductVersion | String | The version of your application. It lets us map changes without the need to modify namespaces. | “1” |
SOAP-based error codes
| Error type | How to fix it | Sample response |
|---|---|---|
| B2B Processing Error: If a system error occurs, implying there’s a coding bug or reference data is not synchronised, you’ll get a SOAP-FAULT response. |
Use the fault code to direct the customer to the appropriate call centre or helpdesk. Specific error codes should be defined when you conduct your system integration tests. | <NS1:Fault xmlns:NS1=http://schemas.xmlsoap.org/soap/envelope/> <faultcode>TBD</faultcode> <faultstring>More details here</faultactor> </NS1:Fault> |
| B2B Processing Error (alternative) If a system error occurs, implying there’s a coding bug or reference data is not synchronised, you’ll get a SOAP-FAULT response. |
In the case of a SOAP-FAULT, the "detail" section may change without notice. It’s for support staff and should be checked during integration testing. | <soapenv:Fault xmlns:NS1="http://schemas.xmlsoap.org/soap/envelope/"> <faultcode>TBD</faultcode> <faultstring>WMB_SocketException</faultstring> <detail>A Web Service request has detected a SOCKET error ...</detail> </soapenv:Fault> |
| B2B Error If there’s an invalid intermediary ID, the sales application will return an error status code. |
Other errors will result in SOAP faults or HTTP transport errors and will need IT support to resolve them. | <ns2:MessageResult> <ns2:StatusCode>Invalid</ns2:StatusCode> <ns2:ExtendedStatus> <ns2:EntityId></ns2:EntityId> <ns2:EntityType>Intermediary</ns2:EntityType> <ns2:ElementPath>IntermediaryId</ns2:ElementPath> <ns2:StatusCode>INVALID</ns2:StatusCode> <ns2:MessageCode>REQUIRED</ns2:MessageCode> </ns2:ExtendedStatus> </ns2:MessageResult> |
| Browser-based login error If there’s an error during the SSO login, the browser will redirect to a login failure page. |
You’ll need to exit the browser and restart the process from your system. | |
| Browser-based processing error If a system error occurs during the SSO login, the browser will redirect to an error page. |
You’ll need to exit the browser and restart the process from your partner system. You could also try pressing “F5” or “Back”. |
Environment URLs
Production
| API name | URL |
|---|---|
| createPolicyEstimate | https://services.allianz.com.au:446/MPG_AAL_SAF2_EXT/safireServices/res…{product} |
| createPolicyEstimateAndEmailCustomer | https://services.allianz.com.au:446/MPG_AAL_SAF2_EXT/safireServices/res…{product}/emailcustomer |
| createPolicyEstimateSelfService | https://services.allianz.com.au:446/MPG_AAL_SAF2_EXT/safireServices/res…{product}/selfserve |
| getPolicySummary | https://services.allianz.com.au:446/MPG_AAL_SAF2_EXT/safireServices/res…{intermediaryId}&token={tokenised_ uuid} |
| policyLeadService | https://services.allianz.com.au:446/ WMB_GATEWAY_EXT/DP_GW/lead |
| policyLeadService | https://services.allianz.com.au:446/WAS_SAF2_EXT/safireServices/ws/Poli… |
| incompleteQuoteService | https://services.allianz.com.au:446/WAS_SAF2_EXT/safireServices/ws/Poli… |
| getCertificateOfCurrency | https://services.allianz.com.au:446/MPG_AAL_SAF2_EXT/safireService s/rest/v1/policy/document?doctype=coc&policyid=163S360675CMP&p artnercode=TESTPARTNER |
User acceptance test
| API name | URL |
|---|---|
| createPolicyEstimate | https://testu1.services.allianz.com.au:446/MPG_AAL_SAF2_EXT/safireServi…{product} |
| createPolicyEstimateAndEmailCustomer | https://testu1.services.allianz.com.au:446/MPG_AAL_SAF2_EXT/safireServi…{product}/emailcustomer |
| createPolicyEstimateSelfService | https://testu1.services.allianz.com.au:446/MPG_AAL_SAF2_EXT/safireServi…{product}/selfserve |
| getPolicySummary | https://testu1.services.allianz.com.au:446/MPG_AAL_SAF2_EXT/safireServi…{intermediaryId}&token={tok enised_uuid} |
| policyLeadService | https://testu1.services.allianz.com.au:446/WMB_GATEWAY_EXT/DP_GW/le ad |
| policyLeadService | https://testu1.services.allianz.com.au:446/WAS_SAF2_EXT/safireServices/… |
| incompleteQuoteService | https://testu1.services.allianz.com.au:446/WAS_SAF2_EXT/safireServices/… |
| getCertificateOfCurrency | https://testu1.services.allianz.com.au:446/MPG_AAL_SAF2_EXT/safireServi… rcode=TESTPARTNER |
Reference data for Home products
Only the code values in the below tables should be used in API request payload. For example, the title ‘Father’ should be FAHR and the street type ‘Street’ should be ST in the request.
| Reference data | Code | Description |
|---|---|---|
| Structure.BuildingStyleCode (type of building) | H | House on slab/foundations |
| D | House on poles | |
| U | Flat/unit/apartment | |
| S | Terrace/semi | |
| T | Villa/town house | |
| V | Retirement village unit | |
| L | Holiday home | |
| R | Relocatable home | |
| G | Granny flat | |
| C | Caravan | |
| M | Mobile home | |
| N | Nursing home unit | |
| O | Other | |
| B | Under construction | |
| Structure.Construction.TypeCode (exterior walls) | D | Double brick |
| V | Brick veneer | |
| T | Timber/weatherboard | |
| E | Steel | |
| C | Concrete/hebel | |
| F | Fibro/Asbestos cement | |
| Z | Stone/sandstone | |
| P | Polystyrene | |
| M | Mud brick | |
| O | Other construction | |
| Structure.Roof.TypeCode (Roof type) | C | Concrete tiles |
| F | Fibro | |
| M | Metal/iron/colourbond | |
| S | Slate | |
| T | Tile | |
| P | Copper | |
| R | Tin | |
| O | Other | |
| I | Shingle | |
| H | Thatched | |
| Person.PersonTitlePrefix | MR | Mister – used for adult men |
| MRS | Missus – used for married women | |
| MISS | Used for unmarried women | |
| MS | A neutral title for women, regardless of marital status | |
| DR | Doctor – used for individual with a doctoral or medical degree | |
| ESTL | Estate of the late | |
| FAHR | Father | |
| HON | The honourable – used for judges, certain public officials, or members of legislature | |
| REV | Reverend – used for members of the clergy | |
| SIR | A title of knighthood in the UK, used before the first name of a knight | |
| SR | Senior – used to distinguish a father from his son when they have the same name | |
| Occupancy codes | Owner | An owner who resides in the property |
| Landlord | An owner who rents out their property to others | |
| Tenant | Someone who occupies a property from the landlord | |
| Boarder | A person who rents a room within a property | |
| Unoccupied | A property that is not currently being used or lived in by anyone | |
| residentialStatus (residential status) | O | Owner |
| R | Renter | |
| U | Other | |
| Tax statuses | Partial | Only needs to pay taxes for part of the year due to certain residency or income circumstances |
| Input | This typically refers to supplies that do not charge GST – like loans and bank fees | |
| Taxable | This is the status of income, transactions, or entities that are subject to taxation | |
| Boarder | A person who rents a room within a property | |
| Unoccupied | A property that is not currently being used or lived in by anyone | |
| employmentStatus (employment status) | FT | Full time |
| PT | Part time | |
| UN | Unemployed | |
| RT | Retired | |
| ST | Student | |
| SE | Self-employed | |
| HD | Home duties | |
| Address.StateOrProvinceCode | Value passed should be a valid PAF/Australia Post value. | |
| Address.PostalCode | Value passed should be a valid PAF/Australia Post value. | |
| Address.CountryCode | Use "AUS" for Australia. Value passed should be a valid PAF/Australia Post value. | |
| Address.LineOneDetails.AddressNumberCode | Value passed should be a valid PAF/Australia Post value. | |
| Address.LineOneDetails.StreetTypeCode | Value passed should be a valid PAF/Australia Post value. Street type lookup the street type code lookup is from Australia Post that is available on url: https://auspost.com.au/content/dam/auspostcorp/media/documents/australia-post-data-guide.pdf | |
| Address.LineOneDetails.SubdwellingCode | Value passed should be a valid PAF/Australia Post value. | |
| Address.LineOneDetails.SubdwellingLevel | Value passed should be a valid PAF/Australia Post value. | |
Reference data for Motor products
Only the code values in the below tables should be used in API request payload. For example, the garage code ‘Carport’ should be C and the finance code ‘Lease’ should be L in the request.
| Reference data | Code | Description |
|---|---|---|
| Vehicle business reference codes | 333 | Consulate vehicle |
| 328 | Couriers or delivery services | |
| 326 | Driving instructor/school | |
| 330 | Fast food delivery | |
| 335 | Hold flammable/dangerous goods | |
| 332 | Other | |
| 331 | Racing trials/sporting events | |
| 329 | Security patrol | |
| 327 | Taxi services | |
| 334 | Used as hearse or funeral car | |
| 325 | Vehicle is used for hire | |
| Vehicle finance codes | X | No finance |
| B | Bank loan (secured) | |
| O | Bill of sale | |
| C | Corporate hire purchase | |
| U | Credit union (secured) | |
| F | Finance Co (secured) | |
| H | Hire purchase | |
| E | Home equity loan | |
| L | Lease | |
| N | Novated lease | |
| P | Personal loan (secured) | |
| S | Personal loan (unsecured) | |
| Vehicle garage codes | C | Carport |
| D | Parked in driveway (off street) | |
| G | Garage | |
| S | Parked on street | |
| Vehicle community frequency codes | 1 | Up to 10,000km |
| 2 | 10,001 to 15,000km | |
| 3 | 15,001 to 20,000km | |
| 4 | 20,000 and above | |
| claimType (type of claim) | AN | Damage caused by an animal |
| AR | Fire (not arson) | |
| CO | Collision or damage – not at fault | |
| MD | Vandalism or arson | |
| SH | Storm or hail damage | |
| TA | Theft of accessories from car | |
| WD | Windscreen damage to a vehicle | |
| AF | Collision or damage – at fault | |
| DK | Parked damage – responsible party identified | |
| DU | Parked damage – responsible party unidentified | |
| TC | Theft of car | |
| code (vehicle use) | P | Private use |
| R | Ride share | |
| B | Business use |
Glossary
| AAL | Allianz Australia Limited. |
| cURL | A command-line tool and library used for transferring data within URLs. |
| DPI | Distribution Point Identifier. |
| Estimate |
The estimate is also called a price estimate, indicative quote, indicative price or policy estimate. The information provided by your customer (such as during the loan process) are called facts. These facts, along with Allianz assumptions, are used to create an estimate. Once they have the estimate, your sales consultant can choose to:
|
| FI | A financial Institute like a bank or mortgage broker. |
| IQ | Indicative Quote – this is how we previously referred to Price Estimate. |
| Json | JavaScript Object Notation – a lightweight, text-based format used to present structured data. |
| Notification (message) |
A message between two systems with either no response or just an acknowledgement. Also called asynchronous processing. |
| PE | Price Estimate (referred to as an indicative quote). |
| Postman | Lets you send various types of HTTP requests to test APIs. |
| Quote |
This contains confirmed information (facts) from the customer, with no assumptions. It can be completed by either the customer or consultant. It can also be called full quote or a real quote. |
| Quote summary |
This is the summary information of the quote and can be used to track how it’s progressing. It doesn’t include any estimate information. This can also be called a policy summary. |
| REST | An architectural style for designing networked applications. |
| Request (message) | A message between two systems where there is response. This can be synchronous (block waiting) or asynchronous. |
| Synchronous calls | An interaction where the caller waits for the callee to complete its operation before continuing. |
| SOAP | Simple Object Access Protocol API – a messaging protocol that lets applications communicate with each other. |
| SSL certificate | Secure Sockets Layer – this is a security protocol that creates an encrypted link between a web server and web browser. |
| SSO | Single sign-on – an authentication process that lets a user access multiple applications with a single set of login credentials. |
| Telnet | A network protocol that lets uses remotely access and manage devices or servers over a TCP/IP network. |
| TLS | Transport Layer Security. |
| UTC | Coordinated Universal Time – used globally as a reference for all time zones. |
| UUID | Universally Unique Identifier – used to identify information across systems. |
| VIN | Vehicle Identification Number – a unique 17-character code used to identify individual vehicles. It provides details like make, model and engine type. |
| Whitelist IP | This is a trusted IP address that has permission to interact with our APIs. |
| XML | eXtensible Markup Language – a markup language designed to store and transport data in a structured and readable format. |
| YAML | YAML Ain’t Markup Language – used to configure files and exchange data between systems. |
