FirstCyber Quote Service
Service Snapshot
| Item | Sandbox | Production |
|---|---|---|
| Base URL | https://api-sandbox.k2cyber.co/quote/firstcyber | https://api.k2cyber.co/quote/firstcyber |
| Auth | OAuth 2.0 bearer token + Integration key header | OAuth 2.0 bearer token + Integration key header |
| Token URL | https://api-sandbox.k2cyber.co/auth/token | https://api.k2cyber.co/auth/token |
| Scope | quote | quote |
| Formats | JSON UTF-8 | JSON UTF-8 |
Credentials
Both client credentials and integration keys are generated via the Partner Portal. Use the client credentials flow with your client_id and client_secret to obtain bearer tokens. Tokens should be cached and refreshed before expiry. Integration keys should be attached in an x-integration-key header with every request.
Sandbox Environment
The sandbox environment is available for integration development and testing with isolated synthetic data. Start your integration in sandbox and validate thoroughly before moving to production.
Downloads
Download the API specification and Postman collection for integration development:
| Resource | Description |
|---|---|
| OpenAPI Spec (YAML) | OpenAPI 3.1 specification for code generation and API clients |
| Postman Collection | Pre-configured Postman collection with example requests |
Using the Postman Collection
- Import the collection into Postman
- Set the
base_urlvariable tohttps://api-sandbox.k2cyber.co/quote/firstcyber - Set the
access_tokenvariable with your OAuth token - Start testing endpoints immediately
Authentication
For each HTTP request to any K2 Cyber API endpoint:
- Generate a bearer token
bash
#Request...
curl -X POST https://api.k2cyber.co/auth/token \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "client_id=<CLIENT_ID>&client_secret=<CLIENT_SECRET>&grant_type=client_credentials&scope=quote"
#Response...
{
"access_token": "eyJhbGc...",
"token_type": "bearer",
"expires_in": 3600,
}- Make an API Request with an integration key and the "access_token"
bash
curl -X POST https://api.k2cyber.co/quote/firstcyber/submit \
-H "x-integration-key: <INTEGRATION-KEY>"
-H "Authorization: Bearer eyJhbGc..." \
-H "Content-Type: application/json" \
-d '{...}'See our Partner Portal section for infromation on how to obtain these credentials.
Submit Quote
Create a new bindable quote by submitting all required underwriting information.
Endpoint
POST /submitRequired Fields
| Field | Type | Description |
|---|---|---|
broker_email | string (email) | Broker's email address |
insured_name | string | Legal name of the insured entity |
insured_location | object | Physical address of insured |
claims | object | Prior claims history |
year_founded | number | Year company was founded |
effective_date | string (date) | Policy effective date (YYYY-MM-DD) |
revenue | number/string | Annual revenue |
naics | number | 6-digit NAICS code |
question_highrisk | boolean | High-risk operations flag |
agg_limit | number/string | Aggregate policy limit |
retention | number/string | Policy retention/deductible |
website | object | Website information |
insured_contact | object | Primary contact information |
High Risk Operations
If the insured derives revenue from any of the operations listed below then the High-risk operations flag should be "true":
- Pornography
- Gambling
- Cannabis
- Cryptocurrency or Blockchain Technology
- Debt Collection
- Professional Data Processing / Aggregation, Storage, or Hosting
- Digital Tracking or Surveillance Services
- Managed Service or Security Service Provider (MSP or MSSP)
- Cyber Security Products or Services
- Managed, Accountable Care, or Nursing Care
- Sale of Firearms and Ammunition
Address Object
json
{
"address_line1": "510 Meadowmont Village Circle #142",
"address_line2": "Suite 200",
"address_city": "Chapel Hill",
"address_state": "NC",
"address_zip": "27514"
}Claims Object
json
{
"claims_count": 1,
"claims_amount": 1000000
}Website Object
json
{
"has_website": true,
"domainName": "https://example.com"
}Contact Object
json
{
"first_name": "John",
"last_name": "Doe",
"email": "john.doe@example.com",
"phone": "123-456-7890",
"preferred_method": "Email"
}Response
Success (200)
json
{
"status": "approved",
"data": {
"created_at": "2025-10-14T12:00:00Z",
"quote_id": "123e4567-e89b-12d3-a456-426614174000",
"quote_status": "ready_to_bind",
"checkout_link": "https://checkout.k2cyber.co/...",
"product_details": {
"product_name": "FirstCyber Standard"
},
"policy_term": {
"premium_only": "5000.00",
"policy_fee": "$300.00",
"agg_limit": "1000000",
"retention": "2500",
"effective_date": "2025-11-01",
"expiration_date": "2026-11-01",
"include_tria": true,
"prior_acts": "None"
},
"personal_cyber": {
"premium": "500.00",
"count": 1,
"limit": "25000",
"retention": "250"
},
"coverage_details": {
"info_privacy_network_limit": "1000000",
"regulatory_limit": "1000000",
"pci_dss_limit": "100000",
"business_interruption_limit": "500000",
"vendor_bi_limit": "250000",
"cyber_extortion_limit": "500000",
"funds_transfer_limit": "100000",
"fraudulent_instruction_limit": "100000",
"invoice_manipulation_limit": "100000",
"media_liability_limit": "1000000",
"system_failure_limit": "500000",
"vendor_system_failure_limit": "250000",
"incident_response_limit": "50000",
"data_recovery_limit": "50000",
"utility_fraud_limit": "25000",
"business_interruption_restoration_period": 30,
"business_interruption_waiting_period": 8,
"vendor_bi_restoration_period": 30,
"vendor_bi_waiting_period": 8,
"vendor_system_failure_restoration_period": 30,
"vendor_system_failure_waiting_period": 8,
"system_failure_restoration_period": 30,
"system_failure_waiting_period": 8
}
}
}Declined (400)
json
{
"status": "declined",
"error": {
"message": "Risk does not meet underwriting guidelines"
}
}Error (400)
json
{
"status": "error",
"error": {
"message": "Validation error details"
}
}Create Bindable Quote
POST
/submit
Authorizations
OAUTH2_1
clientCredentials Flow
Token URL
"https://api-sandbox.k2cyber.co/auth/token"Scopes:
"quote"
APIKEY_1
TypeAPI Key (header: x-integration-key)
Request Body
application/json
JSON
{
"broker_email": "string",
"insured_name": "string",
"insured_location": {
"address_line1": "string",
"address_line2": "string",
"address_city": "string",
"address_state": "string",
"address_zip": "string"
},
"insured_taxid": "string",
"claims": {
"claims_count": 0,
"claims_amount": 0
},
"year_founded": 0,
"effective_date": "string",
"revenue": 0,
"naics": 0,
"question_highrisk": true,
"agg_limit": 0,
"retention": 0,
"website": {
"has_website": true,
"domainName": "string"
},
"insured_contact": {
"first_name": "string",
"last_name": "string",
"email": "string",
"phone": "string",
"preferred_method": "string"
}
}
Responses
POST /submit Positive response
application/json
JSON
{
"status": "approved",
"data": {
"created_at": "string",
"quote_id": "string",
"quote_status": "string",
"checkout_link": "string",
"product_details": {
"product_name": "string"
},
"policy_term": {
"premium_only": "string",
"policy_fee": "string",
"agg_limit": "string",
"retention": "string",
"effective_date": "string",
"expiration_date": "string",
"include_tria": true,
"prior_acts": "string"
},
"personal_cyber": {
"premium": "string",
"count": 0,
"limit": "string",
"retention": "string"
},
"coverage_details": {
"info_privacy_network_limit": "string",
"regulatory_limit": "string",
"pci_dss_limit": "string",
"business_interruption_limit": "string",
"vendor_bi_limit": "string",
"cyber_extortion_limit": "string",
"funds_transfer_limit": "string",
"fraudulent_instruction_limit": "string",
"invoice_manipulation_limit": "string",
"media_liability_limit": "string",
"system_failure_limit": "string",
"vendor_system_failure_limit": "string",
"incident_response_limit": "string",
"data_recovery_limit": "string",
"utility_fraud_limit": "string",
"business_interruption_restoration_period": 0,
"business_interruption_waiting_period": 0,
"vendor_bi_restoration_period": 0,
"vendor_bi_waiting_period": 0,
"vendor_system_failure_restoration_period": 0,
"vendor_system_failure_waiting_period": 0,
"system_failure_restoration_period": 0,
"system_failure_waiting_period": 0
}
}
}
Get Quote Status
Retrieve current status and details for an existing quote.
Endpoint
GET /status/{id}Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
id | UUID | Yes | Quote ID returned from submit endpoint |
Response
Returns the same structure as the submit response, with updated status and details.
Get Quote
GET
/status/{id}
Authorizations
OAUTH2_1
clientCredentials Flow
Token URL
"https://api-sandbox.k2cyber.co/auth/token"Scopes:
"quote"
APIKEY_1
TypeAPI Key (header: x-integration-key)
Parameters
Path Parameters
id*
GET /status/:id Parameter
Typestring
RequiredFormat
"uuid"Pattern
"^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}|00000000-0000-0000-0000-000000000000|ffffffff-ffff-ffff-ffff-ffffffffffff)$"Responses
GET /status/:id Positive response
application/json
JSON
{
"status": "success",
"data": {
"created_at": "string",
"quote_id": "string",
"quote_status": "string",
"checkout_link": "string",
"product_details": {
"product_name": "string"
},
"policy_term": {
"premium_only": "string",
"policy_fee": "string",
"agg_limit": "string",
"retention": "string",
"effective_date": "string",
"expiration_date": "string",
"include_tria": true,
"prior_acts": "string"
},
"personal_cyber": {
"premium": "string",
"count": 0,
"limit": "string",
"retention": "string"
},
"coverage_details": {
"info_privacy_network_limit": "string",
"regulatory_limit": "string",
"pci_dss_limit": "string",
"business_interruption_limit": "string",
"vendor_bi_limit": "string",
"cyber_extortion_limit": "string",
"funds_transfer_limit": "string",
"fraudulent_instruction_limit": "string",
"invoice_manipulation_limit": "string",
"media_liability_limit": "string",
"system_failure_limit": "string",
"vendor_system_failure_limit": "string",
"incident_response_limit": "string",
"data_recovery_limit": "string",
"utility_fraud_limit": "string",
"business_interruption_restoration_period": 0,
"business_interruption_waiting_period": 0,
"vendor_bi_restoration_period": 0,
"vendor_bi_waiting_period": 0,
"vendor_system_failure_restoration_period": 0,
"vendor_system_failure_waiting_period": 0,
"system_failure_restoration_period": 0,
"system_failure_waiting_period": 0
}
}
}
Quote Status Values
The quote_status field indicates the current state of a quote in the processing workflow:
| Status | Description |
|---|---|
pending | Quote is being processed or awaiting review |
approved_rate | Quote has been approved with a rate, but broker is not onbaorded to K2 Cyber |
ready_to_bind | Quote is ready to be bound |
bound | Quote has been bound |
issued | Policy has been successfully issued |
declined | Quote was declined by underwriting |
underwriter_review | Quote requires manual underwriter review |
failed | Quote processing failed due to an error |
Status Flow: For straight-through processing, quotes follow this progression:
pending → ready_to_bind → bound → issuedGet Quote Preview Document
Retrieve the quote preview document as a PDF byte stream.
Endpoint
GET /document/quote-preview/stream/{id}Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
id | UUID | Yes | Quote ID returned from submit endpoint |
Response
Success (200)
Returns the quote preview document as a PDF byte stream with Content-Type: application/pdf.
Error (400)
Returns a plain text error message with Content-Type: text/plain.
Error message describing what went wrongGet Quote Preview Document as Byte Stream
GET
/document/quote-preview/stream/{id}
Authorizations
OAUTH2_1
clientCredentials Flow
Token URL
"https://api-sandbox.k2cyber.co/auth/token"Scopes:
"quote"
APIKEY_1
TypeAPI Key (header: x-integration-key)
Parameters
Path Parameters
id*
GET /document/quote-preview/stream/:id Parameter
Typestring
RequiredFormat
"uuid"Pattern
"^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}|00000000-0000-0000-0000-000000000000|ffffffff-ffff-ffff-ffff-ffffffffffff)$"Responses
GET /document/quote-preview/stream/:id Positive response
application/pdf
JSON
"string"
Update Quote
Update contact information for a quote before binding.
Endpoint
PUT /update/{id}Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
id | UUID | Yes | Quote ID to update |
Request Body
All fields are optional:
json
{
"insured_contact": {
"first_name": "Jane",
"last_name": "Smith",
"email": "jane.smith@example.com",
"phone": "123-456-7890",
"preferred_method": "Email"
},
"it_manager_same": false,
"it_manager_contact": {
"first_name": "Bob",
"last_name": "Johnson",
"email": "bob.johnson@example.com",
"title": "IT Manager"
}
}Response
json
{
"status": "success",
"data": {
"id": "123e4567-e89b-12d3-a456-426614174000",
"status": "pending"
}
}Update Quote before bind
PUT
/update/{id}
Authorizations
OAUTH2_1
clientCredentials Flow
Token URL
"https://api-sandbox.k2cyber.co/auth/token"Scopes:
"quote"
APIKEY_1
TypeAPI Key (header: x-integration-key)
Parameters
Path Parameters
id*
PUT /update/:id Parameter
Typestring
RequiredFormat
"uuid"Pattern
"^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}|00000000-0000-0000-0000-000000000000|ffffffff-ffff-ffff-ffff-ffffffffffff)$"Request Body
application/json
JSON
{
"insured_contact": {
"first_name": "string",
"last_name": "string",
"email": "string",
"phone": "string",
"preferred_method": "string"
},
"it_manager_same": true,
"it_manager_contact": {
"first_name": "string",
"last_name": "string",
"email": "string",
"title": "string"
}
}
Responses
PUT /update/:id Positive response
application/json
JSON
{
"status": "success",
"data": {
"id": "string",
"status": "string"
}
}
Bind Quote
Finalize a quote and issue the policy.
Endpoint
PUT /bind/{id}Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
id | UUID | Yes | Quote ID to bind |
Request Body
Empty object (no additional data required):
json
{}Response
Success (202 Accepted)
json
{
"status": "accepted",
"data": {
"id": "123e4567-e89b-12d3-a456-426614174000"
}
}The bind operation is processed asynchronously. The response returns immediately with a 202 Accepted status and the quote ID. A policy.created event will be emitted with the policy ID once the bind operation completes. See the webhook documentation for more details on this event.
Bind & Issue Quote
PUT
/bind/{id}
Authorizations
OAUTH2_1
clientCredentials Flow
Token URL
"https://api-sandbox.k2cyber.co/auth/token"Scopes:
"quote"
APIKEY_1
TypeAPI Key (header: x-integration-key)
Parameters
Path Parameters
id*
PUT /bind/:id Parameter
Typestring
RequiredFormat
"uuid"Pattern
"^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}|00000000-0000-0000-0000-000000000000|ffffffff-ffff-ffff-ffff-ffffffffffff)$"Request Body
application/json
JSON
{
}
Responses
PUT /bind/:id Positive response
application/json
JSON
{
"status": "accepted",
"data": {
"id": "string"
}
}
Get Policy Document
Retrieve the policy document as a PDF byte stream. Policy Documents are available once a quote is in an 'issued' status.
Endpoint
GET /document/policy/stream/{id}Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
id | UUID | Yes | Quote ID returned from submit endpoint |
Response
Success (200)
Returns the policy document as a PDF byte stream with Content-Type: application/pdf.
Error (400)
Returns a plain text error message with Content-Type: text/plain.
Error message describing what went wrongGet Policy Document as Byte Stream
GET
/document/policy/stream/{id}
Authorizations
OAUTH2_1
clientCredentials Flow
Token URL
"https://api-sandbox.k2cyber.co/auth/token"Scopes:
"quote"
APIKEY_1
TypeAPI Key (header: x-integration-key)
Parameters
Path Parameters
id*
GET /document/policy/stream/:id Parameter
Typestring
RequiredFormat
"uuid"Pattern
"^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}|00000000-0000-0000-0000-000000000000|ffffffff-ffff-ffff-ffff-ffffffffffff)$"Responses
GET /document/policy/stream/:id Positive response
application/pdf
JSON
"string"
Error Handling
HTTP Status Codes
| Code | Meaning |
|---|---|
| 200 | Success |
| 202 | Accepted - request accepted for asynchronous processing (bind endpoint) |
| 400 | Bad Request - validation error or declined quote |
| 401 | Unauthorized - invalid or expired token |
| 404 | Not Found - quote ID doesn't exist |
| 500 | Internal Server Error |
Error Response Format
json
{
"status": "error",
"error": {
"message": "Detailed error message"
}
}Declined Quote Format
json
{
"status": "declined",
"error": {
"message": "Reason for decline"
}
}Best Practices
Token Management
- Cache tokens and reuse until near expiry
- Implement token refresh logic before expiration
- Store tokens securely (never in client-side code or logs)
Error Handling
- Implement exponential backoff for 5xx errors
- Log all error responses with quote IDs for troubleshooting
- Handle both
erroranddeclinedstatus appropriately in your UI
Status Polling
- Poll
/status/{id}endpoint to check quote processing status - Use reasonable polling intervals (e.g., every 2-3 seconds)
- Stop polling once status is
ready_to_bind,approved_rateunderwriter_review, orfailed - Status flow:
pending→ready_to_bind→bound→issued
Validation
- Validate email formats before submission
- Ensure NAICS codes are 6 digits
- Format dates as YYYY-MM-DD
- Use proper EIN format for tax IDs
Integration Checklist
- [ ] Obtain OAuth credentials from Partner Portal
- [ ] Implement token acquisition and refresh logic
- [ ] Test submit endpoint with sample data
- [ ] Implement status polling for async quote processing
- [ ] Handle declined quotes gracefully
- [ ] Test update endpoint for contact changes
- [ ] Test bind endpoint for policy issuance
- [ ] Implement proper error logging with quote IDs
- [ ] Complete integration testing before production deployment
Support
For technical support or questions about the FirstCyber Quote Service:
- Email: ray@k2cyber.ai
- Include the
quote_idand timestamp in all support requests