Internal Service · REST & OData · OpenAPI 3.0

Null Reference
Internal Service API

The backbone of Momentum AMP's internal infrastructure. This API powers system-to-system communication between platform components — handling data access, business logic, and cross-service orchestration.

Explore API Reference → Integration Guide
200+
REST Endpoints
70+
OData Entities
40+
Service Domains
JWT
Authentication
Core Services

Platform Infrastructure at a Glance

This API provides the internal data layer and business logic consumed by the Momentum AMP frontend, public API, and background services.

📋

Policy & Quote Engine

Full policy lifecycle management including endorsements, cancellations, renewals, coverages, detail records, and multi-line quote processing.

👥

Insured & Customer Data

CRUD operations for insureds, prospects, customers, contacts, custom fields, tags, and linked insured relationships. Bulk import support.

📁

Claims Processing

Handle auto, property, workers' comp, general liability, medical, and other claim types. Full claim lifecycle from FNOL to resolution.

📜

Certificates & COI

Issue, manage, and track Certificates of Insurance. Certificate holder management, master certificates, and automated distribution workflows.

💳

Payments & Receipts

Receipt processing, payment link generation, Stripe integration for product purchases, endorsement fees, and financial transaction tracking.

📤

File Storage

AWS S3-backed file management for insured, policy, note, and opportunity attachments. Folder management and direct URL access.

📱

SMS & Messaging

Twilio-powered SMS messaging with subscription management, inbound message webhooks, mass messaging, and MMS file handling.

🔗

Integrations Hub

Zapier automation, RabbitMQ message queues, webhook management, RabbitSign e-signatures, IVANS, and third-party carrier integrations.

🔧

Platform Services

User management, agency configuration, API key provisioning, health checks, activity logging, custom panels, and ACORD form generation.

API Domains

Organized by Service Domain

Endpoints are grouped into logical domains covering every core function of the platform backend.

🔑

Authentication

Token, Refresh, API Keys
👥

Insureds & Customers

CRUD, Search, Import, Details
📋

Policies & Quotes

Lifecycle, Endorsements, Coverages
📁

Claims

Auto, Property, WC, GL, Medical
🚗

Vehicles & Drivers

Fleet, Equipment, Watercraft
🏠

Properties & Buildings

Accord 80, Flood, HOA Units
📜

Certificates

COI, Holders, Master Certs
💳

Payments & Receipts

Stripe, Payment Links, Fees
📱

SMS & Messaging

Send, Subscribe, MMS Files
📂

Files & Documents

Upload, Folders, ACORD Forms

Tasks & Notes

Create, Update, Dispositions
🏢

Agents & Agencies

Management, KPI, Locations
📊

Service Requests

Driver, Vehicle, Address, COI
📈

Endorsements

Fees, Commissions, Payables
🔄

Data Import

Bulk Import, Quinstreet, H2Quoter
⚙️

Configuration

Custom Fields, Panels, Tags
Integration Guide

Connecting Internal Services

All internal services authenticate via JWT tokens. Obtain a token using service credentials, then include it in the Authorization header for all subsequent requests.

  1. 1 Service credentials — Use the service account credentials assigned to your component
  2. 2 Request a token — POST to api/token with credentials
  3. 3 Make API calls — Include the JWT in the Authorization: Bearer header
  4. 4 Handle token expiry — Refresh tokens before they expire to avoid service interruptions
internal-auth.sh 
# Step 1: Obtain a service token
curl -X POST http://null-ref-api:55455/api/token \
  -H "Content-Type: application/json" \
  -d '{
    "userName": "service-account@internal",
    "password": "service-credentials"
  }'

# Response:
# {
#   "token": "eyJhbGciOiJIUzI1NiIs...",
#   "refreshToken": "dGhpcyBpcyBh..."
# }

# Step 2: Call internal endpoints
curl -X POST http://null-ref-api:55455/api/Insured/Search \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..." \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Acme Corp",
    "paging": { "pageNumber": 1, "pageSize": 25 }
  }'
Security

Internal Authentication

JWT-based authentication secures all internal API communications between platform services.

Service Auth

Service-to-Service

Backend services authenticate using dedicated service accounts. Tokens are validated against issuer, audience, and signing key.

Token Lifecycle

Refresh & Rotation

Access tokens have limited lifetimes. Use refresh tokens to maintain sessions without re-authentication. Zero clock skew enforcement.

Rate Limiting

Request Throttling

Default: 100 req/min per IP. Specialized limits for high-traffic endpoints (InsuredList, PolicyList: 25 req/min). Prevents cascade failures.

Data Access Layer

OData v4 Query Engine

70+ queryable entities with full OData support — filter, sort, paginate, expand, and select across the entire data model.

Flexible Data Queries

OData endpoints at /api/odata/ support $filter, $orderby, $top, $skip, $select, $expand, and $count for efficient data retrieval.

  1. Filter$filter=status eq 'Active'
  2. Sort$orderby=createdDate desc
  3. Paginate$top=25&$skip=50
  4. Expand$expand=details&$select=name,id
odata-examples.sh 
# Query active policies with filtering and sorting
curl "http://null-ref-api:55455/api/odata/PolicyDetailList?\
$filter=status eq 'Active'&\
$orderby=effectiveDate desc&\
$top=25" \
  -H "Authorization: Bearer {token}"

# Get claim records with field selection
curl "http://null-ref-api:55455/api/odata/ClaimList?\
$filter=claimType eq 'Auto'&\
$select=claimNumber,insuredName,status" \
  -H "Authorization: Bearer {token}"

# Retrieve customers with count
curl "http://null-ref-api:55455/api/odata/CustomersList?\
$count=true&$top=50" \
  -H "Authorization: Bearer {token}"
InsuredList PolicyList PolicyDetailList ClaimList CustomersList ReceiptsList TasksList AgentList CertificateHolderList DriverList VehicleList PropertyList OpportunitiesList AgencyKPI UserList +55 more
Connected Systems

Internal & External Integrations

This API bridges Momentum AMP with external vendors and internal infrastructure services.

💬 Twilio SMS
💳 Stripe Payments
☁️ AWS S3 Storage
🐇 RabbitMQ
⚡ Zapier
✍️ RabbitSign
🏦 IVANS
🌎 Nationwide
📧 QuoteRush
🔍 Elasticsearch
📑 IronPDF
🌾 Farmers
Architecture

Internal Use Only

This API is not exposed to external consumers. It serves as the data and logic layer for:

Momentum AMP Frontend Public API Gateway Background Workers Webhook Processors Message Queue Consumers Reporting Services Integration Adapters Vendor Portal

Explore the Full API

Browse all endpoints with request/response schemas, parameter details, and interactive testing.

Open API Reference →