Developers | Capital Express Gateway

Capital Express Gateway API

The gateway is the unified middleware layer for customer resolution, onboarding, quotes, policies, payments, claims, KYC, virtual accounts, and reconciliation. All application surfaces — website, mobile, Clara, staff tools, and partner integrations — should call this layer rather than IES, Squad, Mono, or legacy vendor systems directly.

Endpoint maturity. Routes marked Live now are part of the stable, deployed middleware. Routes marked Pending merge are designed and tested on the gateway enrichment branch but are not yet merged to production. Do not treat pending routes as a live contract until the branch is merged and released.

Base URL: https://api.capitalexpressassurance.com/v1
Runtime: Supabase Edge Functions (Deno) — Supabase Postgres as the operating backend
Providers: IES (insurance core), Squad (payments + virtual accounts), Mono (identity verification)
Consumers: Website, Clara, mobile app, partner APIs, internal operational tools

Open Sandbox Error Reference

Authentication

Every protected route expects a valid gateway API client. Keys are scoped to specific capabilities and should live on your server — never in client-side code or mobile bundles.

Header	Required	Purpose
`x-api-key`	Yes	Identifies the calling application. Every production integration should have its own scoped key.
`x-request-id`	Recommended	Lets your team trace a single request across gateway logs, provider calls, and reconciliation.
`x-idempotency-key`	Write endpoints	Protects safe retries for quote creation, payment actions, and other requests that must not duplicate work.

Use one API client per application, backend job, or external partner.
Keep gateway keys on your server. Do not expose them in mobile bundles or public browser code.
Use idempotency on requests that create money movement, quotes, or claim workspaces.
Let the gateway call IES, Squad, Mono, and internal databases. Public apps should not reach those systems directly.
Treat webhook signature validation and replay protection as part of the integration contract, not optional extras.

Response Contract

Every route returns the same top-level envelope. Parse ok first, then read data on success or error on failure. The meta block carries the request ID and data source.

Success (ok: true)

{
  "ok": true,
  "data": {
    "quoteNo": "Q260000542",
    "productCode": "TSP",
    "premium": 15000,
    "frequency": "monthly",
    "status": "generated"
  },
  "error": null,
  "meta": {
    "requestId": "req_01hwxyz",
    "source": "gateway"
  }
}

Error (ok: false)

{
  "ok": false,
  "data": null,
  "error": "MISSING_FIELDS",
  "meta": {
    "requestId": "req_01hwxyz",
    "missing": ["dob", "frequency"]
  }
}

Operational Flows

A few rules keep the product clean even when multiple providers and internal systems are involved.

Onboarding

Collect draft profile, medical, and financial details in the gateway first. Verify identity through Mono. Push only the necessary state into IES when the customer becomes an insurance record.

Payments

Start checkout or transfer through the gateway. Let Squad settle, then let the gateway verify, log, reconcile, and autopost into IES when policy or proposal context exists.

Policies & Claims

Use the gateway as the public contract. It fetches from Supabase, enriches from IES, and keeps provider-specific response shapes away from the calling application.

Virtual Accounts

The gateway decides whether to return a recovered account, attempt dedicated issuance via Squad, or fall back safely. Clients must not hard-code Squad logic themselves.

products:*

Products

Published insurance products for website, mobile, partner, and internal sales flows.

The catalog endpoints (GET /products, GET /products/:key) require no API key — safe for public pages.
The estimate endpoint gives bidirectional premium/sum-assured calculations without touching IES.

GET/productsLive now

List published products.

When to use: Render product menus, landing pages, and assisted sales lists.

Query Parameters

`segment`	string	Filter by segment: personal, group, corporate
`category`	string	Filter by category: savings, protection, annuity

Request

curl "https://api.capitalexpressassurance.com/v1/products?segment=personal" \
  -H "x-api-key: capex_live_YOUR_KEY"

Response

{
  "ok": true,
  "data": [
    { "code": "TSP", "name": "Target Savings Plan", "segment": "personal", "category": "savings" },
    { "code": "CEP", "name": "Capital Endowment Plan", "segment": "personal", "category": "savings" },
    { "code": "F3P", "name": "Flexi 3 Plan", "segment": "personal", "category": "savings" },
    { "code": "3PP", "name": "3-Premium Plan", "segment": "personal", "category": "savings" }
  ],
  "error": null,
  "meta": { "source": "gateway_catalog" }
}

GET/products/:productKeyLive now

Fetch one product by code or slug.

When to use: Product detail pages and assisted sales walkthroughs.

Path Parameters

productKey string Product code or slug: TSP, CEP, F3P, 3PP

GET/products/:productKey/ratesLive now

Return the raw rate table for a product.

When to use: Internal tooling, underwriting review, and rate auditing.

Path Parameters

productKey string Product code: CEP, F3P, 3PP

GET/products/:productKey/termsLive now

Return available term lengths, age ranges, and premium frequencies for a product.

When to use: Populate form dropdowns before a customer enters their details.

Path Parameters

productKey string Product code: CEP, F3P, 3PP

Response

{
  "ok": true,
  "data": {
    "productCode": "CEP",
    "minEntryAge": 1, "maxEntryAge": 60,
    "termOptions": [5, 7, 10, 15, 20],
    "frequencies": ["monthly", "quarterly", "halfyearly", "annually", "single"]
  }
}

POST/products/:productKey/estimateLive now

Bidirectional premium/sum-assured calculator. Provide sumAssured to get premium, or premium to get sumAssured.

When to use: Live quotation widgets, affordability explorers, and pre-quote pricing.

Path Parameters

productKey string Product code: CEP, F3P, 3PP

Request Body

`age`required	number	Customer entry age as an integer (e.g. 35)
`termYears`required	number	Policy term in years
`frequency`required	string	monthly \| quarterly \| halfyearly \| annually \| single
`sumAssured`	number	Target sum assured — returns the calculated premium
`premium`	number	Target premium — returns the calculated sum assured
`option`	string	F3P only: A \| B \| C (plan variant)

Request

curl -X POST "https://api.capitalexpressassurance.com/v1/products/CEP/estimate" \
  -H "content-type: application/json" \
  -H "x-api-key: capex_live_YOUR_KEY" \
  -d '{
    "age": 35,
    "termYears": 10,
    "frequency": "monthly",
    "sumAssured": 1000000
  }'

Response

{
  "ok": true,
  "data": {
    "productCode": "CEP",
    "age": 35,
    "termYears": 10,
    "frequency": "monthly",
    "sumAssured": 1000000,
    "premium": 7153.49,
    "rate": 7.15348962
  }
}

customers:*

Customers

Customer resolution, registration, profile updates, and account sub-resource reads.

Email and phone are usually the strongest identifiers when legacy client codes disagree.
POST /customers is idempotent on email — it returns the existing record if the email is already registered.

POST/customers/resolveLive now

Resolve a customer across Supabase and IES using client code, email, or phone.

When to use: Before loading account overview, virtual-account readiness, claims, or policy operations.

Request Body

`email`	string	Customer email address
`phone`	string	Customer phone number (any format)
`clientCode`	string	IES unified client code if already known

Request

curl -X POST "https://api.capitalexpressassurance.com/v1/customers/resolve" \
  -H "content-type: application/json" \
  -H "x-api-key: capex_live_YOUR_KEY" \
  -d '{
    "email": "customer@example.com",
    "phone": "08030000000"
  }'

Response

{
  "ok": true,
  "data": {
    "customer": {
      "client_code": "240103735",
      "email": "customer@example.com",
      "phone": "08030000000",
      "first_name": "Amina",
      "last_name": "Bello"
    }
  },
  "error": null,
  "meta": { "source": "supabase+ies" }
}

GET/customersLive now

List customers matching a search query.

When to use: Internal search in Clara, staff portals, and operations tooling.

Query Parameters

`name`	string	Partial name search (first or last)
`email`	string	Filter by email (exact match)
`phone`	string	Filter by phone number
`clientCode`	string	Filter by IES client code
`limit`	number	Results to return (default: 20)
`offset`	number	Offset for pagination (default: 0)

POST/customersLive now

When to use: When a customer has completed an onboarding form and you want to persist their record.

Request Body

`firstName`required	string	Legal first name
`lastName`required	string	Legal last name
`email`required	string	Customer email
`phone`required	string	Customer phone
`dob`	string	Date of birth (YYYY-MM-DD)
`gender`	string	Male \| Female
`address`	string	Residential address

Request

curl -X POST "https://api.capitalexpressassurance.com/v1/customers" \
  -H "content-type: application/json" \
  -H "x-api-key: capex_live_YOUR_KEY" \
  -d '{
    "firstName": "Amina",
    "lastName": "Bello",
    "email": "amina@example.com",
    "phone": "08030000000"
  }'

GET/customers/by-client-code/:clientCodeLive now

Fetch a known customer using an already-resolved unified client code.

When to use: Internal or reconciled journeys where the client code is already clean.

Path Parameters

clientCode string IES unified client code

GET/customers/:clientCodeLive now

Fetch a customer by client code, falling back to IES if not in local storage.

When to use: Profile pages, account context, and customer support lookups.

Path Parameters

clientCode string IES unified client code

PATCH/customers/:clientCodeLive now

Update one or more profile fields for a customer by client code.

When to use: Profile edit flows, address updates, and contact detail corrections.

Path Parameters

clientCode string IES unified client code

Request Body

`firstName`	string	Updated first name
`lastName`	string	Updated last name
`email`	string	Updated email address
`phone`	string	Updated phone number
`occupation`	string	Updated occupation
`stateOfResidence`	string	State of residence
`lga`	string	Local government area

GET/customers/:clientCode/policiesLive now

List policies linked to this customer, fetched live from the insurance core.

When to use: Policy summary screens and customer dashboards.

Path Parameters

clientCode string IES unified client code

GET/customers/:clientCode/virtual-accountsLive now

List virtual accounts assigned to this customer.

Path Parameters

clientCode string IES unified client code

GET/customers/:clientCode/documentsLive now

List KYC and identity documents uploaded for this customer.

Path Parameters

clientCode string IES unified client code

quotes:*

Quotes

Quote creation, retrieval, amendment, and policy conversion.

Always send an idempotency key on quote creation so retries stay safe.
Quote intent and metadata are kept in the gateway even when IES is the official quote engine.

POST/quotesLive now

Generate a new quote using the product catalog and IES quote engine.

When to use: After product selection and enough customer data has been collected to price the plan.

Request Body

`productCode`required	string	TSP \| CEP \| F3P \| 3PP
`dob`required	string	Date of birth (YYYY-MM-DD)
`gender`required	string	Male \| Female
`amount`required	number	Premium amount in NGN
`frequency`required	string	monthly \| quarterly \| halfyearly \| annually
`term`required	string	Policy term in years
`email`required	string	Customer email
`phone`required	string	Customer phone
`firstName`required	string	Customer first name
`lastName`required	string	Customer last name

Request

curl -X POST "https://api.capitalexpressassurance.com/v1/quotes" \
  -H "content-type: application/json" \
  -H "x-api-key: capex_live_YOUR_KEY" \
  -H "x-request-id: req_01hwxyz" \
  -H "x-idempotency-key: quote_idem_001" \
  -d '{
    "productCode": "TSP",
    "dob": "1990-06-18",
    "gender": "Male",
    "amount": 15000,
    "frequency": "monthly",
    "term": "10",
    "email": "amina@example.com",
    "phone": "08030000000",
    "firstName": "Amina",
    "lastName": "Bello"
  }'

Response

{
  "ok": true,
  "data": {
    "quoteNo": "Q260000542",
    "productCode": "TSP",
    "premium": 15000,
    "frequency": "monthly",
    "sumAssured": 2100000,
    "term": "10",
    "status": "generated",
    "provider": "IES"
  },
  "error": null,
  "meta": { "requestId": "req_01hwxyz", "source": "gateway" }
}

GET/quotes/:quoteNoLive now

Retrieve one quote by quote number.

When to use: During checkout handoff, back-office review, and payment verification follow-up.

Path Parameters

quoteNo string IES quote number (e.g. Q260000542)

PATCH/quotes/:quoteNoLive now

Update a quote's premium amount, term, or frequency and trigger an IES recalculation.

When to use: When a customer wants to adjust their plan details before proceeding to payment.

Path Parameters

quoteNo string IES quote number

Request Body

`amount`	number	New premium amount in NGN
`term`	string	New term in years
`frequency`	string	New frequency: monthly \| quarterly \| halfyearly \| annually

POST/quotes/:quoteNo/convertLive now

Mark a quote as converted to a policy (idempotent — safe to call multiple times).

When to use: After the customer has signed and payment has been confirmed.

Path Parameters

quoteNo string IES quote number to convert

policies:*

Policies

Policy summaries, formal statements, beneficiary management, and payment history.

Statement reads are backed by the IES core statement process and should be treated as formal servicing output.
Surrender, reinstatement, and loan requests are recorded in the gateway for operations review — they do not directly modify the IES core.

GET/policiesLive now

List policies for a resolved customer.

When to use: Dashboards, account overview, and policy servicing menus.

Query Parameters

`clientCode`	string	Resolved customer client code
`email`	string	Customer email (used if clientCode not provided)
`status`	string	active \| lapsed \| surrendered \| matured

GET/policies/:policyNumberLive now

Fetch a single policy summary.

When to use: Policy detail screens and customer support review.

Path Parameters

policyNumber string IES policy number

GET/policies/:policyNumber/statementLive now

Read the full policy statement from the insurance core.

When to use: Premium history, contribution records, and formal account history requests.

Path Parameters

policyNumber string IES policy number

GET/policies/:policyNumber/paymentsLive now

List gateway payment transactions recorded against this policy.

When to use: Payment history tab, premium tracking, and collections review.

Path Parameters

policyNumber string IES policy number

Query Parameters

limit number Maximum records to return (default: 50)

GET/policies/:policyNumber/beneficiariesLive now

Fetch beneficiaries stored on this policy from the insurance core.

Path Parameters

policyNumber string IES policy number

PUT/policies/:policyNumber/beneficiariesLive now

Replace beneficiary data for a policy. Percentages must sum to 100.

When to use: During life events — marriage, birth, change of estate plan.

Path Parameters

policyNumber string IES policy number

Request Body

beneficiariesrequired array Array of { name, relationship, percentage, phone?, email? }. Percentages must sum to 100.

POST/policies/:policyNumber/surrenderLive now

Submit a policy surrender request for review by the operations team.

When to use: Customer wishes to terminate the policy early and recover any surrender value.

Path Parameters

policyNumber string IES policy number

Request Body

`clientCode`	string	Customer client code
`reason`	string	Customer reason for surrender

POST/policies/:policyNumber/reinstateLive now

Submit a policy reinstatement request for review.

When to use: Customer wants to resume a lapsed policy and continue premium payments.

Path Parameters

policyNumber string IES policy number

Request Body

`clientCode`	string	Customer client code
`reason`	string	Customer reason for reinstatement

POST/policies/:policyNumber/loanLive now

Submit a policy loan request for review.

When to use: Customer wants to borrow against accumulated policy value.

Path Parameters

policyNumber string IES policy number

Request Body

`clientCode`	string	Customer client code
`requestedAmount`	number	Requested loan amount in NGN

payments:*

Payments

Checkout creation, verification, transaction lookup, receipts, and refunds.

Always trace checkout and verify with request IDs and idempotency keys.
Payment reconciliation is where the gateway bridges Squad settlement into IES policy or proposal context.

POST/payments/checkoutLive now

Start a live payment checkout through Squad using policy or quote context.

When to use: When a customer chooses to pay online instead of by transfer or recurring authorization.

Request Body

`email`required	string	Customer email address
`amount`required	number	Amount to charge in NGN
`clientCode`	string	Customer client code
`policyNumber`	string	Policy number if paying for an existing policy
`quoteNo`	string	Quote number if paying for a new policy

Request

curl -X POST "https://api.capitalexpressassurance.com/v1/payments/checkout" \
  -H "content-type: application/json" \
  -H "x-api-key: capex_live_YOUR_KEY" \
  -H "x-idempotency-key: checkout_idem_001" \
  -d '{
    "email": "amina@example.com",
    "amount": 15000,
    "quoteNo": "Q260000542"
  }'

Response

{
  "ok": true,
  "data": {
    "checkoutUrl": "https://pay.squadco.com/checkout/abc123",
    "transactionRef": "CAPEX-1716453623-AB12C",
    "amount": 15000,
    "currency": "NGN"
  }
}

POST/payments/verifyLive now

Verify a transaction reference and update settlement state.

When to use: After customer redirection, support follow-up, or reconciliation retries.

Request Body

transactionRefrequired string Transaction reference from checkout

Request

curl -X POST "https://api.capitalexpressassurance.com/v1/payments/verify" \
  -H "content-type: application/json" \
  -H "x-api-key: capex_live_YOUR_KEY" \
  -d '{ "transactionRef": "CAPEX-1716453623-AB12C" }'

GET/payments/:transactionRefLive now

Fetch one payment transaction by reference.

When to use: Exact follow-up on a single payment event during support or reconciliation.

Path Parameters

transactionRef string Transaction reference

GET/payments/:transactionRef/receiptLive now

Get a structured receipt for a completed payment.

When to use: When a customer or agent requests a formal payment confirmation.

Path Parameters

transactionRef string Transaction reference

POST/payments/refundLive now

Request a refund for a completed payment (queued for manual review).

When to use: Policy cancellation, duplicate charge, or customer dispute resolution.

Request Body

`transactionRef`required	string	Original transaction reference to refund
`reason`required	string	Reason for the refund request
`clientCode`	string	Customer client code

claims:*

Claims

Claim workspace creation, submission, assignment, approval, document upload, and event timeline.

The gateway provides a structured workspace for claims — draft → submitted → assigned → approved/rejected.
Use PUT /claims/:id/status for direct staff-level status transitions during review.

GET/claimsLive now

List claims by customer, status, or policy.

When to use: Account history, claims dashboard, and Clara account support flows.

Query Parameters

`clientCode`	string	Filter by customer client code
`policyNumber`	string	Filter by policy number
`status`	string	draft \| submitted_initial \| ready_for_review \| approved \| rejected

POST/claimsLive now

Create a new claim workspace.

When to use: When a claim journey begins and you want structured internal handling from the start.

Request Body

`policyNumber`required	string	Policy number the claim is against
`productName`required	string	Product name (e.g. Target Savings Plan)
`claimType`required	string	maturity \| death_benefit \| partial_maturity \| surrender \| policy_loan \| partial_withdrawal
`clientCode`	string	Claimant client code
`description`	string	Customer description of the claim event

Request

curl -X POST "https://api.capitalexpressassurance.com/v1/claims" \
  -H "content-type: application/json" \
  -H "x-api-key: capex_live_YOUR_KEY" \
  -d '{
    "policyNumber": "LIF/00012345",
    "productName": "Target Savings Plan",
    "claimType": "maturity",
    "clientCode": "240103735"
  }'

GET/claims/:idLive now

Fetch a single claim with enriched IES policy data.

Path Parameters

id string Claim workspace ID (UUID)

PATCH/claims/:idLive now

Edit a draft claim workspace before submission.

When to use: Customer is correcting information before formally submitting the claim.

Path Parameters

id string Claim workspace ID (UUID)

Request Body

`description`	string	Updated description
`incidentDate`	string	Corrected incident date

PUT/claims/:id/statusLive now

Update claim status directly. Used for staff-level transitions during the review workflow.

When to use: Operations staff moving claims between review stages.

Path Parameters

id string Claim workspace ID (UUID)

Request Body

`status`required	string	New status: submitted_initial \| ready_for_review \| approved \| rejected
`note`	string	Internal note for the status change

POST/claims/:id/submitLive now

Submit a draft claim for review. Transitions status from draft to submitted_initial.

When to use: Customer has confirmed all details and is ready to formally file.

Path Parameters

id string Claim workspace ID (UUID)

POST/claims/:id/assignLive now

Assign a submitted claim to a claims handler and move it to ready_for_review.

When to use: Internal claims operations — triage and routing step.

Path Parameters

id string Claim workspace ID (UUID)

Request Body

`staffId`required	string	Staff user UUID to assign this claim to
`note`	string	Routing note for the handler

POST/claims/:id/approveLive now

Approve a claim and notify the customer via email.

When to use: Claims handler has completed investigation and is ready to approve.

Path Parameters

id string Claim workspace ID (UUID)

Request Body

note string Internal approval note

POST/claims/:id/rejectLive now

Reject a claim and notify the customer with a reason.

When to use: Claims handler has reviewed and determined the claim cannot be paid.

Path Parameters

id string Claim workspace ID (UUID)

Request Body

reasonrequired string Reason for rejection shown to the customer

POST/claims/:id/documentsLive now

Attach a document to a claim workspace.

When to use: Customer uploads supporting evidence (death certificate, medical report, etc.).

Path Parameters

id string Claim workspace ID (UUID)

Request Body

`documentType`required	string	Document type (e.g. death_certificate, medical_report)
`fileData`required	string	Base64-encoded file content
`fileName`required	string	Original file name including extension

GET/claims/:id/timelineLive now

Fetch the full event timeline for a claim — creation, submission, assignment, and resolution.

When to use: Customer support review, compliance audit, and claims analytics.

Path Parameters

id string Claim workspace ID (UUID)

Response

{
  "ok": true,
  "data": [
    { "event": "created", "at": "2026-05-01T09:00:00Z", "actor": "customer" },
    { "event": "submitted", "at": "2026-05-01T09:15:00Z", "actor": "customer" },
    { "event": "assigned", "at": "2026-05-02T10:00:00Z", "actor": "staff:handler_01" },
    { "event": "approved", "at": "2026-05-07T14:30:00Z", "actor": "staff:handler_01" }
  ]
}

kyc:* / virtual_accounts:*

KYC & Identity

Identity verification, medical and beneficiary data, document uploads, and virtual-account issuance.

Mono handles identity verification (BVN/NIN). Squad handles virtual-account issuance.
The gateway decides whether to return an existing virtual account, attempt dedicated issuance, or fall back safely.

GET/kyc/statusLive now

Return the KYC verification status for a customer: BVN verified, NIN verified, and document count.

When to use: Onboarding progress screens and pre-issuance readiness checks.

Query Parameters

clientCode string Customer client code

Response

{
  "ok": true,
  "data": {
    "clientCode": "240103735",
    "bvnVerified": true,
    "ninVerified": false,
    "documentCount": 2,
    "readyForIssuance": true
  }
}

POST/kyc/bvn/initiateLive now

Start the BVN consent flow through Mono.

When to use: When a user is ready to verify identity with a real OTP challenge.

Request Body

`bvn`required	string	11-digit Bank Verification Number
`customer_identifier`required	string	Gateway customer identifier (email, phone, or client code)

Request

curl -X POST "https://api.capitalexpressassurance.com/v1/kyc/bvn/initiate" \
  -H "content-type: application/json" \
  -H "x-api-key: capex_live_YOUR_KEY" \
  -d '{
    "bvn": "22200000000",
    "customer_identifier": "amina@example.com"
  }'

Response

{
  "ok": true,
  "data": {
    "sessionId": "mono_bvn_session_abc123",
    "methods": ["phone", "email"],
    "expiresAt": "2026-05-26T10:30:00Z"
  }
}

POST/kyc/bvn/verifyLive now

Select the OTP delivery method for the BVN consent flow.

When to use: After initiation, when the user chooses phone, email, or alternate phone.

Request Body

`sessionId`required	string	Session ID from /bvn/initiate
`method`required	string	phone \| email \| alternate_phone

POST/kyc/bvn/detailsLive now

Complete the BVN flow with the OTP and persist verified identity to the customer profile.

When to use: After the user supplies the OTP received on their chosen channel.

Request Body

`sessionId`required	string	Session ID from /bvn/initiate
`otp`required	string	OTP received by the customer
`clientCode`	string	Customer client code to link the verified identity

POST/kyc/bvn/lookupLive now

Look up BVN details using a previously verified session without re-initiating the flow.

When to use: When the BVN has already been verified and you need to retrieve the identity payload.

Request Body

`sessionId`required	string	Session ID from a completed BVN verification
`clientCode`	string	Customer client code to link the result

POST/kyc/nin/verifyLive now

Verify NIN and optionally persist it to the matched customer profile.

When to use: When NIN is the chosen identity path or an additional trust check is needed.

Request Body

`nin`required	string	11-digit National Identification Number
`clientCode`	string	Customer client code to link the result

POST/kyc/medicalLive now

Save a medical declaration for a customer.

When to use: During onboarding when product underwriting requires health disclosures.

Request Body

`clientCode`required	string	Customer client code
`declaration`required	object	Medical declaration fields (goodHealth, smoker, conditions, hospitalizations)

POST/kyc/beneficiaryLive now

Save beneficiary information for a customer profile. Percentages must sum to 100.

Request Body

`clientCode`required	string	Customer client code
`beneficiaries`required	array	Array of { name, relationship, percentage, dob?, phone? }

GET/kyc/beneficiariesLive now

Get stored beneficiaries for a customer.

Query Parameters

clientCode string Customer client code

GET/kyc/documentsLive now

List uploaded KYC documents for a customer.

Query Parameters

clientCode string Customer client code

POST/kyc/documents/uploadLive now

Upload a KYC document for a customer.

When to use: Government ID, passport, utility bill, or other KYC document submission.

Request Body

`clientCode`required	string	Customer client code
`documentType`required	string	passport \| national_id \| drivers_license \| utility_bill \| other
`fileData`required	string	Base64-encoded file content
`fileName`required	string	Original file name including extension

Request

curl -X POST "https://api.capitalexpressassurance.com/v1/kyc/documents/upload" \
  -H "content-type: application/json" \
  -H "x-api-key: capex_live_YOUR_KEY" \
  -d '{
    "clientCode": "240103735",
    "documentType": "national_id",
    "fileName": "nin_slip.jpg",
    "fileData": "BASE64_ENCODED_FILE_CONTENT"
  }'

Response

{
  "ok": true,
  "data": {
    "documentId": "doc_01hwxyz",
    "documentType": "national_id",
    "fileName": "nin_slip.jpg",
    "storagePath": "customer-documents/240103735/nin_slip.jpg",
    "uploadedAt": "2026-05-26T09:00:00Z"
  }
}

GET/virtual-accountsLive now

Check virtual-account readiness or look up an existing account for a customer.

When to use: Before creating a new virtual account so the gateway can choose the best path.

Query Parameters

`clientCode`	string	Customer client code
`email`	string	Customer email if clientCode is not available

POST/virtual-accountsLive now

Resolve an existing virtual account or attempt dedicated issuance through Squad.

When to use: Real collections journeys where the gateway should own the decision between existing, dedicated, and fallback modes.

Request Body

`clientCode`	string	Resolved customer client code
`email`required	string	Customer email
`phone`required	string	Customer phone
`firstName`required	string	Customer first name (must match BVN)
`lastName`required	string	Customer last name (must match BVN)
`bvn`	string	Customer BVN — required for dedicated issuance

webhooks:*

Webhooks

Inbound provider event receivers and outbound webhook endpoint management.

Inbound routes (/webhooks/squad, /webhooks/mono) are authenticated by provider signature — no partner API key required.
Outbound endpoint management routes require a standard API key with webhooks:* scope.
The gateway signs outbound deliveries with HMAC-SHA256. Verify the x-capex-signature header.

POST/webhooks/squadLive now

Receive Squad payment events and trigger gateway-side reconciliation and IES autopost.

When to use: Set this as the public webhook target URL in your Squad merchant dashboard.

POST/webhooks/monoLive now

Receive Mono identity and BVN webhook events.

When to use: Set this as the Mono webhook receiver for your integration.

GET/webhooks/endpointsLive now

List all registered webhook endpoints for the calling API client.

Response

{
  "ok": true,
  "data": [
    {
      "id": "ep_01hwxyz",
      "url": "https://yourserver.com/hooks/capex",
      "events": ["payment.completed", "claim.approved"],
      "is_active": true,
      "description": "Production event receiver",
      "created_at": "2026-05-01T09:00:00Z"
    }
  ]
}

POST/webhooks/endpointsLive now

When to use: Setting up your server to receive payment, claim, and policy lifecycle events.

Request Body

`url`required	string	HTTPS endpoint URL that will receive events
`events`	array	Event type filter. Defaults to ["*"] for all events.
`description`	string	Internal label for this endpoint

Request

curl -X POST "https://api.capitalexpressassurance.com/v1/webhooks/endpoints" \
  -H "content-type: application/json" \
  -H "x-api-key: capex_live_YOUR_KEY" \
  -d '{
    "url": "https://yourserver.com/hooks/capex",
    "events": ["payment.completed", "claim.approved"],
    "description": "Production event receiver"
  }'

Response

{
  "ok": true,
  "data": {
    "id": "ep_01hwxyz",
    "url": "https://yourserver.com/hooks/capex",
    "events": ["payment.completed", "claim.approved"],
    "is_active": true,
    "secret": "a1b2c3...",
    "secretWarning": "This signing secret is shown only once. Store it securely."
  }
}

DELETE/webhooks/endpoints/:idLive now

Remove a registered webhook endpoint.

Path Parameters

id string Endpoint ID returned on registration

POST/webhooks/endpoints/:id/testLive now

Send a test event delivery to a registered endpoint and record the result.

When to use: Verifying your server can receive and verify gateway signatures before going live.

Path Parameters

id string Endpoint ID to send the test delivery to

admin:*

Admin

API client management, key rotation, provider call logs, and system health.

Admin routes require a key with admin:* scope. Restrict access to operations and engineering.
Soft-delete via DELETE preserves audit history — the key is revoked but the record is kept.

GET/admin/healthLive now

Return gateway health status and timestamp.

When to use: Uptime checks, readiness probes, and smoke tests after deployment.

Response

{
  "ok": true,
  "data": {
    "status": "ok",
    "timestamp": "2026-05-26T09:00:00Z",
    "version": "1.0.0"
  }
}

GET/admin/providers/statusLive now

Ping all upstream providers (IES, Squad, Mono) and return reachability status.

When to use: Provider health dashboards and incident investigation.

Response

{
  "ok": true,
  "data": {
    "squad": { "ok": true, "status": 200 },
    "ies": { "ok": true, "status": 200 },
    "mono": { "ok": true, "status": 200 },
    "checked_at": "2026-05-26T09:00:00Z"
  }
}

GET/admin/api-clientsLive now

List all API clients for this account.

When to use: Audit access, review active integrations, and manage partner keys.

POST/admin/api-clientsLive now

Create a new API client with scopes and access configuration.

When to use: Onboarding a new integration surface, partner, or internal tool.

Request Body

`name`required	string	Human-readable name for this client
`scopes`required	array	Permission scopes: products:, customers:, quotes:, policies:, payments:, claims:, kyc:, webhooks:, admin:*
`environment`	string	live \| test (default: live)
`contactEmail`	string	Contact email for alerts and key expiry notices
`allowedOrigins`	array	CORS origins allowed to use this key
`rateLimitPerMinute`	number	Max requests per minute (default: 120)

Request

curl -X POST "https://api.capitalexpressassurance.com/v1/admin/api-clients" \
  -H "content-type: application/json" \
  -H "x-api-key: capex_live_ADMIN_KEY" \
  -d '{
    "name": "Mobile App Production",
    "scopes": ["products:*", "customers:*", "quotes:*", "policies:*", "payments:*", "kyc:*"],
    "contactEmail": "dev@capitalexpressassurance.com",
    "rateLimitPerMinute": 120
  }'

Response

{
  "ok": true,
  "data": {
    "id": "client_01hwxyz",
    "name": "Mobile App Production",
    "key_prefix": "capex_live_abc1",
    "api_key": "capex_live_abc1_FULL_KEY_SHOWN_ONCE",
    "scopes": ["products:*", "customers:*", "quotes:*", "policies:*", "payments:*", "kyc:*"],
    "status": "active"
  }
}

PATCH/admin/api-clients/:idLive now

Update an API client's name, scopes, rate limits, or status.

Path Parameters

id string API client ID (UUID)

Request Body

`name`	string	Updated display name
`scopes`	array	Replacement scope list
`rateLimitPerMinute`	number	Updated requests-per-minute limit
`monthlyQuota`	number	Updated monthly quota (null = unlimited)
`contactEmail`	string	Updated contact email
`status`	string	active \| suspended \| revoked

DELETE/admin/api-clients/:idLive now

Revoke an API client. Soft-deletes the record and immediately invalidates the key.

Path Parameters

id string API client ID (UUID) to revoke

POST/admin/api-clients/:id/revokeLive now

Explicitly revoke an API client by ID (POST alternative to DELETE).

Path Parameters

id string API client ID (UUID)

POST/admin/api-clients/:id/rotate-keyLive now

Generate a new API key for a client. The old key is invalidated immediately. The new key is shown only once.

When to use: Scheduled rotation, suspected compromise, or staff offboarding.

Path Parameters

id string API client ID (UUID) to rotate

Response

{
  "ok": true,
  "data": {
    "id": "client_01hwxyz",
    "name": "Mobile App Production",
    "apiKey": "capex_live_xyz9_NEW_KEY_SHOWN_ONCE",
    "keyPrefix": "capex_live_xyz9",
    "rotatedAt": "2026-05-26T09:00:00Z",
    "warning": "This key is shown only once. Store it securely."
  }
}

GET/admin/api-requestsLive now

List gateway API request logs with client, path, status code, and latency.

When to use: Request audit, debugging integration failures, and traffic analysis.

Query Parameters

`apiClientId`	string	Filter by API client ID
`path`	string	Filter by request path
`statusCode`	number	Filter by HTTP status code
`limit`	number	Max records (default: 100, max: 500)

GET/admin/provider-callsLive now

List provider call logs (IES, Squad, Mono) with outcome, latency, and request context.

When to use: Debugging integration failures, monitoring provider latency, and compliance review.

Query Parameters

`provider`	string	Filter by provider: ies \| squad \| mono
`operation`	string	Filter by operation name
`status`	string	Filter by status: ok \| failed
`limit`	number	Max records (default: 100, max: 500)

GET/admin/idempotency-keysLive now

List idempotency keys tracked by the gateway for deduplication.

When to use: Debugging duplicate request issues and verifying retry safety.

Query Parameters

`status`	string	Filter by status: pending \| completed \| expired
`path`	string	Filter by request path
`limit`	number	Max records (default: 100)

GET/admin/reconciliation/summaryLive now

Return reconciliation summary: record counts, orphaned records, and recent reconciliation runs.

When to use: Operations dashboards, data integrity audits, and end-of-day reconciliation checks.

Response

{
  "ok": true,
  "data": {
    "profiles_total": 1024,
    "policies_missing_customer_profile_id": 0,
    "payments_missing_client_code": 3,
    "quote_applications_total": 248,
    "insurance_products_total": 6,
    "recent_runs": []
  }
}

POST/admin/payments/:ref/retry-autopostLive now

Retry the IES autopost for a verified payment transaction that previously failed.

When to use: Manual reconciliation when Squad settled a payment but the IES autopost failed.

Path Parameters

ref string Transaction reference to retry

Error Codes

Handle these public error classes explicitly in your integration and surface meaningful messages internally. All error responses use the standard envelope with ok: false.

Code	HTTP	Meaning	Typical Action
`UNAUTHORIZED`	401	Missing, invalid, expired, or revoked API key.	Confirm the correct key is in x-api-key and that it has not been revoked.
`FORBIDDEN`	403	The client is authenticated but lacks the required scope.	Issue a new scoped client or add the missing capability in admin.
`INVALID_BODY`	400	Request body is malformed or not valid JSON.	Validate the payload. Use Content-Type: application/json and documented field names.
`MISSING_FIELDS`	400	A required field was not supplied.	Read the endpoint body requirements and include all mandatory fields.
`NOT_FOUND`	404	The requested customer, quote, policy, or claim does not exist.	Retry with a stronger identifier (email/phone) or reconcile the client code first.
`CONFLICT`	409	A duplicate record was found for this operation.	Check your idempotency key or verify the resource does not already exist.
`RATE_LIMIT`	429	Too many requests from this API client in the current window.	Back off and retry after the window resets. Use exponential backoff for automated flows.
`DEDICATED_VA_NOT_READY`	422	Customer lacks verified identity fields needed for dedicated virtual-account issuance.	Complete BVN/NIN KYC first, or let the gateway use the fallback transfer path.
`DEDICATED_VA_FAILED`	502	The upstream provider rejected virtual-account issuance.	Check provider response and merchant configuration before retrying.
`PROVIDER_ERROR`	502	An upstream provider timed out or returned an unusable payload.	Retry with the same idempotency key or fall back to the route contingency path.

Sandbox

The sandbox is a server-side demo runner built into this website. It uses the website's own configured gateway keys on the server and protects access with a separate sandbox token. Requests go to the live middleware — large list responses are trimmed for clarity in demos.

Routes marked Pending merge are visible in the sandbox for planning and review, but they are disabled until the gateway enrichment branch is merged and deployed.

Open Sandbox

Capital Express Gateway API

Base URL: https://api.capitalexpressassurance.com/v1
Runtime: Supabase Edge Functions (Deno) — Supabase Postgres as the operating backend
Providers: IES (insurance core), Squad (payments + virtual accounts), Mono (identity verification)
Consumers: Website, Clara, mobile app, partner APIs, internal operational tools

Open Sandbox Error Reference

Authentication

Every protected route expects a valid gateway API client. Keys are scoped to specific capabilities and should live on your server — never in client-side code or mobile bundles.

Header	Required	Purpose
`x-api-key`	Yes	Identifies the calling application. Every production integration should have its own scoped key.
`x-request-id`	Recommended	Lets your team trace a single request across gateway logs, provider calls, and reconciliation.
`x-idempotency-key`	Write endpoints	Protects safe retries for quote creation, payment actions, and other requests that must not duplicate work.

Use one API client per application, backend job, or external partner.
Keep gateway keys on your server. Do not expose them in mobile bundles or public browser code.
Use idempotency on requests that create money movement, quotes, or claim workspaces.
Let the gateway call IES, Squad, Mono, and internal databases. Public apps should not reach those systems directly.
Treat webhook signature validation and replay protection as part of the integration contract, not optional extras.

Response Contract

Every route returns the same top-level envelope. Parse ok first, then read data on success or error on failure. The meta block carries the request ID and data source.

Success (ok: true)

{
  "ok": true,
  "data": {
    "quoteNo": "Q260000542",
    "productCode": "TSP",
    "premium": 15000,
    "frequency": "monthly",
    "status": "generated"
  },
  "error": null,
  "meta": {
    "requestId": "req_01hwxyz",
    "source": "gateway"
  }
}

Error (ok: false)

{
  "ok": false,
  "data": null,
  "error": "MISSING_FIELDS",
  "meta": {
    "requestId": "req_01hwxyz",
    "missing": ["dob", "frequency"]
  }
}

Operational Flows

A few rules keep the product clean even when multiple providers and internal systems are involved.

Onboarding

Collect draft profile, medical, and financial details in the gateway first. Verify identity through Mono. Push only the necessary state into IES when the customer becomes an insurance record.

Payments

Start checkout or transfer through the gateway. Let Squad settle, then let the gateway verify, log, reconcile, and autopost into IES when policy or proposal context exists.

Policies & Claims

Use the gateway as the public contract. It fetches from Supabase, enriches from IES, and keeps provider-specific response shapes away from the calling application.

Virtual Accounts

The gateway decides whether to return a recovered account, attempt dedicated issuance via Squad, or fall back safely. Clients must not hard-code Squad logic themselves.

products:*

Products

Published insurance products for website, mobile, partner, and internal sales flows.

The catalog endpoints (GET /products, GET /products/:key) require no API key — safe for public pages.
The estimate endpoint gives bidirectional premium/sum-assured calculations without touching IES.

GET/productsLive now

List published products.

When to use: Render product menus, landing pages, and assisted sales lists.

Query Parameters

`segment`	string	Filter by segment: personal, group, corporate
`category`	string	Filter by category: savings, protection, annuity

Request

curl "https://api.capitalexpressassurance.com/v1/products?segment=personal" \
  -H "x-api-key: capex_live_YOUR_KEY"

Response

{
  "ok": true,
  "data": [
    { "code": "TSP", "name": "Target Savings Plan", "segment": "personal", "category": "savings" },
    { "code": "CEP", "name": "Capital Endowment Plan", "segment": "personal", "category": "savings" },
    { "code": "F3P", "name": "Flexi 3 Plan", "segment": "personal", "category": "savings" },
    { "code": "3PP", "name": "3-Premium Plan", "segment": "personal", "category": "savings" }
  ],
  "error": null,
  "meta": { "source": "gateway_catalog" }
}

GET/products/:productKeyLive now

Fetch one product by code or slug.

When to use: Product detail pages and assisted sales walkthroughs.

Path Parameters

productKey string Product code or slug: TSP, CEP, F3P, 3PP

GET/products/:productKey/ratesLive now

Return the raw rate table for a product.

When to use: Internal tooling, underwriting review, and rate auditing.

Path Parameters

productKey string Product code: CEP, F3P, 3PP

GET/products/:productKey/termsLive now

Return available term lengths, age ranges, and premium frequencies for a product.

When to use: Populate form dropdowns before a customer enters their details.

Path Parameters

productKey string Product code: CEP, F3P, 3PP

Response

{
  "ok": true,
  "data": {
    "productCode": "CEP",
    "minEntryAge": 1, "maxEntryAge": 60,
    "termOptions": [5, 7, 10, 15, 20],
    "frequencies": ["monthly", "quarterly", "halfyearly", "annually", "single"]
  }
}

POST/products/:productKey/estimateLive now

Bidirectional premium/sum-assured calculator. Provide sumAssured to get premium, or premium to get sumAssured.

When to use: Live quotation widgets, affordability explorers, and pre-quote pricing.

Path Parameters

productKey string Product code: CEP, F3P, 3PP

Request Body

`age`required	number	Customer entry age as an integer (e.g. 35)
`termYears`required	number	Policy term in years
`frequency`required	string	monthly \| quarterly \| halfyearly \| annually \| single
`sumAssured`	number	Target sum assured — returns the calculated premium
`premium`	number	Target premium — returns the calculated sum assured
`option`	string	F3P only: A \| B \| C (plan variant)

Request

curl -X POST "https://api.capitalexpressassurance.com/v1/products/CEP/estimate" \
  -H "content-type: application/json" \
  -H "x-api-key: capex_live_YOUR_KEY" \
  -d '{
    "age": 35,
    "termYears": 10,
    "frequency": "monthly",
    "sumAssured": 1000000
  }'

Response

{
  "ok": true,
  "data": {
    "productCode": "CEP",
    "age": 35,
    "termYears": 10,
    "frequency": "monthly",
    "sumAssured": 1000000,
    "premium": 7153.49,
    "rate": 7.15348962
  }
}

customers:*

Customers

Customer resolution, registration, profile updates, and account sub-resource reads.

Email and phone are usually the strongest identifiers when legacy client codes disagree.
POST /customers is idempotent on email — it returns the existing record if the email is already registered.

POST/customers/resolveLive now

Resolve a customer across Supabase and IES using client code, email, or phone.

When to use: Before loading account overview, virtual-account readiness, claims, or policy operations.

Request Body

`email`	string	Customer email address
`phone`	string	Customer phone number (any format)
`clientCode`	string	IES unified client code if already known

Request

curl -X POST "https://api.capitalexpressassurance.com/v1/customers/resolve" \
  -H "content-type: application/json" \
  -H "x-api-key: capex_live_YOUR_KEY" \
  -d '{
    "email": "customer@example.com",
    "phone": "08030000000"
  }'

Response

{
  "ok": true,
  "data": {
    "customer": {
      "client_code": "240103735",
      "email": "customer@example.com",
      "phone": "08030000000",
      "first_name": "Amina",
      "last_name": "Bello"
    }
  },
  "error": null,
  "meta": { "source": "supabase+ies" }
}

GET/customersLive now

List customers matching a search query.

When to use: Internal search in Clara, staff portals, and operations tooling.

Query Parameters

`name`	string	Partial name search (first or last)
`email`	string	Filter by email (exact match)
`phone`	string	Filter by phone number
`clientCode`	string	Filter by IES client code
`limit`	number	Results to return (default: 20)
`offset`	number	Offset for pagination (default: 0)

POST/customersLive now

When to use: When a customer has completed an onboarding form and you want to persist their record.

Request Body

`firstName`required	string	Legal first name
`lastName`required	string	Legal last name
`email`required	string	Customer email
`phone`required	string	Customer phone
`dob`	string	Date of birth (YYYY-MM-DD)
`gender`	string	Male \| Female
`address`	string	Residential address

Request

curl -X POST "https://api.capitalexpressassurance.com/v1/customers" \
  -H "content-type: application/json" \
  -H "x-api-key: capex_live_YOUR_KEY" \
  -d '{
    "firstName": "Amina",
    "lastName": "Bello",
    "email": "amina@example.com",
    "phone": "08030000000"
  }'

GET/customers/by-client-code/:clientCodeLive now

Fetch a known customer using an already-resolved unified client code.

When to use: Internal or reconciled journeys where the client code is already clean.

Path Parameters

clientCode string IES unified client code

GET/customers/:clientCodeLive now

Fetch a customer by client code, falling back to IES if not in local storage.

When to use: Profile pages, account context, and customer support lookups.

Path Parameters

clientCode string IES unified client code

PATCH/customers/:clientCodeLive now

Update one or more profile fields for a customer by client code.

When to use: Profile edit flows, address updates, and contact detail corrections.

Path Parameters

clientCode string IES unified client code

Request Body

`firstName`	string	Updated first name
`lastName`	string	Updated last name
`email`	string	Updated email address
`phone`	string	Updated phone number
`occupation`	string	Updated occupation
`stateOfResidence`	string	State of residence
`lga`	string	Local government area

GET/customers/:clientCode/policiesLive now

List policies linked to this customer, fetched live from the insurance core.

When to use: Policy summary screens and customer dashboards.

Path Parameters

clientCode string IES unified client code

GET/customers/:clientCode/virtual-accountsLive now

List virtual accounts assigned to this customer.

Path Parameters

clientCode string IES unified client code

GET/customers/:clientCode/documentsLive now

List KYC and identity documents uploaded for this customer.

Path Parameters

clientCode string IES unified client code

quotes:*

Quotes

Quote creation, retrieval, amendment, and policy conversion.

Always send an idempotency key on quote creation so retries stay safe.
Quote intent and metadata are kept in the gateway even when IES is the official quote engine.

POST/quotesLive now

Generate a new quote using the product catalog and IES quote engine.

When to use: After product selection and enough customer data has been collected to price the plan.

Request Body

`productCode`required	string	TSP \| CEP \| F3P \| 3PP
`dob`required	string	Date of birth (YYYY-MM-DD)
`gender`required	string	Male \| Female
`amount`required	number	Premium amount in NGN
`frequency`required	string	monthly \| quarterly \| halfyearly \| annually
`term`required	string	Policy term in years
`email`required	string	Customer email
`phone`required	string	Customer phone
`firstName`required	string	Customer first name
`lastName`required	string	Customer last name

Request

curl -X POST "https://api.capitalexpressassurance.com/v1/quotes" \
  -H "content-type: application/json" \
  -H "x-api-key: capex_live_YOUR_KEY" \
  -H "x-request-id: req_01hwxyz" \
  -H "x-idempotency-key: quote_idem_001" \
  -d '{
    "productCode": "TSP",
    "dob": "1990-06-18",
    "gender": "Male",
    "amount": 15000,
    "frequency": "monthly",
    "term": "10",
    "email": "amina@example.com",
    "phone": "08030000000",
    "firstName": "Amina",
    "lastName": "Bello"
  }'

Response

{
  "ok": true,
  "data": {
    "quoteNo": "Q260000542",
    "productCode": "TSP",
    "premium": 15000,
    "frequency": "monthly",
    "sumAssured": 2100000,
    "term": "10",
    "status": "generated",
    "provider": "IES"
  },
  "error": null,
  "meta": { "requestId": "req_01hwxyz", "source": "gateway" }
}

GET/quotes/:quoteNoLive now

Retrieve one quote by quote number.

When to use: During checkout handoff, back-office review, and payment verification follow-up.

Path Parameters

quoteNo string IES quote number (e.g. Q260000542)

PATCH/quotes/:quoteNoLive now

Update a quote's premium amount, term, or frequency and trigger an IES recalculation.

When to use: When a customer wants to adjust their plan details before proceeding to payment.

Path Parameters

quoteNo string IES quote number

Request Body

`amount`	number	New premium amount in NGN
`term`	string	New term in years
`frequency`	string	New frequency: monthly \| quarterly \| halfyearly \| annually

POST/quotes/:quoteNo/convertLive now

Mark a quote as converted to a policy (idempotent — safe to call multiple times).

When to use: After the customer has signed and payment has been confirmed.

Path Parameters

quoteNo string IES quote number to convert

policies:*

Policies

Policy summaries, formal statements, beneficiary management, and payment history.

Statement reads are backed by the IES core statement process and should be treated as formal servicing output.
Surrender, reinstatement, and loan requests are recorded in the gateway for operations review — they do not directly modify the IES core.

GET/policiesLive now

List policies for a resolved customer.

When to use: Dashboards, account overview, and policy servicing menus.

Query Parameters

`clientCode`	string	Resolved customer client code
`email`	string	Customer email (used if clientCode not provided)
`status`	string	active \| lapsed \| surrendered \| matured

GET/policies/:policyNumberLive now

Fetch a single policy summary.

When to use: Policy detail screens and customer support review.

Path Parameters

policyNumber string IES policy number

GET/policies/:policyNumber/statementLive now

Read the full policy statement from the insurance core.

When to use: Premium history, contribution records, and formal account history requests.

Path Parameters

policyNumber string IES policy number

GET/policies/:policyNumber/paymentsLive now

List gateway payment transactions recorded against this policy.

When to use: Payment history tab, premium tracking, and collections review.

Path Parameters

policyNumber string IES policy number

Query Parameters

limit number Maximum records to return (default: 50)

GET/policies/:policyNumber/beneficiariesLive now

Fetch beneficiaries stored on this policy from the insurance core.

Path Parameters

policyNumber string IES policy number

PUT/policies/:policyNumber/beneficiariesLive now

Replace beneficiary data for a policy. Percentages must sum to 100.

When to use: During life events — marriage, birth, change of estate plan.

Path Parameters

policyNumber string IES policy number

Request Body

beneficiariesrequired array Array of { name, relationship, percentage, phone?, email? }. Percentages must sum to 100.

POST/policies/:policyNumber/surrenderLive now

Submit a policy surrender request for review by the operations team.

When to use: Customer wishes to terminate the policy early and recover any surrender value.

Path Parameters

policyNumber string IES policy number

Request Body

`clientCode`	string	Customer client code
`reason`	string	Customer reason for surrender

POST/policies/:policyNumber/reinstateLive now

Submit a policy reinstatement request for review.

When to use: Customer wants to resume a lapsed policy and continue premium payments.

Path Parameters

policyNumber string IES policy number

Request Body

`clientCode`	string	Customer client code
`reason`	string	Customer reason for reinstatement

POST/policies/:policyNumber/loanLive now

Submit a policy loan request for review.

When to use: Customer wants to borrow against accumulated policy value.

Path Parameters

policyNumber string IES policy number

Request Body

`clientCode`	string	Customer client code
`requestedAmount`	number	Requested loan amount in NGN

payments:*

Payments

Checkout creation, verification, transaction lookup, receipts, and refunds.

Always trace checkout and verify with request IDs and idempotency keys.
Payment reconciliation is where the gateway bridges Squad settlement into IES policy or proposal context.

POST/payments/checkoutLive now

Start a live payment checkout through Squad using policy or quote context.

When to use: When a customer chooses to pay online instead of by transfer or recurring authorization.

Request Body

`email`required	string	Customer email address
`amount`required	number	Amount to charge in NGN
`clientCode`	string	Customer client code
`policyNumber`	string	Policy number if paying for an existing policy
`quoteNo`	string	Quote number if paying for a new policy

Request

curl -X POST "https://api.capitalexpressassurance.com/v1/payments/checkout" \
  -H "content-type: application/json" \
  -H "x-api-key: capex_live_YOUR_KEY" \
  -H "x-idempotency-key: checkout_idem_001" \
  -d '{
    "email": "amina@example.com",
    "amount": 15000,
    "quoteNo": "Q260000542"
  }'

Response

{
  "ok": true,
  "data": {
    "checkoutUrl": "https://pay.squadco.com/checkout/abc123",
    "transactionRef": "CAPEX-1716453623-AB12C",
    "amount": 15000,
    "currency": "NGN"
  }
}

POST/payments/verifyLive now

Verify a transaction reference and update settlement state.

When to use: After customer redirection, support follow-up, or reconciliation retries.

Request Body

transactionRefrequired string Transaction reference from checkout

Request

curl -X POST "https://api.capitalexpressassurance.com/v1/payments/verify" \
  -H "content-type: application/json" \
  -H "x-api-key: capex_live_YOUR_KEY" \
  -d '{ "transactionRef": "CAPEX-1716453623-AB12C" }'

GET/payments/:transactionRefLive now

Fetch one payment transaction by reference.

When to use: Exact follow-up on a single payment event during support or reconciliation.

Path Parameters

transactionRef string Transaction reference

GET/payments/:transactionRef/receiptLive now

Get a structured receipt for a completed payment.

When to use: When a customer or agent requests a formal payment confirmation.

Path Parameters

transactionRef string Transaction reference

POST/payments/refundLive now

Request a refund for a completed payment (queued for manual review).

When to use: Policy cancellation, duplicate charge, or customer dispute resolution.

Request Body

`transactionRef`required	string	Original transaction reference to refund
`reason`required	string	Reason for the refund request
`clientCode`	string	Customer client code

claims:*

Claims

Claim workspace creation, submission, assignment, approval, document upload, and event timeline.

The gateway provides a structured workspace for claims — draft → submitted → assigned → approved/rejected.
Use PUT /claims/:id/status for direct staff-level status transitions during review.

GET/claimsLive now

List claims by customer, status, or policy.

When to use: Account history, claims dashboard, and Clara account support flows.

Query Parameters

`clientCode`	string	Filter by customer client code
`policyNumber`	string	Filter by policy number
`status`	string	draft \| submitted_initial \| ready_for_review \| approved \| rejected

POST/claimsLive now

Create a new claim workspace.

When to use: When a claim journey begins and you want structured internal handling from the start.

Request Body

`policyNumber`required	string	Policy number the claim is against
`productName`required	string	Product name (e.g. Target Savings Plan)
`claimType`required	string	maturity \| death_benefit \| partial_maturity \| surrender \| policy_loan \| partial_withdrawal
`clientCode`	string	Claimant client code
`description`	string	Customer description of the claim event

Request

curl -X POST "https://api.capitalexpressassurance.com/v1/claims" \
  -H "content-type: application/json" \
  -H "x-api-key: capex_live_YOUR_KEY" \
  -d '{
    "policyNumber": "LIF/00012345",
    "productName": "Target Savings Plan",
    "claimType": "maturity",
    "clientCode": "240103735"
  }'

GET/claims/:idLive now

Fetch a single claim with enriched IES policy data.

Path Parameters

id string Claim workspace ID (UUID)

PATCH/claims/:idLive now

Edit a draft claim workspace before submission.

When to use: Customer is correcting information before formally submitting the claim.

Path Parameters

id string Claim workspace ID (UUID)

Request Body

`description`	string	Updated description
`incidentDate`	string	Corrected incident date

PUT/claims/:id/statusLive now

Update claim status directly. Used for staff-level transitions during the review workflow.

When to use: Operations staff moving claims between review stages.

Path Parameters

id string Claim workspace ID (UUID)

Request Body

`status`required	string	New status: submitted_initial \| ready_for_review \| approved \| rejected
`note`	string	Internal note for the status change

POST/claims/:id/submitLive now

Submit a draft claim for review. Transitions status from draft to submitted_initial.

When to use: Customer has confirmed all details and is ready to formally file.

Path Parameters

id string Claim workspace ID (UUID)

POST/claims/:id/assignLive now

Assign a submitted claim to a claims handler and move it to ready_for_review.

When to use: Internal claims operations — triage and routing step.

Path Parameters

id string Claim workspace ID (UUID)

Request Body

`staffId`required	string	Staff user UUID to assign this claim to
`note`	string	Routing note for the handler

POST/claims/:id/approveLive now

Approve a claim and notify the customer via email.

When to use: Claims handler has completed investigation and is ready to approve.

Path Parameters

id string Claim workspace ID (UUID)

Request Body

note string Internal approval note

POST/claims/:id/rejectLive now

Reject a claim and notify the customer with a reason.

When to use: Claims handler has reviewed and determined the claim cannot be paid.

Path Parameters

id string Claim workspace ID (UUID)

Request Body

reasonrequired string Reason for rejection shown to the customer

POST/claims/:id/documentsLive now

Attach a document to a claim workspace.

When to use: Customer uploads supporting evidence (death certificate, medical report, etc.).

Path Parameters

id string Claim workspace ID (UUID)

Request Body

`documentType`required	string	Document type (e.g. death_certificate, medical_report)
`fileData`required	string	Base64-encoded file content
`fileName`required	string	Original file name including extension

GET/claims/:id/timelineLive now

Fetch the full event timeline for a claim — creation, submission, assignment, and resolution.

When to use: Customer support review, compliance audit, and claims analytics.

Path Parameters

id string Claim workspace ID (UUID)

Response

{
  "ok": true,
  "data": [
    { "event": "created", "at": "2026-05-01T09:00:00Z", "actor": "customer" },
    { "event": "submitted", "at": "2026-05-01T09:15:00Z", "actor": "customer" },
    { "event": "assigned", "at": "2026-05-02T10:00:00Z", "actor": "staff:handler_01" },
    { "event": "approved", "at": "2026-05-07T14:30:00Z", "actor": "staff:handler_01" }
  ]
}

kyc:* / virtual_accounts:*

KYC & Identity

Identity verification, medical and beneficiary data, document uploads, and virtual-account issuance.

Mono handles identity verification (BVN/NIN). Squad handles virtual-account issuance.
The gateway decides whether to return an existing virtual account, attempt dedicated issuance, or fall back safely.

GET/kyc/statusLive now

Return the KYC verification status for a customer: BVN verified, NIN verified, and document count.

When to use: Onboarding progress screens and pre-issuance readiness checks.

Query Parameters

clientCode string Customer client code

Response

{
  "ok": true,
  "data": {
    "clientCode": "240103735",
    "bvnVerified": true,
    "ninVerified": false,
    "documentCount": 2,
    "readyForIssuance": true
  }
}

POST/kyc/bvn/initiateLive now

Start the BVN consent flow through Mono.

When to use: When a user is ready to verify identity with a real OTP challenge.

Request Body

`bvn`required	string	11-digit Bank Verification Number
`customer_identifier`required	string	Gateway customer identifier (email, phone, or client code)

Request

curl -X POST "https://api.capitalexpressassurance.com/v1/kyc/bvn/initiate" \
  -H "content-type: application/json" \
  -H "x-api-key: capex_live_YOUR_KEY" \
  -d '{
    "bvn": "22200000000",
    "customer_identifier": "amina@example.com"
  }'

Response

{
  "ok": true,
  "data": {
    "sessionId": "mono_bvn_session_abc123",
    "methods": ["phone", "email"],
    "expiresAt": "2026-05-26T10:30:00Z"
  }
}

POST/kyc/bvn/verifyLive now

Select the OTP delivery method for the BVN consent flow.

When to use: After initiation, when the user chooses phone, email, or alternate phone.

Request Body

`sessionId`required	string	Session ID from /bvn/initiate
`method`required	string	phone \| email \| alternate_phone

POST/kyc/bvn/detailsLive now

Complete the BVN flow with the OTP and persist verified identity to the customer profile.

When to use: After the user supplies the OTP received on their chosen channel.

Request Body

`sessionId`required	string	Session ID from /bvn/initiate
`otp`required	string	OTP received by the customer
`clientCode`	string	Customer client code to link the verified identity

POST/kyc/bvn/lookupLive now

Look up BVN details using a previously verified session without re-initiating the flow.

When to use: When the BVN has already been verified and you need to retrieve the identity payload.

Request Body

`sessionId`required	string	Session ID from a completed BVN verification
`clientCode`	string	Customer client code to link the result

POST/kyc/nin/verifyLive now

Verify NIN and optionally persist it to the matched customer profile.

When to use: When NIN is the chosen identity path or an additional trust check is needed.

Request Body

`nin`required	string	11-digit National Identification Number
`clientCode`	string	Customer client code to link the result

POST/kyc/medicalLive now

Save a medical declaration for a customer.

When to use: During onboarding when product underwriting requires health disclosures.

Request Body

`clientCode`required	string	Customer client code
`declaration`required	object	Medical declaration fields (goodHealth, smoker, conditions, hospitalizations)

POST/kyc/beneficiaryLive now

Save beneficiary information for a customer profile. Percentages must sum to 100.

Request Body

`clientCode`required	string	Customer client code
`beneficiaries`required	array	Array of { name, relationship, percentage, dob?, phone? }

GET/kyc/beneficiariesLive now

Get stored beneficiaries for a customer.

Query Parameters

clientCode string Customer client code

GET/kyc/documentsLive now

List uploaded KYC documents for a customer.

Query Parameters

clientCode string Customer client code

POST/kyc/documents/uploadLive now

Upload a KYC document for a customer.

When to use: Government ID, passport, utility bill, or other KYC document submission.

Request Body

`clientCode`required	string	Customer client code
`documentType`required	string	passport \| national_id \| drivers_license \| utility_bill \| other
`fileData`required	string	Base64-encoded file content
`fileName`required	string	Original file name including extension

Request

curl -X POST "https://api.capitalexpressassurance.com/v1/kyc/documents/upload" \
  -H "content-type: application/json" \
  -H "x-api-key: capex_live_YOUR_KEY" \
  -d '{
    "clientCode": "240103735",
    "documentType": "national_id",
    "fileName": "nin_slip.jpg",
    "fileData": "BASE64_ENCODED_FILE_CONTENT"
  }'

Response

{
  "ok": true,
  "data": {
    "documentId": "doc_01hwxyz",
    "documentType": "national_id",
    "fileName": "nin_slip.jpg",
    "storagePath": "customer-documents/240103735/nin_slip.jpg",
    "uploadedAt": "2026-05-26T09:00:00Z"
  }
}

GET/virtual-accountsLive now

Check virtual-account readiness or look up an existing account for a customer.

When to use: Before creating a new virtual account so the gateway can choose the best path.

Query Parameters

`clientCode`	string	Customer client code
`email`	string	Customer email if clientCode is not available

POST/virtual-accountsLive now

Resolve an existing virtual account or attempt dedicated issuance through Squad.

When to use: Real collections journeys where the gateway should own the decision between existing, dedicated, and fallback modes.

Request Body

`clientCode`	string	Resolved customer client code
`email`required	string	Customer email
`phone`required	string	Customer phone
`firstName`required	string	Customer first name (must match BVN)
`lastName`required	string	Customer last name (must match BVN)
`bvn`	string	Customer BVN — required for dedicated issuance

webhooks:*

Webhooks

Inbound provider event receivers and outbound webhook endpoint management.

Inbound routes (/webhooks/squad, /webhooks/mono) are authenticated by provider signature — no partner API key required.
Outbound endpoint management routes require a standard API key with webhooks:* scope.
The gateway signs outbound deliveries with HMAC-SHA256. Verify the x-capex-signature header.

POST/webhooks/squadLive now

Receive Squad payment events and trigger gateway-side reconciliation and IES autopost.

When to use: Set this as the public webhook target URL in your Squad merchant dashboard.

POST/webhooks/monoLive now

Receive Mono identity and BVN webhook events.

When to use: Set this as the Mono webhook receiver for your integration.

GET/webhooks/endpointsLive now

List all registered webhook endpoints for the calling API client.

Response

{
  "ok": true,
  "data": [
    {
      "id": "ep_01hwxyz",
      "url": "https://yourserver.com/hooks/capex",
      "events": ["payment.completed", "claim.approved"],
      "is_active": true,
      "description": "Production event receiver",
      "created_at": "2026-05-01T09:00:00Z"
    }
  ]
}

POST/webhooks/endpointsLive now

When to use: Setting up your server to receive payment, claim, and policy lifecycle events.

Request Body

`url`required	string	HTTPS endpoint URL that will receive events
`events`	array	Event type filter. Defaults to ["*"] for all events.
`description`	string	Internal label for this endpoint

Request

curl -X POST "https://api.capitalexpressassurance.com/v1/webhooks/endpoints" \
  -H "content-type: application/json" \
  -H "x-api-key: capex_live_YOUR_KEY" \
  -d '{
    "url": "https://yourserver.com/hooks/capex",
    "events": ["payment.completed", "claim.approved"],
    "description": "Production event receiver"
  }'

Response

{
  "ok": true,
  "data": {
    "id": "ep_01hwxyz",
    "url": "https://yourserver.com/hooks/capex",
    "events": ["payment.completed", "claim.approved"],
    "is_active": true,
    "secret": "a1b2c3...",
    "secretWarning": "This signing secret is shown only once. Store it securely."
  }
}

DELETE/webhooks/endpoints/:idLive now

Remove a registered webhook endpoint.

Path Parameters

id string Endpoint ID returned on registration

POST/webhooks/endpoints/:id/testLive now

Send a test event delivery to a registered endpoint and record the result.

When to use: Verifying your server can receive and verify gateway signatures before going live.

Path Parameters

id string Endpoint ID to send the test delivery to

admin:*

Admin

API client management, key rotation, provider call logs, and system health.

Admin routes require a key with admin:* scope. Restrict access to operations and engineering.
Soft-delete via DELETE preserves audit history — the key is revoked but the record is kept.

GET/admin/healthLive now

Return gateway health status and timestamp.

When to use: Uptime checks, readiness probes, and smoke tests after deployment.

Response

{
  "ok": true,
  "data": {
    "status": "ok",
    "timestamp": "2026-05-26T09:00:00Z",
    "version": "1.0.0"
  }
}

GET/admin/providers/statusLive now

Ping all upstream providers (IES, Squad, Mono) and return reachability status.

When to use: Provider health dashboards and incident investigation.

Response

{
  "ok": true,
  "data": {
    "squad": { "ok": true, "status": 200 },
    "ies": { "ok": true, "status": 200 },
    "mono": { "ok": true, "status": 200 },
    "checked_at": "2026-05-26T09:00:00Z"
  }
}

GET/admin/api-clientsLive now

List all API clients for this account.

When to use: Audit access, review active integrations, and manage partner keys.

POST/admin/api-clientsLive now

Create a new API client with scopes and access configuration.

When to use: Onboarding a new integration surface, partner, or internal tool.

Request Body

`name`required	string	Human-readable name for this client
`scopes`required	array	Permission scopes: products:, customers:, quotes:, policies:, payments:, claims:, kyc:, webhooks:, admin:*
`environment`	string	live \| test (default: live)
`contactEmail`	string	Contact email for alerts and key expiry notices
`allowedOrigins`	array	CORS origins allowed to use this key
`rateLimitPerMinute`	number	Max requests per minute (default: 120)

Request

curl -X POST "https://api.capitalexpressassurance.com/v1/admin/api-clients" \
  -H "content-type: application/json" \
  -H "x-api-key: capex_live_ADMIN_KEY" \
  -d '{
    "name": "Mobile App Production",
    "scopes": ["products:*", "customers:*", "quotes:*", "policies:*", "payments:*", "kyc:*"],
    "contactEmail": "dev@capitalexpressassurance.com",
    "rateLimitPerMinute": 120
  }'

Response

{
  "ok": true,
  "data": {
    "id": "client_01hwxyz",
    "name": "Mobile App Production",
    "key_prefix": "capex_live_abc1",
    "api_key": "capex_live_abc1_FULL_KEY_SHOWN_ONCE",
    "scopes": ["products:*", "customers:*", "quotes:*", "policies:*", "payments:*", "kyc:*"],
    "status": "active"
  }
}

PATCH/admin/api-clients/:idLive now

Update an API client's name, scopes, rate limits, or status.

Path Parameters

id string API client ID (UUID)

Request Body

`name`	string	Updated display name
`scopes`	array	Replacement scope list
`rateLimitPerMinute`	number	Updated requests-per-minute limit
`monthlyQuota`	number	Updated monthly quota (null = unlimited)
`contactEmail`	string	Updated contact email
`status`	string	active \| suspended \| revoked

DELETE/admin/api-clients/:idLive now

Revoke an API client. Soft-deletes the record and immediately invalidates the key.

Path Parameters

id string API client ID (UUID) to revoke

POST/admin/api-clients/:id/revokeLive now

Explicitly revoke an API client by ID (POST alternative to DELETE).

Path Parameters

id string API client ID (UUID)

POST/admin/api-clients/:id/rotate-keyLive now

Generate a new API key for a client. The old key is invalidated immediately. The new key is shown only once.

When to use: Scheduled rotation, suspected compromise, or staff offboarding.

Path Parameters

id string API client ID (UUID) to rotate

Response

{
  "ok": true,
  "data": {
    "id": "client_01hwxyz",
    "name": "Mobile App Production",
    "apiKey": "capex_live_xyz9_NEW_KEY_SHOWN_ONCE",
    "keyPrefix": "capex_live_xyz9",
    "rotatedAt": "2026-05-26T09:00:00Z",
    "warning": "This key is shown only once. Store it securely."
  }
}

GET/admin/api-requestsLive now

List gateway API request logs with client, path, status code, and latency.

When to use: Request audit, debugging integration failures, and traffic analysis.

Query Parameters

`apiClientId`	string	Filter by API client ID
`path`	string	Filter by request path
`statusCode`	number	Filter by HTTP status code
`limit`	number	Max records (default: 100, max: 500)

GET/admin/provider-callsLive now

List provider call logs (IES, Squad, Mono) with outcome, latency, and request context.

When to use: Debugging integration failures, monitoring provider latency, and compliance review.

Query Parameters

`provider`	string	Filter by provider: ies \| squad \| mono
`operation`	string	Filter by operation name
`status`	string	Filter by status: ok \| failed
`limit`	number	Max records (default: 100, max: 500)

GET/admin/idempotency-keysLive now

List idempotency keys tracked by the gateway for deduplication.

When to use: Debugging duplicate request issues and verifying retry safety.

Query Parameters

`status`	string	Filter by status: pending \| completed \| expired
`path`	string	Filter by request path
`limit`	number	Max records (default: 100)

GET/admin/reconciliation/summaryLive now

Return reconciliation summary: record counts, orphaned records, and recent reconciliation runs.

When to use: Operations dashboards, data integrity audits, and end-of-day reconciliation checks.

Response

{
  "ok": true,
  "data": {
    "profiles_total": 1024,
    "policies_missing_customer_profile_id": 0,
    "payments_missing_client_code": 3,
    "quote_applications_total": 248,
    "insurance_products_total": 6,
    "recent_runs": []
  }
}

POST/admin/payments/:ref/retry-autopostLive now

Retry the IES autopost for a verified payment transaction that previously failed.

When to use: Manual reconciliation when Squad settled a payment but the IES autopost failed.

Path Parameters

ref string Transaction reference to retry

Error Codes

Handle these public error classes explicitly in your integration and surface meaningful messages internally. All error responses use the standard envelope with ok: false.

Code	HTTP	Meaning	Typical Action
`UNAUTHORIZED`	401	Missing, invalid, expired, or revoked API key.	Confirm the correct key is in x-api-key and that it has not been revoked.
`FORBIDDEN`	403	The client is authenticated but lacks the required scope.	Issue a new scoped client or add the missing capability in admin.
`INVALID_BODY`	400	Request body is malformed or not valid JSON.	Validate the payload. Use Content-Type: application/json and documented field names.
`MISSING_FIELDS`	400	A required field was not supplied.	Read the endpoint body requirements and include all mandatory fields.
`NOT_FOUND`	404	The requested customer, quote, policy, or claim does not exist.	Retry with a stronger identifier (email/phone) or reconcile the client code first.
`CONFLICT`	409	A duplicate record was found for this operation.	Check your idempotency key or verify the resource does not already exist.
`RATE_LIMIT`	429	Too many requests from this API client in the current window.	Back off and retry after the window resets. Use exponential backoff for automated flows.
`DEDICATED_VA_NOT_READY`	422	Customer lacks verified identity fields needed for dedicated virtual-account issuance.	Complete BVN/NIN KYC first, or let the gateway use the fallback transfer path.
`DEDICATED_VA_FAILED`	502	The upstream provider rejected virtual-account issuance.	Check provider response and merchant configuration before retrying.
`PROVIDER_ERROR`	502	An upstream provider timed out or returned an unusable payload.	Retry with the same idempotency key or fall back to the route contingency path.

Sandbox

Routes marked Pending merge are visible in the sandbox for planning and review, but they are disabled until the gateway enrichment branch is merged and deployed.

Open Sandbox