Crystallux exposes a webhook-based REST surface for carriers that want to ingest production data programmatically.
POST /webhook/mga/insurance/report/monthly-production POST /webhook/mga/insurance/report/advisor-performance POST /webhook/mga/insurance/report/compliance-health POST /webhook/mga/insurance/report/product-mix POST /webhook/mga/insurance/report/commission-summary POST /webhook/mga/insurance/report/quarterly-business-review POST /webhook/mga/insurance/compliance-score POST /webhook/mga/insurance/insurer-session-validate
Every carrier-facing endpoint requires a session token in the Authorization: Bearer <token> header. Tokens are issued via the universal auth/login flow and expire after 4 hours for insurer sessions. Server-side validation also confirms the session user has an active insurer_users row linked to an active insurer_account.
If your carrier supports webhook ingestion, we can POST to a carrier-supplied webhook_url for events: policy_issued, compliance_score_changed, advisor_appointed. HMAC-SHA256 signature in X-Crystallux-Signature header.
Typical carrier integration is 4–8 weeks: 2 weeks alignment + data-sharing consent → 2 weeks API key provisioning + smoke tests → 2–4 weeks production cutover. White-label deployments add 2–4 weeks for DNS + SSL.
insurer_account.carrier_id.insurer_access_log).