API Reference

Complete API documentation for Opensure.

Authentication Types

Type	Format	Used By
Session	Cookie: `sessionid`	Dashboard, web app
API Key	`Authorization: Bearer osk_xxx...`	MCP v2 external clients
Auth0 JWT	`Authorization: Bearer <token>`	MarketFinder Chrome extension
None	Public endpoints	Signup, classify, webhooks

Authentication

Base: /api/auth/

Method	Route	Description	Auth
POST	`/signup/`	User registration with email verification	None
POST	`/verify/`	Verify email with code	None
POST	`/resend-code/`	Resend verification code	None
POST	`/login/`	Email/password login (session-based)	None
POST	`/logout/`	Logout (invalidates session)	Session
GET	`/profile/`	Get current user profile	Session

Deprecated

POST /api/auth/register/ → use /signup/ instead

MarketFinder

Base: /api/v1/market_finder/

Carrier Discovery

Method	Route	Description	Auth
GET	`/carriers/`	List all active carriers	Session
GET	`/carriers/<id>/`	Get carrier details	Session
GET	`/products/`	List carrier products	Session
GET	`/appetites/`	List carrier appetites	Session

Intelligent Search

Method	Route	Description	Auth
POST	`/search/`	Search carriers by business criteria	Session
POST	`/match-carriers-detailed/`	Detailed carrier matching with scoring	Session
POST	`/similar-businesses/`	Find similar businesses	Session
POST	`/jurisdictions/`	Get available jurisdictions	Session
POST	`/product-lines/`	Get available product lines	Session

Business Classification

Method	Route	Description	Auth
POST	`/classify/`	Classify business using AI	None
POST	`/scan/`	Scan business website for recommendations	Session

Client Management (Chrome Extension)

Method	Route	Description	Auth
POST	`/clients/`	Save prospect	Auth0 JWT
GET	`/clients/`	List prospects	Auth0 JWT
PATCH	`/clients/<id>/`	Update prospect	Auth0 JWT
POST	`/clients/accept-terms/`	Record T&C acceptance	Auth0 JWT
GET	`/clients/terms-status/`	Check T&C status	Auth0 JWT
GET	`/clients/search-prospects/`	Search prospects	Auth0 JWT
GET	`/clients/check-duplicate/`	Check for duplicates	Auth0 JWT

MCP v2 (Multi-tenant API)

Base: /api/v2/mcp/

Auth: API Key (Authorization: Bearer osk_xxx...)

Clients

Method	Route	Description	Scope
POST	`/clients/`	Create client	Write
GET	`/clients/<uuid>/`	Get client	Read
GET	`/clients/list/`	List clients	Read
PATCH	`/clients/<uuid>/update/`	Update client	Write

Policies

Method	Route	Description	Scope
POST	`/policies/`	Create policy	Write
GET	`/policies/<uuid>/`	Get policy	Read
GET	`/policies/list/`	List policies	Read
PATCH	`/policies/<uuid>/update/`	Update policy	Write

Utilities

Method	Route	Description
GET	`/database/connection/`	Get DB connection string
POST	`/validate-key/`	Validate API key

Team Collaboration

Base: /api/team/

Method	Route	Description	Auth
GET	`/workspace/`	Get workspace info	Session
POST	`/invite/`	Send team invitation	Session (Admin)
GET	`/members/`	List team members	Session
PATCH	`/members/<id>/`	Update member role	Session (Owner)
DELETE	`/members/<id>/`	Remove member	Session (Admin)
GET	`/invitations/`	List pending invitations	Session (Admin)
POST	`/invitations/<id>/accept/`	Accept invitation	Token
POST	`/invitations/<id>/revoke/`	Revoke invitation	Session (Admin)
POST	`/invitations/<id>/resend/`	Resend invitation	Session (Admin)

Settings

Base: /api/v2/settings/

API Keys

Method	Route	Description	Auth
POST	`/api-keys/`	Create API key	Session
GET	`/api-keys/list/`	List API keys	Session
DELETE	`/api-keys/<id>/`	Revoke API key	Session

Database Connection

Method	Route	Description	Auth
POST	`/database/`	Save DB connection	Session
GET	`/database/get/`	Get DB connection	Session
POST	`/database/test/`	Test DB connection	Session

Rule Studio

Base: /api/rules/

Method	Route	Description	Auth
GET	`/rules/`	List rules	Session
GET	`/rules/<id>/`	Get rule	Session
POST	`/rules/`	Create rule	Session
PATCH	`/rules/<id>/`	Update rule	Session
DELETE	`/rules/<id>/`	Delete rule	Session
POST	`/rules/simulate/`	Simulate rule	Session
POST	`/rules/<id>/execute/`	Execute rule	Session

Connectors

Base: /api/v1/connectors/

Email

Method	Route	Description	Auth
POST	`/email/send/`	Send email	Session
GET	`/email/templates/`	List templates	Session
GET	`/email/logs/`	Get email logs	Session

LLM Adapter (BYOK)

Method	Route	Description	Auth
POST	`/llm-adaptor/keys`	Save LLM API key	Session
GET	`/llm-adaptor/keys`	Get key status	Session
DELETE	`/llm-adaptor/keys/<provider>`	Delete key	Session
POST	`/llm-adaptor/test`	Test LLM connection	Session

Rate Limits

Some endpoints are rate limited to prevent abuse:

Endpoint	Limit
`/signup/`	5 per hour
`/invite/`	10 per hour
`/resend-code/`	Rate limited

Rate limit headers are included in responses:

X-RateLimit-Limit: 100
X-RateLimit-Remaining: 95
X-RateLimit-Reset: 1704067200

Errors

Standard HTTP status codes. Error responses include a message:

json

{
  "error": {
    "code": "invalid_api_key",
    "message": "The API key provided is invalid or expired."
  }
}

Code	Meaning
400	Bad request — check your parameters
401	Unauthorized — invalid or missing auth
403	Forbidden — insufficient permissions
404	Not found — resource doesn't exist
429	Too many requests — rate limited
500	Server error — try again

Need Help?

Connect to MCP — Full setup guide
Database Schema — See the data model
Email: [email protected]

API Reference ​

Authentication Types ​

Authentication ​

MarketFinder ​

Carrier Discovery ​

Intelligent Search ​

Business Classification ​

Client Management (Chrome Extension) ​

MCP v2 (Multi-tenant API) ​

Clients ​

Policies ​

Utilities ​

Team Collaboration ​

Settings ​

API Keys ​

Database Connection ​

Rule Studio ​

Connectors ​

Email ​

LLM Adapter (BYOK) ​

Rate Limits ​

Errors ​

Need Help? ​