API docs by Redocly

Slingshot Public API (1.0.0)

Download OpenAPI specification:

License: LicenseRef-Proprietary

The Slingshot Public API (v1) provides programmatic access to underwriting cases, documents, exports, and lines of business.

Authentication

All endpoints require OAuth 2.0 client credentials. Obtain an access token from the token endpoint and include it as a Bearer token:

Authorization: Bearer <access_token>

JSON:API Envelope

All request and response bodies follow JSON:API 1.1 conventions:

  • Single resources are wrapped in a { data: { type, id, attributes } } object.
  • Resource collections are wrapped in a { data: [...] } array.
  • Errors are returned as { errors: [...] }.

Pagination

List endpoints use cursor-based pagination. Pass page[size] to control page size (default 20, max 100) and page[cursor] from the previous response's links.next to advance through pages. When links.next is absent the final page has been reached.

Rate Limits

All endpoints are rate-limited per API credential:

  • 1,000 requests per 60-second window per credential (default)
  • Remaining quota is returned in X-RateLimit-Remaining on every response
  • When the limit is exceeded, 429 Too Many Requests is returned
  • Retry-After in the response indicates when the window resets (seconds)

Export Async Pattern

Exports are generated asynchronously. The workflow is:

  1. POST /v1/exports/{type} — submit an export request → 202 Accepted, status pending.
  2. Poll GET /v1/exports/{type}/{id} until attributes.status is ready or failed.
  3. GET /v1/exports/{type}/{id}/download — fetch the pre-signed download URL.

Cases

Underwriting case management.

List cases

Returns a paginated list of underwriting cases belonging to the caller's organization. Results are ordered by createdAt descending.

Authorizations:
oauth2ClientCredentials
query Parameters
page[cursor]
string

Opaque cursor string from a previous response's links.next. Omit to start from the first page.

page[size]
integer [ 1 .. 100 ]
Default: 20

Number of items per page (default 20, max 100).

filter[lobId]
string <uuid>

Filter cases by Line of Business UUID.

filter[phase]
string (CasePhase)
Enum: "intake" "clearance" "required_info" "analysis" "terms_conditions" "quote"

Filter cases by workflow phase.

filter[outcome]
string (CaseOutcome)
Enum: "active" "declined"

Filter cases by outcome status.

Responses

Response samples

Content type
application/vnd.api+json
{
  • "data": [
    ],
  • "links": {},
  • "meta": {
    }
}

Create a case

Creates a new underwriting case and links the provided documents to it. All documents must be in ready status and must not already belong to another case. The operation is atomic — either all documents are linked or none are.

Authorizations:
oauth2ClientCredentials
Request Body schema: application/vnd.api+json
required
required
object

Responses

Request samples

Content type
application/vnd.api+json
{
  • "data": {
    }
}

Response samples

Content type
application/vnd.api+json
{
  • "data": {
    }
}

Get a case

Returns a single case by ID with all related data.

Authorizations:
oauth2ClientCredentials
path Parameters
id
required
string <uuid>

UUID of the resource.

Responses

Response samples

Content type
application/vnd.api+json
{
  • "data": {
    }
}

Update a case

Partially updates a case. Only the fields present in attributes are modified — absent fields retain their existing values (JSON:API sparse fieldsets semantics).

Permitted updates: phase, outcome, broker.

Setting broker to null removes it. When provided as an object, company is required.

Authorizations:
oauth2ClientCredentials
path Parameters
id
required
string <uuid>

UUID of the resource.

Request Body schema: application/vnd.api+json
required
required
object

Responses

Request samples

Content type
application/vnd.api+json
{
  • "data": {
    }
}

Response samples

Content type
application/vnd.api+json
{
  • "data": {
    }
}

List available actions for a case

Returns the set of workflow actions currently available for a case. The available actions depend on the case's current phase and outcome. Clients should use this list to determine which controls to render — do not hard-code phase transitions.

Actions are returned as a JSON:API resource collection of type case-actions.

Authorizations:
oauth2ClientCredentials
path Parameters
id
required
string <uuid>

UUID of the resource.

query Parameters
filter[actionType]
string (CaseActionType)
Enum: "advance_phase" "revert_phase" "set_outcome"

Filter actions by type.

Responses

Response samples

Content type
application/vnd.api+json
{
  • "data": [
    ]
}

Documents

Document upload, retrieval, and download.

Initiate a document upload

Requests a pre-signed S3 URL for direct client-to-storage upload. After receiving the URL, the client uploads the file directly to S3 using the provided headers, then calls GET /v1/documents/{id} to confirm completion.

Maximum file size: 50 MB (52,428,800 bytes).

Authorizations:
oauth2ClientCredentials
Request Body schema: application/vnd.api+json
required
required
object

Responses

Request samples

Content type
application/vnd.api+json
{
  • "data": {
    }
}

Response samples

Content type
application/vnd.api+json
{
  • "data": {
    }
}

List documents

Returns a paginated list of documents belonging to the caller's organization. Results are ordered by uploadedAt descending.

Authorizations:
oauth2ClientCredentials
query Parameters
page[cursor]
string

Opaque cursor string from a previous response's links.next. Omit to start from the first page.

page[size]
integer [ 1 .. 100 ]
Default: 20

Number of items per page (default 20, max 100).

filter[caseId]
string <uuid>

Filter documents by case UUID.

filter[status]
string (DocumentStatus)
Enum: "uploading" "ready" "processing" "failed"

Filter documents by upload status.

Responses

Response samples

Content type
application/vnd.api+json
{
  • "data": [
    ],
  • "links": {},
  • "meta": {
    }
}

Confirm document upload complete

Signals that the client has successfully PUT the file to the S3 pre-signed URL returned by POST /v1/documents. Transitions the document from uploading to processing and enqueues the document-processing workflow.

The document must be linked to a case (caseId set) before confirmation is possible. If the document was uploaded without a case, link it to a case first via POST /v1/cases, then call this endpoint.

Idempotent: If the document is already ready, returns the current state without re-triggering processing.

Authorizations:
oauth2ClientCredentials
path Parameters
id
required
string <uuid>

UUID of the resource.

Request Body schema: application/vnd.api+json
required
required
object

Responses

Request samples

Content type
application/vnd.api+json
{
  • "data": {
    }
}

Response samples

Content type
application/vnd.api+json
{
  • "data": {
    }
}

Get a document

Returns a single document by ID including its current upload and processing status. Poll this endpoint after calling PATCH /v1/documents/{id} to confirm upload until attributes.status is ready or failed. Recommended polling interval: 2–5 seconds.

Authorizations:
oauth2ClientCredentials
path Parameters
id
required
string <uuid>

UUID of the resource.

Responses

Response samples

Content type
application/vnd.api+json
{
  • "data": {
    }
}

Get a document download URL

Returns a short-lived pre-signed URL to download the raw document file from storage. The URL expires after 60 minutes.

Authorizations:
oauth2ClientCredentials
path Parameters
id
required
string <uuid>

UUID of the resource.

Responses

Response samples

Content type
application/vnd.api+json
{
  • "data": {
    }
}

Exports

Async export generation and download.

Request an export

Submits an export generation request and returns immediately with 202 Accepted. The export is generated asynchronously.

Idempotency: If an export with matching content already exists (same case, same type, same content hash), the existing export is returned rather than creating a duplicate.

Poll GET /v1/exports/{type}/{id} until attributes.status is ready or failed. Once ready, download via GET /v1/exports/{type}/{id}/download.

Authorizations:
oauth2ClientCredentials
path Parameters
type
required
string (ExportType)
Value: "narrative"

Export type identifier.

Request Body schema: application/vnd.api+json
required
required
object

Responses

Request samples

Content type
application/vnd.api+json
{
  • "data": {
    }
}

Response samples

Content type
application/vnd.api+json
{
  • "data": {
    }
}

List exports

Returns a paginated list of exports for the caller's organization, optionally filtered by case. Results are ordered by createdAt descending.

Authorizations:
oauth2ClientCredentials
path Parameters
type
required
string (ExportType)
Value: "narrative"

Export type identifier.

query Parameters
page[cursor]
string

Opaque cursor string from a previous response's links.next. Omit to start from the first page.

page[size]
integer [ 1 .. 100 ]
Default: 20

Number of items per page (default 20, max 100).

filter[caseId]
string <uuid>

Filter exports by case UUID.

filter[status]
string (ExportStatus)
Enum: "pending" "ready" "failed"

Filter exports by generation status.

Responses

Response samples

Content type
application/vnd.api+json
{
  • "data": [
    ],
  • "links": {},
  • "meta": {
    }
}

Poll export status

Returns the current status of an export. Poll this endpoint after POST /v1/exports/{type} until attributes.status is ready or failed. Recommended polling interval: 2–5 seconds.

Authorizations:
oauth2ClientCredentials
path Parameters
type
required
string (ExportType)
Value: "narrative"

Export type identifier.

id
required
string <uuid>

UUID of the resource.

Responses

Response samples

Content type
application/vnd.api+json
{
  • "data": {
    }
}

Get an export download URL

Returns a short-lived pre-signed URL to download the generated export file. Only available when attributes.status is ready. The URL expires after 60 minutes.

Authorizations:
oauth2ClientCredentials
path Parameters
type
required
string (ExportType)
Value: "narrative"

Export type identifier.

id
required
string <uuid>

UUID of the resource.

Responses

Response samples

Content type
application/vnd.api+json
{
  • "data": {
    }
}

Lines of Business

Lines of Business configured for an organization.

List lines of business

Returns all Lines of Business configured for the caller's organization. This list is typically small (< 10 items) and is not paginated.

Authorizations:
oauth2ClientCredentials

Responses

Response samples

Content type
application/vnd.api+json
{
  • "data": [
    ]
}

Get a line of business

Returns a single Line of Business by ID.

Authorizations:
oauth2ClientCredentials
path Parameters
id
required
string <uuid>

UUID of the resource.

Responses

Response samples

Content type
application/vnd.api+json
{
  • "data": {
    }
}