Customer Portal & Mobile App — Host-to-Host Integration

Purpose of Host-to-Host

Enable customers to view policies, download e‑documents, pay bills, and track claims in real time.
Provide embedded journeys in bank/partner apps using SSO + consented data sharing.
Offer instant eligibility checks (e.g., health providers) and digital cards for cashless access.

Core Data Objects

Identity & Consent: user profile, KYC status, device binding, consent scopes & timestamps
Policies & Benefits: policy header, coverages, limits, e‑cards, renewal dates
Claims: claim header, tasks, documents, status, payments
Billing: invoices, payment methods (auto‑debit/card/VA), receipts
Providers: provider directory, benefit eligibility results
Communications: inbox, notifications (push/WA/SMS/email), attachments
Events: login, consentGranted, policyDownloaded, fnolSubmitted, paymentSuccess, ticketOpened

Example API Endpoints

GET /auth/sso/start
Initiate OIDC SSO (PKCE) when embedded in partner app

POST /auth/token/refresh
Refresh short‑lived tokens; rotate keys

GET /customer/policies
List policies & renewal info scoped to logged‑in user

GET /policies/{id}/documents
Download e‑policy, invoices, schedules

POST /claims
Create FNOL with photos, geotag, and contact

GET /claims/{id}/status
Timeline of tasks and settlement progress

POST /payments/initiate
Pay invoice (auto‑debit/card/VA); return redirect/OTP

POST /payments/notify
Bank/PG callback for payment result

GET /providers/eligibility
Check benefit eligibility at selected provider

POST /support/tickets
Open service ticket with attachments

Sample FNOL Request

POST /claims
{
  "policyNo":"POL-2025-009812",
  "type":"MOTOR",
  "lossDate":"2025-08-12T10:22:00+07:00",
  "location":{"lat":-6.200, "lng":106.816},
  "photos":["base64:image1","base64:image2"]
}

Reference Flows

SSO & Device Binding

Partner app launches /auth/sso/start (OIDC + PKCE)
Consent captured; device bound to user
Short‑lived JWT returned; refresh via /auth/token/refresh

Digital Policy & e‑Documents

User views policy list → selects policy
Downloads e‑policy/CoC/invoice with access logs
Optional watermarks + anti‑sharing tokens

Start a Claim

User posts FNOL with photos & geotag
System validates coverage & opens claim
Push notification confirms claim number

Pay a Bill

User chooses method → /payments/initiate
Bank/PG handles OTP → /payments/notify
Receipt & policy status updated instantly

Provider Eligibility (Health)

User selects provider → /providers/eligibility
Result shows coverage, copay, limits
Show digital member card for cashless access

Security & Controls

mTLS for server‑to‑server; OAuth2/OIDC for user auth; short‑TTL JWTs; PKCE.
PII encryption, masking, and signed URL for document downloads.
Device binding, biometrics, and step‑up auth for high‑risk actions.
Consent registry with purpose/expiry; GDPR‑style rights (export/delete).
Idempotency, replay protection, and rate limiting.

Monitoring & Audit

Login & session metrics; drop‑off funnels for key journeys.
Notification delivery/open rates; payment success rates.
Audit logs for document downloads, FNOL creation, and updates.

What You Get

OpenAPI + SDKs (Web/iOS/Android) and sample UI components.
SSO configuration guide (OIDC) and consent templates.
Push/WhatsApp/SMS templates and callback examples.
Reference pages: Policy List, Claim Timeline, Billing, Provider Finder.
Annual maintenance incl. change requests; on‑prem or cloud.