API Reference
Four partner-facing services
Gooclaim exposes four services to TPA and Insurer partners. All other Gooclaim services are internal and not callable from outside.
The four services
Auth Service
Issues JWTs for all subsequent API calls. RS256-signed, short-lived.
Workflow Engine
Inspect, control, and observe workflow instances (Claim Status, Pending Documents, Query Reason).
Audit Ledger
Tenant-scoped read access to the immutable audit ledger. For your own IRDAI compliance reporting.
Outbound Webhooks
Event schemas for the webhooks Gooclaim pushes to you.
Base URLs
All business endpoints are mounted under /v1/*. Infrastructure endpoints
(/health, /ready, /metrics) stay at the root and are not part of
the partner API contract.
Conventions
- Auth —
Authorization: Bearer <JWT>on every request exceptPOST /v1/auth/token. - Tenant scoping — your JWT carries
tenant_id. Every response is filtered to your tenant. You cannot read another tenant’s data. - PHI safety — claim IDs, phone numbers, and names are hashed
(
sha256:...) in any returned payload. If you need to correlate back to a plaintext identifier, do that in your own system. - Errors — RFC 7807 problem-detail JSON, with a stable
error_codestring. - Idempotency — mutating endpoints accept
Idempotency-Keyheaders.
Rate limits
Exceeding the limit returns 429 Too Many Requests with a Retry-After
header.
Need help?
- Support — support@gooclaim.com
- Status — status.gooclaim.com