To start building an application using the Zywave API, you first must register your application through the Zywave admin tool. If you don't have access, contact your primary contact at Zywave and let them know you're interested in creating an application using Zywave APIs.
Click Registered Apps > Add application, then fill out the required information. Make sure you pay careful attention to the following.
This automatically generated value is important for authentication with OAuth 2.0 and should be stored in a secure location. Once this value has been saved, it can't be accessed again from Zywave. If this value is ever lost, you will need to generate or provide a new value and save the the changes.
These values dictate the method or methods your application will use to retrieve access tokens from IdentityServer. Consult the documentation for the particular library or framework you use for OAuth to determine which works best for your application.
These values determine what data your application may access and when operations it may perform on the data. Consult the specification for the particular Zywave API endpoint you intend to use in order to determine which values to set.
Scopes are related to the data your registered app is trying to access, which is often correlated to specific API endpoints. Below is a list of API endpoints and their related scopes.
|Accounts and contacts
|Commercial benchmark policy
|Group benefit quoting
The below scopes are standard, OpenID Connect scopes. The descriptions are sourced from the OpenID Connect specification.
|This scope value requests access to the End-User's default profile Claims, which are: name, family_name, given_name, middle_name, nickname, preferred_username, profile, picture, website, gender, birthdate, zoneinfo, locale, and updated_at.
|This scope value requests access to the email and email_verified Claims.
|This scope value requests access to the phone_number and phone_number_verified Claims.
|This scope value requests access to the address Claim.
|This scope value requests that an OAuth 2.0 Refresh Token be issued that can be used to obtain an Access Token that grants access to the End-User's UserInfo Endpoint even when the End-User is not present (not logged in).