Introduction

What is the Exona API?

The Exona API gives insurers direct, programmatic access to the same risk intelligence that powers the Exona platform. Submit a company name and website; receive a fully enriched risk profile including business intelligence, an AI risk rating across nine dimensions, and matched historical incidents: all in a single, stable JSON response.

The API is designed for insurer back-office systems, automated underwriting pipelines, and data integration workflows.

Base URL

All API requests are made to:

https://platform.exonalab.com/api/v1

Two-call model

The Exona API follows a simple asynchronous pattern. Risk scans typically take 30–120 seconds because they involve live web research and multi-step AI analysis. Rather than blocking your HTTP connection, you create a scan and poll for the result.

POST /v1/scans          → { "id": "scn_...", "status": "processing" }
GET  /v1/scans/{id}     → { "status": "completed", "result": { ... } }

That is the entire public surface of the API. There are no webhooks, no batch queues, and no internal concepts to learn.

Environments

The same endpoint serves both environments. Your API key determines which environment your requests run in. Sandbox requests return realistic but synthetic data: no external services are called and there is no cost impact.

Response format

Every response is JSON. Every successful response has a predictable top-level shape. Every error response follows the same error envelope: see Errors.

Versioning

The current API version is v1. The version is part of the URL path (/api/v1/). We will never make breaking changes to v1 without providing a migration path and a minimum 90-day deprecation notice. Non-breaking additions (new optional fields) may be made at any time.