Introduction

What is the Exona API?

The Exona API gives insurers direct, programmatic access to the same risk quantification engine that powers the Exona platform. Submit a company name and website; receive a complete exposure profile for the insured: firmographic data, an AI risk rating across nine rated dimensions, and matched historical loss events — all in a single, stable JSON response.

The output is designed to feed directly into rating models, underwriting workbenches, and portfolio accumulation analysis — giving carriers a consistent, quantified basis for selecting, pricing, and monitoring AI risk.

Base URL

All API requests are made to:

https://platform.exonalab.com/api/v1

Two-call model

The Exona API follows a simple asynchronous pattern. Risk scans typically take 30–120 seconds because they involve live exposure research and multi-step AI analysis of the insured. Rather than blocking your HTTP connection, you create a scan and poll for the result.

POST /v1/scans          → { "id": "scn_...", "status": "processing" }
GET  /v1/scans/{id}     → { "status": "completed", "result": { ... } }

That is the entire public surface of the API. There are no webhooks, no batch queues, and no internal concepts to learn.

Environments

The same endpoint serves both environments. Your API key determines which environment your requests run in. Sandbox requests return realistic but synthetic risk profiles — useful for testing rating-model integrations: no external services are called and there is no cost impact.

Response format

Every response is JSON. Every successful response has a predictable top-level shape. Every error response follows the same error envelope: see Errors.

Versioning

The current API version is v1. The version is part of the URL path (/api/v1/). We will never make breaking changes to v1 without providing a migration path and a minimum 90-day deprecation notice. Non-breaking additions (new optional fields) may be made at any time.