Insurance Broker Rating-Exchange Integration

What the work had to solve.

1. № 01

   Legacy broker workflows on a third-party rating exchange

   Brokers rate, quote, and bind SME and Commercial Motor Vehicle policies through a third-party broker rating exchange. The insurer's policy administration platform needs to call into the exchange mid-session and receive callbacks when brokers finish.

2. № 02

   Bidirectional control flow with no single initiator

   Some flows are insurer-initiated (the platform asks the exchange what action the broker should take next). Others are exchange-initiated (the exchange pushes commit / rollback events back when a broker exits the UI). Both directions must coexist on the same session.

3. № 03

   Protocol and format mediation

   The insurer platform speaks REST + JSON. The exchange speaks SOAP-style XML over HTTP POST. Every flow needs JSON↔XML transformation and, on the GET-and-PUT flows, HTTP verb mediation as well.

4. № 04

   Session continuity across separate calls

   A broker session spans multiple API hops - retrieve → broker UI work → store → finish rating. The same sessionId must remain coherent for up to 24 hours with the rating context preserved end-to-end.

5. № 05

   Two distinct auth domains

   OAuth tokens must be brokered separately for the insurer estate and for the third-party rating exchange - with no token leakage across boundaries.

6. № 06

   Public-internet exposure for inbound flows

   Exchange-initiated callbacks (commit / rollback / risk data) traverse the public internet and must be terminated through a Web Application Firewall plus an external API gateway before reaching MuleSoft.

7. № 07

   Resilience and orphan prevention

   A failed store leaves a job that does not match the exchange's view - needs exponential-backoff retries and a clear orphan-notification path back to the broker.

How it was built.

1. Pillar 01

   Four core integration patterns (A1–A4)

   Covering both directions: insurer-initiated GET (retrieve), insurer-initiated PUT (store), exchange-initiated PUSH (commit / rollback), and exchange-initiated GET trigger (risk data).

2. Pillar 02

   Dual-app MuleSoft topology

   Outbound API (insurer → exchange) hosts A1 + A2; Inbound API (exchange → insurer) hosts A3 + A4. Cleanly separated by direction so each app has a single responsibility.

3. Pillar 03

   Layered gateway strategy

   Internal Flex Gateway proxy for insurer-initiated traffic; Web Application Firewall + external API gateway for exchange-initiated traffic. Different policy bundles per side.

4. Pillar 04

   Token brokering across two OAuth domains

   Separate identity providers per side (insurer estate, insurer-platform callbacks, exchange). Tokens cached and reused per session to avoid unnecessary round-trips.

5. Pillar 05

   Session persistence via Object Store

   sessionId-keyed cache, 24h TTL, region-pinned in ap-southeast-2, AWS IAM auth. retrieve writes the rating context; store reads it back and overlays insurer fields.

6. Pillar 06

   CloudHub 2.0 runtime

   Mule Runtime 4.10 on Java 17 LTS, 2× small workers (0.1 vCore) per app, auto-scale at CPU > 80% / Memory > 85%, blue-green deployment for zero-downtime cutovers.

7. Pillar 07

   Resilience pattern A5 - Binary Exponential Backoff

   Up to 5 retries with exponential delay for store failures. If retries are exhausted, the broker is notified and the transaction is flagged as orphaned in the insurer platform.

The flows we wired.

1. 01

   retrieve

   A1

   Insurer asks the exchange what action the broker should take next mid-session. Sub-second sync GET → POST mediation → response cached in the session store for downstream operations.

2. 02

   store

   A2

   After the broker exits the rating UI, the insurer sends the final policy state back into the exchange. PUT → POST mediation; reads cached retrieve context, overlays insurer fields, supports OK / CANCEL / ERROR ReturnCodes.

3. 03

   commit / rollback

   A3

   Exchange pushes session completion into the insurer. POST XML → MuleSoft → PATCH insurer commit (with policy data) or rollback (no payload).

4. 04

   risk data

   A4

   Exchange triggers MuleSoft to GET risk data (instalment information etc.) from the insurer and return it. Same inbound entry path as commit / rollback but the insurer is the data source.

Repeatable building blocks.

The discipline behind the delivery.

• API-led pattern with clear System API stereotype on both MuleSoft apps.

• Global error strategy returning canonical XML ResponseTransaction envelopes (ReturnCode = OK | CANCEL | ERROR + UserInfo / Diagnostics for ERROR).

• Correlation IDs propagated end-to-end across every gateway and downstream system.

• Token caching to avoid identity-provider round-trips per call (reuse unexpired exchange token across retrieve → store within a session).

• Configuration externalised per environment (DEV / TEST / UAT / PROD endpoints for both insurer and exchange sides).

• Rate limiting plus custom JTI validation and JWT audience / custom-claim validation enforced at the Flex Gateway proxy.

• MUnit coverage plus contract testing in CI; blue-green deployments to remove downtime risk on production cutovers.

What it runs on.

Integration platform

MuleSoft Anypoint Platform - CloudHub 2.0

Runtime

Mule Runtime 4.10, Java 17 LTS

API specifications

RAML, OpenAPI Specification (OAS)

API gateways

Anypoint Flex Gateway (internal); Web Application Firewall + External API Gateway (exchange-initiated)

Session cache

MuleSoft Object Store v2 (region-pinned, IAM auth)

Identity providers

Three OAuth 2.0 domains - insurer estate, insurer-platform callbacks, exchange side

Policy administration

Policy administration platform

Broker rating exchange

Third-party broker rating exchange

Broker UI

Rating UI (callback mode)

Deployment model

2× small workers (0.1 vCore) per app, auto-scale CPU > 80% / Memory > 85%, blue-green