> ## Documentation Index
> Fetch the complete documentation index at: https://docs.aiinsurance.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Create Basic Policy

> Creates a new basic policy. The request body is a flat object of
company-configured fields plus a nested `exposures` array.

Each exposure's `id` (and the top-level `primaryInsured`) must
reference an existing exposure record — create exposures first via
the [Exposures API](/api-v1-reference/exposures/overview).

Additional company-configured fields (custom text, number, option-set,
or object fields) may be included alongside the required fields below.

**Required permission:** `company.policy:create`




## OpenAPI

````yaml /openapi/generated-external-api.yaml post /api/v1/external/companies/{companyId}/policies
openapi: 3.0.3
info:
  title: AI Insurance External API
  description: External API for AI Insurance platform
  version: 1.0.0
  contact:
    email: support@aiinsurance.io
servers:
  - url: https://app.aiinsurance.io
    description: Production
security:
  - ApiKeyAuth: []
paths:
  /api/v1/external/companies/{companyId}/policies:
    post:
      tags:
        - Basic Policies
      summary: Create Basic Policy
      description: |
        Creates a new basic policy. The request body is a flat object of
        company-configured fields plus a nested `exposures` array.

        Each exposure's `id` (and the top-level `primaryInsured`) must
        reference an existing exposure record — create exposures first via
        the [Exposures API](/api-v1-reference/exposures/overview).

        Additional company-configured fields (custom text, number, option-set,
        or object fields) may be included alongside the required fields below.

        **Required permission:** `company.policy:create`
      operationId: createBasicPolicy
      parameters:
        - $ref: '#/components/parameters/companyId'
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              additionalProperties: true
              required:
                - policyNumber
                - policyStartDate
                - policyEndDate
                - policyType
                - policyTimeZone
                - primaryInsured
                - exposures
              properties:
                policyNumber:
                  type: string
                  description: Unique policy number within the company.
                policyStartDate:
                  type: object
                  description: Policy term start date.
                  required:
                    - date
                    - timezone
                  properties:
                    date:
                      type: string
                      description: Date in `YYYY-MM-DD` form.
                    timezone:
                      type: string
                      description: IANA timezone identifier (e.g., `America/New_York`).
                policyEndDate:
                  type: object
                  description: Policy term end date.
                  required:
                    - date
                    - timezone
                  properties:
                    date:
                      type: string
                    timezone:
                      type: string
                policyEffectiveDate:
                  type: object
                  description: Policy effective date (usually same as start date).
                  required:
                    - date
                    - timezone
                  properties:
                    date:
                      type: string
                    timezone:
                      type: string
                policyType:
                  type: string
                  description: >-
                    Policy type — must be one of the option-set values
                    configured for your company. Retrieve available values via
                    `GET /policies/configuration`.
                policyTimeZone:
                  type: string
                  description: IANA timezone the policy operates in.
                primaryInsured:
                  type: string
                  format: uuid
                  description: >-
                    UUID of the primary exposure — must appear as an `id` in the
                    `exposures` array and correspond to an existing exposure
                    record.
                exposures:
                  type: array
                  description: >-
                    Exposures on the policy. Each must reference an existing
                    exposure record by `id`.
                  items:
                    type: object
                    additionalProperties: true
                    required:
                      - id
                    properties:
                      id:
                        type: string
                        format: uuid
                        description: Existing exposure record UUID.
                      exposureName:
                        type: string
                      exposureType:
                        type: string
            examples:
              basicPolicy:
                summary: Create a basic policy
                value:
                  policyNumber: POL-2026-0001
                  policyStartDate:
                    date: '2026-01-01'
                    timezone: America/New_York
                  policyEndDate:
                    date: '2027-01-01'
                    timezone: America/New_York
                  policyEffectiveDate:
                    date: '2026-01-01'
                    timezone: America/New_York
                  policyType: generalLiability
                  policyTimeZone: America/New_York
                  primaryInsured: 550e8400-e29b-41d4-a716-446655440010
                  exposures:
                    - id: 550e8400-e29b-41d4-a716-446655440010
                      exposureName: Acme Corporation
                      exposureType: business
      responses:
        '201':
          description: Policy created
          content:
            application/json:
              schema:
                type: object
                required:
                  - id
                properties:
                  id:
                    type: string
                    format: uuid
                    description: Newly created policy ID
              examples:
                success:
                  summary: Policy created successfully
                  value:
                    id: 550e8400-e29b-41d4-a716-446655440001
        '400':
          description: >-
            Validation error (e.g., duplicate policy number, missing exposure,
            unknown field)
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
              examples:
                duplicatePolicyNumber:
                  summary: Policy number already in use
                  value:
                    error:
                      code: DuplicatePolicyNumber
                      message: A policy with number 'POL-2026-0001' already exists
                missingExposure:
                  summary: Exposure does not exist in insureds
                  value:
                    error:
                      code: InvalidFieldModelV1Data
                      message: >-
                        Exposure(s) '550e8400-e29b-41d4-a716-446655440099' do
                        not exist
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
        '500':
          $ref: '#/components/responses/InternalServerError'
components:
  parameters:
    companyId:
      name: companyId
      in: path
      required: true
      schema:
        type: string
        format: uuid
      description: Company identifier
  schemas:
    ErrorResponse:
      type: object
      description: Standard error response for all external API endpoints
      required:
        - error
      properties:
        error:
          type: object
          required:
            - code
            - message
          properties:
            code:
              type: string
              description: Machine-readable error code
              example: VALIDATION_ERROR
            message:
              type: string
              description: Human-readable error message
              example: 'submissionId: Required field is missing'
            details:
              type: array
              description: Additional details for validation errors (field-level errors)
              items:
                type: object
                properties:
                  field:
                    type: string
                    description: The field that caused the error
                    example: submissionId
                  message:
                    type: string
                    description: Description of the field error
                    example: Required field is missing
  responses:
    Unauthorized:
      description: Unauthorized - Invalid or missing API key
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
          examples:
            missingApiKey:
              summary: Missing API key
              value:
                error:
                  code: UNAUTHORIZED
                  message: Authorization header is required
            bearerTokenNotAllowed:
              summary: Bearer token used instead of API key
              value:
                error:
                  code: UNAUTHORIZED
                  message: External API endpoints require API key authentication
    Forbidden:
      description: Forbidden - Insufficient permissions
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
          examples:
            insufficientPermissions:
              summary: Insufficient permissions
              value:
                error:
                  code: FORBIDDEN
                  message: Insufficient permissions to perform this action
    InternalServerError:
      description: Internal Server Error - Unexpected error occurred
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
          examples:
            internalError:
              summary: Unexpected server error
              value:
                error:
                  code: INTERNAL_ERROR
                  message: An unexpected error occurred. Please try again later.
  securitySchemes:
    ApiKeyAuth:
      type: apiKey
      in: header
      name: Authorization
      description: >-
        API key authentication. Include your API key in the Authorization
        header.

````