K2 Docs

Appearance

Partner Portal

The Partner Portal is your central hub for managing the credentials required to integrate with K2 Cyber's API:

  • Integration Keys - Required for API authentication via x-integration-key header
  • M2M Clients - OAuth 2.0 clients for generating bearer tokens
  • Webhook Keys - Registration tokens for Webhook Portal access

Environments

EnvironmentPartner Portal URLAPI Base URL
Sandboxhttps://partners-sandbox.k2cyber.cohttps://api-sandbox.k2cyber.co
Productionhttps://partners.k2cyber.cohttps://api.k2cyber.co

Sandbox First

Start your integration in the sandbox environment. Once validated, request production credentials to go live.

Getting Started

Registration

New partners can self-register through the portal:

  1. Visit the Partner Portal landing page
  2. Click Register
  3. Provide your organization details:
    • Company name
    • Contact name
    • Email address
    • Password
  4. Submit your registration

Your registration enters a pending status and is queued for approval by the K2 team. You'll receive an email notification when your account is approved.

First Login

Once approved:

  1. Navigate to the Partner Portal URL
  2. Enter your email and password
  3. You'll be directed to your Partner Dashboard

Partner Dashboard

The dashboard provides access to:

  • Integration Keys: Create and rotate API authentication keys
  • M2M Clients: Create and manage Machine-to-Machine OAuth clients
  • Webhook Keys: Generate registration tokens for Webhook Portal access

Managing Credentials

Every HTTP request to K2 Cyber's API must include the following headers:

  • x-integration-key: <INTEGRATION-KEY>
  • Authorization: Bearer <M2M-TOKEN>

Integration Keys

Each API request requires an Integration Key to be sent in a x-integration-key header. Each partner can have two integration keys: primary and secondary.

Create Integration Keys

  1. Navigate to Integration Keys section
  2. Click Create Primary Key or Create Secondary Key
  3. Copy the generated secret immediately
  4. Store it securely

The two-key system allows zero-downtime key rotation:

  1. Create a secondary key
  2. Deploy it to your application
  3. Verify it works
  4. Rotate the primary key
  5. Update your application to use the new primary

One-Time Display

The integration key secret is displayed only once during creation. If you lose it, you must create a new key.

M2M Clients

The K2 Cyber API uses the OAuth 2.0 Client Credentials flow for authorizing API requests. M2M Clients are used to generate bearer tokens that are required in the Authorization: Bearer <TOKEN> header.

When you create an M2M Client through the portal, you will receive a client_id and client_secret to be used by your project.

Create an M2M Client

  1. Navigate to M2M Clients section in your dashboard
  2. Click Create Client
  3. Enter a descriptive name (e.g., "Production API Client")
  4. Optionally add a description
  5. Click Create
  6. Copy both the Client ID and Client Secret immediately

One-Time Display

The client secret is displayed only once during creation. If you lose it, you must create a new M2M client.

M2M Client Properties

Each M2M client displays:

  • Client Name: Human-readable name for identification
  • Client ID: Unique identifier (format: m2m-{partnerId}-{uuid})
  • Client Description: Optional notes about the client's purpose
  • Secret Last Four: Last 4 characters of the secret for reference
  • Status: Either active or inactive
  • Created Date: When the client was created

Activate/Deactivate M2M Clients

To temporarily disable a client without deleting it:

  1. Find the client in your M2M Clients list
  2. Click the deactivate icon
  3. The client status changes to inactive

Inactive clients cannot obtain new access tokens. Existing tokens remain valid until expiry.

To reactivate:

  1. Find the inactive client
  2. Click the activate icon
  3. The client status changes to active

Webhook Keys

Webhook keys are registration tokens that allow team members to create accounts in the Webhook Portal. They are used to associate new webhook portal users with your partner organization.

Not for Signature Verification

Webhook keys are not signing secrets. The signing secrets for verifying webhook deliveries are generated separately when you create an endpoint in the Webhook Portal.

Create a Webhook Key

  1. Navigate to Webhook Keys section
  2. Click Create Key
  3. Copy the generated key immediately
  4. Share it with team members who need webhook portal access

Team members use this key during Webhook Portal registration to associate their account with your organization.

One-Time Display

The webhook key is displayed only once during creation. If you lose it, you must create a new key.

Webhook Key Status

Each webhook key has a status:

  • Active: The key is valid and can be used
  • Revoked: The key is disabled and no longer valid

Revoke/Reactivate a Webhook Key

To revoke a key:

  1. Find the key in your Webhook Keys list
  2. Click the revoke icon
  3. The key status changes to revoked

You can reactivate a revoked key if needed by clicking the reactivate icon.

Authentication Flow

For each HTTP request to any K2 Cyber API endpoint:

1. Generate a Bearer Token

bash
# Request
curl -X POST https://api.k2cyber.co/auth/token \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "client_id=<CLIENT_ID>&client_secret=<CLIENT_SECRET>&grant_type=client_credentials&scope=quote"

# Response
{
  "access_token": "eyJhbGc...",
  "token_type": "bearer",
  "expires_in": 3600
}

2. Make API Requests

Include both the integration key and the bearer token in your requests:

bash
curl -X POST https://api.k2cyber.co/quote/firstcyber/submit \
  -H "x-integration-key: <INTEGRATION-KEY>" \
  -H "Authorization: Bearer eyJhbGc..." \
  -H "Content-Type: application/json" \
  -d '{...}'

Key Management Best Practices

  • Rotate credentials regularly: Schedule quarterly rotations as part of your security hygiene
  • Secure storage: Never commit credentials to source control or store them in client-side code
  • Monitor usage: Review credential activity and immediately revoke any compromised credentials
  • Document ownership: Keep an internal record of which services use which credentials
  • Deactivate unused clients: Keep your credential list clean by deactivating clients no longer in use

Password Management

Reset Password

If you forget your password:

  1. Click Forgot Password on the login page
  2. Enter your email address
  3. Check your inbox for a password reset link
  4. Click the link and enter a new password
  5. Your password is updated immediately

Account Status

Your partner account can have these statuses:

  • Pending: Registration submitted, awaiting approval
  • Active: Account approved and operational
  • Denied: Registration denied
  • Disabled: Account temporarily disabled

Only active accounts can authenticate and use K2 APIs.

User Roles

The Partner Portal supports two roles:

  • Partner: Standard access to view and manage keys
  • Admin: Elevated access with additional privileges for team management

Contact K2 support if you need to adjust user roles or permissions.

Support & Troubleshooting

Common Issues

Can't log in after registration

  • Check your email for an approval notification
  • Verify your account status is active
  • Ensure you're using the correct email and password

Lost my integration key or M2M client secret

  • Credentials cannot be retrieved after creation
  • Generate a new credential and update your application
  • Deactivate or revoke the lost credential for security

Partner registration is pending approval

  • Registration requests are reviewed by the K2 team
  • You'll receive an email notification when approved
  • Contact support if your request has been pending more than 2 business days

Contact Support

For assistance:

  • Email: ray@k2cyber.ai
  • Include: Your partner ID, email address, and detailed description of the issue
  • Response time: Support responds during business hours (9am-6pm ET, Monday-Friday)

Getting Help

  • Documentation: Review endpoint documentation in this portal
  • API Specs: Download OpenAPI specifications for integration testing
  • Status Page: Check status.k2cyber.co for service health

Security & Compliance

The Partner Portal implements:

  • Encrypted storage: All credentials are hashed and encrypted at rest
  • HTTPS enforcement: All traffic uses TLS 1.2 or higher
  • Session management: Sessions expire after inactivity
  • Audit logging: All key operations are logged for compliance

Your use of the Partner Portal is subject to K2's Terms of Service and Privacy Policy.

Maintained by the K2 Cyber Insurance engineering team.

Copyright © 2025 K2 Insurance