User Journeys 3 min read
Insurance Quotation does not have a Hub-mediated consent journey — the TPP authenticates with the Client Credentials Grant and the customer interacts either with the TPP\'s own UI or with screens your LFI hosts. This page describes what your LFI hosts and when.
Your LFI hosts the customer end-to-end
In LFI-Led mode, the TPP creates the quote and (on acceptance) hands the customer to your LFI to complete the application. Your LFI is responsible for the customer-facing screens from acceptance through to policy issuance. The TPP\'s only customer touchpoint after acceptance is the document delivery you push back via the quote-log.
Screens your LFI hosts
- Quote summary — confirms the quote details (sums insured, premium, coverage period, exclusions) before the customer commits.
- Customer verification (KYC) — Emirates ID capture, address confirmation, and any additional declarations required for underwriting.
- Payment — premium collection through your LFI\'s payment provider (card, wallet, or direct debit, as supported).
- Confirmation — on successful issuance, an in-LFI confirmation screen that hands the customer back to the originating TPP (typically via a return URL the TPP supplied on quote creation).
Status emission
At each transition (KYC submitted, payment confirmed, policy issued), emit the matching quote-log status via PATCH /insurance-quote-log/{logId} so the TPP — and any subscribed webhook — sees the lifecycle progress. The TPP uses these events to update its own customer-facing UI in parallel.
The TPP hosts the customer; your LFI hosts only the payment page
In TPP-Led mode, the TPP collects KYC in its own UI and submits it to your LFI via PATCH on the quote. Your LFI\'s only hosted screen is the payment page — delivered to the TPP as a BrokerInstructions.Url on the ApplicationApproved event, then surfaced to the customer by the TPP as a redirect.
Payment page requirements
- Branded as LFI — the customer must clearly see they are paying the insurer, not the TPP.
- Single-use URL — the URL MUST be invalidated after first redemption or after a reasonable session window (15–30 minutes). The TPP MUST NOT cache or replay it.
- Return handling — on payment success or cancellation, return the customer to a destination the TPP specified when subscribing to events. The customer\'s status thereafter is observable to the TPP via subsequent quote-log events (
PolicyIssued,CustomerCancelled, etc.). - No KYC capture — KYC has already been collected by the TPP and accepted by the LFI before the payment URL is issued. The payment page MUST NOT re-prompt for it.
Document delivery
Once the policy is issued, your LFI MUST NOT email or post documents to the customer directly in TPP-Led mode — the TPP becomes the document delivery channel. Attach all policy documents (Policy Booklet, Terms & Conditions, IPID, etc.) as base64-encoded Documents entries on the PolicyIssued quote-log event, with SHA-256 hashes for integrity verification. The TPP surfaces them to the customer in its own UI.
Which screens does each mode host?
| Screen / responsibility | LFI-Led | TPP-Led |
|---|---|---|
| Quote summary & acceptance | LFI | TPP |
| Customer verification (KYC) | LFI | TPP |
| Premium payment | LFI | LFI (via redirect from TPP) |
| Policy document delivery | LFI (direct to customer) | TPP (via Documents on PolicyIssued event) |
| Post-issuance customer support | LFI | LFI (per standard insurance regulatory obligations) |