HelloSafe

Developer platform

The API to sell travel insurance inside your product

A signed conversion API, tracked deep links and S2S postback to your stack. Wire up HelloSafe travel insurance in days, without becoming an insurer.

Integration paths

Five ways to wire up HelloSafe

From a tracked link in an afternoon to a REST quote API: pick your level of integration. Same coverage, same commissions.

Live

Tracked deep links

One tracked link per piece of content or campaign, with a Sub-ID. The fastest way to start, zero code.

  • Deep links per page and per offer
  • Sub-ID per campaign, content or point of sale
  • 90-day attribution cookie, last-click
Live

Conversion postback API

Notify Atlas when an attributed sale lands or changes state. HMAC-signed request, state machine, idempotent.

  • Per-caller signed keys (HMAC-SHA256)
  • States: pending, validated, cancelled
  • Native amount: commission is computed server-side
Live

S2S postback to your stack

Send conversions back to wherever you run your business: Impact, Partnerize, Awin, Voluum, RedTrack, Everflow or a BI webhook.

  • Standard S2S connectors
  • Webhook to your BI
  • CSV export
Early access

Quote & bind REST API

Quote, compare and bind policies over an API. REST endpoints and a sandbox, in private beta.

  • Real-time multi-insurer quotes
  • Bind and issue policies via API
  • OpenAPI documentation coming
Early access

MCP server for AI agents

Expose HelloSafe as typed tools your LLM can call: search, compare, bind. In private beta.

  • Typed tools for Claude, ChatGPT and custom agents
  • Answers grounded in live data
  • Agentic checkout

The conversion API, concretely

From postback to commission, in one signed request

The conversion API is live today. You post an attributed sale, Atlas matches it to the link, converts to EUR and computes the commission from your rate card.

  1. 01

    Provision a key

    During the launch phase, keys are granted on request. You get a key_id and a signing secret scoped to your integration.

  2. 02

    Sign the request

    Compute HMAC-SHA256 of the secret over timestamp.body, then send the x-atlas-key-id, x-atlas-timestamp and x-atlas-signature headers. The replay window is 5 minutes.

  3. 03

    Post the conversion

    Send ref and externalOrderId, plus the gross amount in its native currency and the state. Atlas freezes the FX rate, computes the commission and returns the applied state.

postback.js
import { createHmac } from "node:crypto";

const secret = process.env.ATLAS_SIGNING_SECRET;
const body = JSON.stringify({
  ref: "hs-acme-7f3k9",
  externalOrderId: "ORDER-5821",
  amount: 89.90,
  currency: "USD",
  status: "validated"
});

const ts = Math.floor(Date.now() / 1000).toString();
const signature = "v1=" + createHmac("sha256", secret)
  .update(`${ts}.${body}`)
  .digest("hex");

await fetch("https://atlas.hellosafe.com/api/postback/conversion", {
  method: "POST",
  headers: {
    "Content-Type": "application/json",
    "x-atlas-key-id": "pbk_live_a1b2c3",
    "x-atlas-timestamp": ts,
    "x-atlas-signature": signature
  },
  body
});
// → 200 { ok: true, action: "inserted", status: "validated" }

Postback signed with HMAC-SHA256. A 200 returns the applied action and state.

Payload reference

The request body

JSON. ref and externalOrderId are required; everything else is optional. Any commission you send is ignored, the ledger is the source of truth.

Field Type Required Description
ref string Yes Attribution identifier, in the partnerCode-shortCode format.
externalOrderId string Yes Your order identifier. Acts as the idempotency key on the Atlas side.
amount number No Gross sale amount, in its native currency.
currency string (3) No ISO 4217 code. An unknown currency is stored needs_fx and priced later.
status enum No pending, validated or cancelled. Defaults to pending.
subId string No Campaign or content sub-identifier, for your reporting.

Response codes

What the API returns

Explicit HTTP codes. Forbidden state transitions are never silently applied.

Code Meaning
200 Conversion recorded. action: inserted, updated, transitioned or unchanged.
400 Missing fields, invalid ref, or a ref that does not match the link owner.
401 Invalid signature, key or timestamp (5-minute window).
404 No link found for this ref.
409 Forbidden state transition: the state machine refuses it.
422 Amount above the per-conversion safety ceiling.

Authentication & security

Signed, scoped, auditable

Every caller has its own key and its own secret. Nothing is shared, everything is revocable.

Per-caller keys

A distinct key_id and signing secret per integration. Revoke one without touching the others.

HMAC-SHA256 signature

The signature covers timestamp.body byte for byte. Any tampering with the body invalidates the request.

Replay protection

Requests whose timestamp is more than 5 minutes off are rejected. No replaying a captured request.

Idempotent state machine

pending to validated or cancelled; validated to cancelled only; cancelled is terminal. Re-sending the same state is a no-op.

Pricing

Free to integrate. You earn when your users subscribe.

No setup fee, no monthly platform fee, no per-call charge. HelloSafe earns its share from the insurers; your revenue is purely commission.

$0

$0 to integrate

Getting your API key, connecting your integration and testing in our environment costs nothing. No NDA, no procurement process.

$0

$0 per call

The conversion API, deep links and S2S postback have no per-call charge and no monthly minimum. Scale as fast as your users travel.

50%

50% of commissions

You earn half of HelloSafe's commission on every purchase and renewal your integration drives, paid monthly.

Reliability & support

Built to stay up, answered by people

The conversion API and tracked links run on Cloudflare's edge network. Here is what you can plan around for uptime, retries and support.

99.9%

Target uptime

Postbacks and tracked links run on Cloudflare Workers with automatic failover. No single region can take the service down.

300+

Edge locations

Requests are served from the Cloudflare point of presence nearest your users; commission and FX are then computed asynchronously, off your checkout's critical path.

< 24h

Support response

Email support answers within one business day, on business days. Integration questions reach the partner engineering team, not an anonymous queue.

5 min

Safe retry window

Idempotent by externalOrderId: retry on any timeout without double-counting, and a captured request cannot be replayed past five minutes.

A public status page is on the roadmap. Until it ships, your integration and incident contact is the partner team, reachable from the contact page.

Early access

In private beta

Beyond conversion, these capabilities exist in private beta. Tell us what you are building to join the program.

Private beta

Quote & bind REST API

Multi-insurer quotes, comparison and binding over an API, with a sandbox and OpenAPI documentation.

Private beta

Coverage BIN API

The first 6 digits of a card return what the card already covers, so you only sell the gap.

Private beta

MCP server

Typed tools so your AI agents can search, compare and bind, grounded in live data.

Technical questions

What teams ask before they integrate.

What does the API cost?

Nothing. There is no setup fee, no monthly platform fee and no per-call charge on the conversion API or deep links. You earn 50% of commissions on sales your integration drives; that is the only money flow in the program.

Is there a REST quote API?

The conversion (postback) API is live. The REST quote-and-bind API exists in private beta: request early access and we will open a sandbox for you.

How does authentication work?

Per-caller signed keys. You compute HMAC-SHA256 of the secret over timestamp.body and send it in x-atlas-signature, with a 5-minute replay window. A legacy Bearer path exists while existing callers migrate.

Which currency should I send the amount in?

The gross amount in its native currency, with the currency code. Atlas freezes the rate at ingest, converts to EUR (the accounting currency) and computes the commission from your rate card. Any commission you send is ignored.

Is the postback idempotent?

Yes. externalOrderId is the key: re-sending the same state is a no-op, and the state machine refuses forbidden transitions with a 409 rather than applying them silently.

Can I integrate through Impact, Partnerize or Awin?

Yes. We expose a standard S2S postback that connects natively to Impact, Partnerize, Awin, Voluum, RedTrack and Everflow, or a webhook to your BI.

Do you have an OpenAPI spec?

An OpenAPI reference ships with the REST quote API in private beta. The conversion API is documented by its contract above: endpoint, signed headers, payload and response codes.

Do you support MCP?

Yes, in private beta. The MCP server exposes quoting, comparison and binding as typed tools your LLM or agent can call.

What uptime and support can I count on?

The conversion API and tracked links run on Cloudflare Workers, deployed across 300+ edge locations with automatic failover, for a target of 99.9% uptime. Email support answers within one business day. The postback is idempotent, so any timeout is safe to retry. A public status page is on the roadmap.

Have a technical or commercial question? Contact us

Let's build

Add travel insurance to your product

Tell us what you're building. We'll map the fastest path (links, postback or API) and open a key for you.