diff --git a/config/routes/api_insurance.yaml b/config/routes/api_insurance.yaml
new file mode 100644
index 00000000..b50c3975
--- /dev/null
+++ b/config/routes/api_insurance.yaml
@@ -0,0 +1,6 @@
+# insurance api
+
+api_insurance_create:
+    path: /api/insurance/create
+    controller: App\Controller\Insurance\InsuranceAPIController::createCTPLApplication
+    methods: [POST]
diff --git a/src/Controller/Insurance/InsuranceAPIController.php b/src/Controller/Insurance/InsuranceAPIController.php
new file mode 100644
index 00000000..5807f1d6
--- /dev/null
+++ b/src/Controller/Insurance/InsuranceAPIController.php
@@ -0,0 +1,159 @@
+<?php
+
+namespace App\Controller\Insurance;
+
+use Doctrine\ORM\EntityManagerInterface;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Bundle\FrameworkBundle\Controller\Controller;
+use Symfony\Component\HttpFoundation\JsonResponse;
+
+use App\Controller\LoggedController;
+
+use App\Insurance\ClientData;
+use App\Insurance\ClientType;
+use App\Insurance\LineType;
+
+use App\Ramcar\APIResult;
+
+use App\Service\InsuranceDataValidator;
+use App\Service\InsuranceConnector;
+
+use App\Entity\MobileSession;
+
+// controller to connect mobile app to insurance api
+class InsuranceAPIController extends Controller implements LoggedController
+{
+    protected $session;
+
+    public function __construct()
+    {
+        $this->session = null;
+    }
+
+    public function createCTPLApplication(Request $req, EntityManagerInterface $em, InsuranceDataValidator $ins_validator,
+                                          InsuranceConnector $insurance)
+    {
+        // TODO: are we letting the app fill in all the fields needed for the CTPL application?
+        // check parameters
+        $required_params = [
+            '',
+        ];
+
+        // check required parameters and api key
+        $res = $this->checkParamsAndKey($req, $em, $required_params);
+        if ($res->isError())
+            return $res->getReturnResponse();
+
+        // create client data
+        $client_data = new ClientData();
+
+        // TODO: set values for client data
+
+        // check if client data values are valid
+        $error_mesage = $ins_validator->validateClientData($client_data);
+        if ($error_message != null)
+        {
+            // return error message
+            $res->setError(true)
+                ->setErrorMessage($error_message);
+
+            return $res;
+        }
+
+        $result = $insurance->processApplication($client_data);
+
+        // check status of result
+        if ($result['status'] == 'error')
+        {
+            // get message and return error message
+            $message = $result['message'];
+            $res->setError(true)
+                ->setErrorMessage($message);
+
+            return $res;
+        }
+
+        // return data portion of result received from insurance api
+        $data = $result['data'];
+
+        $res->setData($data);
+
+        return $res->getReturnResponse();
+    }
+
+    protected function checkMissingParameters(Request $req, $params = [])
+    {
+        $missing = [];
+
+        // check if parameters are there
+        foreach ($params as $param)
+        {
+            if ($req->getMethod() == 'GET')
+            {
+                $check = $req->query->get($param);
+                if (empty($check))
+                    $missing[] = $param;
+            }
+            else if ($req->getMethod() == 'POST')
+            {
+                $check = $req->request->get($param);
+                if (empty($check))
+                    $missing[] = $param;
+            }
+            else
+                return $params;
+        }
+
+        return $missing;
+    }
+
+    protected function checkAPIKey($em, $api_key)
+    {
+        // find the api key (session id)
+        $session = $em->getRepository(MobileSession::class)->find($api_key);
+        if ($session == null)
+            return null;
+
+        return $session;
+    }
+
+    protected function checkParamsAndKey(Request $req, $em, $params)
+    {
+        // returns APIResult object
+        $res = new APIResult();
+
+        // check for api_key in query string
+        $api_key = $req->query->get('api_key');
+        if (empty($api_key))
+        {
+            $res->setError(true)
+                ->setErrorMessage('Missing API key');
+            return $res;
+        }
+
+        // check missing parameters
+        $missing = $this->checkMissingParameters($req, $params);
+        if (count($missing) > 0)
+        {
+            $miss_string = implode(', ', $missing);
+            $res->setError(true)
+                ->setErrorMessage('Missing parameter(s): ' . $miss_string);
+            return $res;
+        }
+
+        // check api key
+        $sess = $this->checkAPIKey($em, $req->query->get('api_key'));
+        if ($sess == null)
+        {
+            $res->setError(true)
+                ->setErrorMessage('Invalid API Key');
+            return $res;
+        }
+
+        // store session
+        $this->session = $sess;
+
+        return $res;
+    }
+} 
diff --git a/src/Service/InsuranceClientDataValidator.php b/src/Service/InsuranceDataValidator.php
similarity index 100%
rename from src/Service/InsuranceClientDataValidator.php
rename to src/Service/InsuranceDataValidator.php