Skip to content
Last updated

Using the DevKits

API credentials strongly recommended to proceed

Travelport TripServices API credentials are needed to run real-time requests with the DevKits. Contact your administrator or account manager for more information. Alternatively, you can sign up for trial credentials or contact our sales team.

The following information is based on the Flights DevKits.

Populating credentials in Postman

  1. Expand the dropdown for OAuth
Postman screenshot
  1. Click on the Body tab and populate the following credentials: username, password, client_id, client_secret.
Postman screenshot
  1. Select the Scripts tab, then Post-res.
Postman screenshot
  1. Populate with accessgroup in XAUTH_TRAVELPORT_ACCESSGROUP_1G between double quotes.
Postman screenshot

You must send your request to the correct version of the API you are using - check the version in the URL of the endpoint and in the OAuth scripts, and make sure it matches the version you are provisioned for.

Reading the Postman examples

Basic layout

These Postman collections are organized through folders and sub-folders that linearly follow the workflow for a given set of API calls.
API requests with extensive options have multiple folders to showcase possible paths.

Postman screenshot

API collections without as many options have a flatter structure, as in this Exchange APIs collection.

Postman screenshot

“Examples” folders, when present, will have various calls demonstrating the individual structure used for different modifiers.

Postman screenshot

Viewing and running JSON payloads

Running a script

Clicking on a POST, GET, or DEL option (HTTP methods) will open to request payloads that can be modified in the Headers and Body tabs.

Postman screenshot

Clicking Send makes the API call.

Postman screenshot

This calls live pre-prod responses from the API.

Postman screenshot

Viewing the code

When running a request, the details of the JSON request can be found under “Code” (the </> icon on the right).

Postman screenshot

Scroll to the bottom of the Code panel to find the raw JSON of the request.

Postman screenshot

Opening the Code panel will also show what data a variable holds.

Postman screenshot

If the request body uses a variable that requires data from a previous API request that you haven't yet run, it remains a variable in the Code section until receiving the prerequisite data.

Pre-made examples

The Flights API Postman collections include saved example responses, which allow you to browse code without entering credentials. These are prefaced with an ‘e.g.’ instead of the normal HTTP methods.

Postman screenshot

These examples have already been run, and include matching requests and responses for easy reference. Click on the Body tab to see the request.

The Try button also sends a live request, but please be aware that in these cases the variables may not be current.

Postman screenshot

Naming convention for examples

Both Individual Examples and Specific flow sets will be named after the script they come from, while End to End examples will follow a separate convention.

Postman screenshot

End-to-end (e2e) examples

Like the examples described above, end-to-end examples are prefaced with ‘e.g.’, but they connect with other calls to run through a specific scenario. An E2E example demonstrates a full transaction - from search to ticket - with matching id values.

End to End examples employ the following naming convention:

ExampleNumber.StepNumber.Description of flow.

This is the first E2E example, step three, which walks through a Full Payload flow.

API Authorization Information

Request Headers

Outline of mandatory request headers to be sent with every request.

Mandatory header fields

HeaderContext
Accept-Encodinggzip, deflate (This is non-negotiable - there must be some type of compression in the headers. If this is not in place, a customer will NOT be allowed to send any production traffic)
Cache-Controlno-cache
Acceptapplication/json
Content-Typeapplication/json
  • Omit this header key on Post Commit Initiate Workbench with Retrieve, Context path: /air/book/session/reservationworkbench/buildfromlocator?Locator={{PNRDevKit}}
  • Omit this header key on NDC Refund, Context path: /air/receipt/reservations/{{reservationIdDevKit}}/receipts?OfferIdentifier={{reservationResponseReservationOfferIdentifierValueDevKit}}
AuthorizationBearer token from the OAuth token generated
XAUTH_TRAVELPORT_ACCESSGROUPEach PCC will be associated with a unique accessgroup
Accept-Version-Typeversion number of the API
Content-Versionversion number of the API

More header information can be found on the Flights API Headers, Stays API Headers, and Pay API Headers pages.

Response headers returned from TripServices

HeaderContext
Datereturned in GMT
Content-Typeno-cache
e2etrackingid/transactionidunique identifier returned for every transaction (A must-have item for troubleshooting issues)
Content-versionlatest version number of the API
Varyaccept-encoding
Content-Encodinggzip
Transfer-Encodingchunked

OAuth Token requirement

The OAuth token expires in 86,400 seconds which is equivalent to one day.

Certification passes if token is generated:
Every 24 hours the token should be generated

Certification fails if:
The token is generated with every request

Token usage:
Please note that a set of credentials for a customer is associated with a MCN (Master customer number). That MCN has a one-to-many relationships with accessgroups (PCC). Therefore, a token generated for that MCN will be valid across all accessgroups that fall under the MCN for that 24-hour period.

If you have multiple accessgroups then the same token must be used for that 24-hour period across all accessgroups that fall under that same MCN.

If you have multiple MCNs then the same rule applies where only one token per MCN shall be generated in a 24-hour period.

Ready to certify?

Ready to certify or add access? Take a look at our certification guide.