Skip to main content
The platform has 2 authentication modes:
  1. api-key header for OTA flow APIs (/search, /quote, /book, /cancel, /v1/content/accommodations)
  2. Authorization: Bearer <partner_jwt> for partner management APIs

1) API Key Authentication

Used by:
  • POST /api/search
  • POST /api/search/tgx
  • POST /api/quote
  • POST /api/book
  • POST /api/cancel
  • POST /api/v1/content/accommodations
Header:
Behavior:
  • API key must exist in partner_api_keys
  • API key must map to a valid partner
  • Backend injects that partner into request context

2) Partner JWT Authentication

Login endpoint:
Request:
Notes:
  • password must be MD5 string when accountType = "email"
  • accountType = "phone" is currently not supported and returns 400
Use token:

Additional Headers