Skip to main content
All endpoints require partner JWT: 
Authorization: Bearer <partner_jwt>

What is API Key

api-key is the credential used by programmatic OTA flow APIs:
  • POST /api/search
  • POST /api/quote
  • POST /api/book
  • POST /api/cancel
Backend maps API key to a partner and authorizes connection usage by settings.access.code.

1) Create API Key (Partner Admin only)

POST /api/partner/api-keys
No request body. Response contains a new key document (apiKey, partner, timestamps).

2) List API Keys

GET /api/partner/api-keys
Returns API keys under current partner, newest first.

3) Delete API Key (Partner Admin only)

DELETE /api/partner/api-keys/:id

Example List Response

{
  "data": [
    {
      "_id": "67ab62f4d90f8d7bf44ff001",
      "apiKey": "<API_KEY_UUID>",
      "partner": "67a84f588277d6f3bc5ecfff",
      "createdAt": "2026-02-11T18:49:56.804Z",
      "updatedAt": "2026-02-11T18:49:56.804Z"
    }
  ],
  "message": "success"
}

Limits and Rules

  • Maximum 10 API keys per partner
  • API key ID in delete must belong to current partner

Common Errors

  • 403 Require partner admin role
  • 400 Maximum number of API keys (10) has been reached
  • 404 API key not found