Authentication

All Travelport JSON APIs require authentication with OAuth 2.0. Before calling any API, you must follow an OAuth-based authorization procedure to obtain an access token, and then provide that access token with every call.

OAuth is an open standard that defines how access to a resource is granted to requesters. The Travelport JSON APIs use the two-legged OAuth process for generating tokens. This means the requester provides a token and the resource returns a token. For detailed information about how an OAuth connection is established, refer to the OAuth 2.0 Authorization Framework.

You pass your client credentials to our resource and receive a token that you provide in all calls to any Travelport JSON API. The token is valid for 1 day. When it expires, make another call and receive another token. You can request tokens either via the language of your choice or by sending a request from any of the Postman developer toolkits available for download under Downloads & Support > Downloads & Tools.

Access Groups

Travelport assigns all organizations one or more access groups, based on their point(s) of sale. An access group contains information about an organization, including PCC, location, currency, NDC and GDS carrier information, printer linkages, and more. An access group identifies to Travelport the content to which an application or user has access.

An organization will have one or more usernames to submit API requests for the pre-production environment and one or more usernames to submit requests to the production environment. Each username is assigned at least one access group. Each API authentication request requires an access group that is associated to the username as part of the submission to generate a token that can be used in subsequent requests. The token, created in part with the access group, ensures that responses return data that is relevant to an organization’s specific location.

In this topic:

Generate Token in Language of Choice

To generate the auth token in a language of your choice, you must populate the following credentials provided when you were provisioned with the Travelport JSON APIs:

  • username
  • password
  • client_id
  • client_secret

Send your authentication request to the following endpoint as appropriate:

  • Pre-production: https://oauth.pp.travelport.com/oauth/oauth20/token
  • Production: https://oauth.travelport.com/oauth/oauth20/token

Generate Token from Postman Developer Toolkits for Air

The following steps detail how to enter your credentials and generate the OAuth token from any of the developer toolkits available under Downloads & Support > Downloads & Tools. Travelport provided the credentials required here when you were provisioned.

  1. Open any of the Travelport Postman collections.
  2. Open the dropdown for OAuth and click OAuth. It may have a slightly different name in different collections, or it may appear standalone instead of in a folder.

  1. Click the Body tab at the top of the collection. Populate the following with the values provided at provisioning:

    • username
    • password
    • client_id
    • client_secret

  1. Click the Tests tab. In the list of variables, populate with the value XAUTH_TRAVELPORT_ACCESSGROUP_1G between double quotes per below.

  1. Generate the OAuth token by clicking the Send button. Postman returns the access token, which consists of all text between the quotes after access_token, as shown below. This value is valid for one day and automatically populates the authorization values in all transactions in the Postman collection. You can also copy this token value into your pre-production or production environments.

Generate Token from Postman Developer Toolkits for Hotel and Pay

The following steps detail how to enter your credentials and generate the OAuth token from the Hotel or Pay developer toolkits available under Downloads & Support > Downloads & Tools. Travelport provided the credentials required here when you were provisioned.

  1. Open any of the Travelport Postman collections.
  2. Open the dropdown for OAuth and click OAuth. It may have a slightly different name in different collections, or it may appear standalone instead of in a folder.

  1. Click the Body tab at the top of the collection. Populate the following with the values provided at provisioning:

    • username
    • password
    • client_id
    • client_secret

  1. Generate the OAuth token by clicking the Send button. Postman returns the access token, which consists of all text between the quotes after access_token. This value is valid for one day.

  2. Copy all of the text between the quotes after access_token.

  3. Navigate out of the OAuth folder. In the first transaction you want to send, open the Headers tab at the top. In the Authorization field, after the word Bearer, replace the brackets and any existing text (such as <token> or another token value with or without brackets) with the value copied from the OAuth transaction. After you send this transaction, the token populates into all following transactions.