Authentication with OAuth 2.0

All Travelport JSON APIs require authentication with OAuth 2.0. Before calling any API, you must follow an OAuth-based authorization procedure to obtain an access token, and then provide that access token with every call.

OAuth is an open standard that defines how access to a resource is granted to requesters. The Travelport JSON APIs use the two-legged OAuth process for generating tokens. This means the requester provides a token and the resource returns a token.

You pass your client credentials to our resource and receive a token that you provide in all calls to any Travelport JSON API. The token is valid for 1 day. When it expires, make another call and receive another token. You can request tokens either by sending a request in Postman, detailed in this topic, or via the language of your choice.

For detailed information about how an OAuth connection is established, refer to the OAuth 2.0 Authorization Framework.

Access Groups

All organizations are assigned one or more access groups, based on their point(s) of sale. An access group contains information about an organization, including PCC, location, currency, NDC and GDS carrier information, printer linkages, and more. An access group identifies to Travelport the content to which an application or user has access.

An organization will have one or more usernames to submit API requests for the pre-production environment and one or more usernames to submit requests to the production environment. Each username is assigned at least one access group. Each API authentication request requires an access group that is associated to the username as part of the submission to generate a token that can be used in subsequent requests. The token, created in part with the access group, ensures that responses return data that is relevant to an organization’s specific location.

In this topic:

Generate Token

To generate the auth token in a language of your choice, you must populate the following credentials provided when you were provisioned with the Travelport JSON APIs:

  • username
  • password
  • client_id
  • client_secret

Send your authentication request to the following endpoint as appropriate:

  • Pre-production: https://oauth.pp.travelport.com/oauth/oauth20/token
  • Production: https://oauth.travelport.com/oauth/oauth20/token

Generate Token from Postman Developer Toolkit

The following steps detail how to enter your credentials and generate the OAuth token from the Postman Developer Toolkits.

Enter Credentials

If you have not already entered credentials into Postman, take the following steps. The credentials required in this section were provided when you were provisioned.

  1. Open the Postman collection and click the Body tab at the top of the collection. Populate the following credentials:
    • username
    • password
    • client_id
    • client_secret
  2. Next, open the environment file: In the upper-right corner of the Postman window, select the environment file that corresponds to your collection and click the environment quick look button.

  3. In the Globals section, hover over the Access Group field per below, and click the pencil icon to open the fields for editing.

  4. Enter the access group value provided at provisioning into both the Initial Value and Current Value fields.
  5. Click anywhere outside the environment window to close it and save your changes.

Generate and Send Access Token

In any Travelport Postman collection, take the following steps to enter your credentials and generate the OAuth token.

  1. Open the Postman collection and expand the folder labeled for OAuth as shown below. It may be named differently in different collections, or may be a standalone transaction instead of in a folder.

  1. Select the appropriate POST OAuth transaction, if there is more than one, and click the Send button to run it. Postman returns the access token, which consists of all text between the quotes after access_token, as shown below. This value automatically populates the authorization values in the remaining transactions in the Postman collection.