Authentication

Travelport is updating all authentication and authorization endpoints for all JSON APIs and providing new application credentials. See Endpoint Migration below.

All Travelport JSON APIs require authentication with OAuth 2.0. Before calling any API, you must follow an OAuth-based authorization procedure to obtain an access token, and then provide that access token with every call.

In this topic:

Credentials and Authorization
IMPORTANT Endpoint Migration
Generate Token in Language of Choice
Generate Token from Postman Developer Toolkit for Air
Generate Token from Postman Developer Toolkit for Hotel and Pay

Credentials and Authorization

OAuth is an open standard that defines how access to a resource is granted to requesters. The Travelport JSON APIs use the two-legged OAuth process for generating tokens. This means the requester provides a token and the resource returns a token. For detailed information about how an OAuth connection is established, refer to the OAuth 2.0 Authorization Framework.

You pass your client credentials to our resource and receive a token that you provide in all calls to any Travelport JSON API. The token is valid for 24 hours. When it expires, make another call and receive another token. You can request tokens either via the language of your choice or by sending a request from the Postman collection included in the developer toolkits linked below.

Travelport provides your credentials when you are provisioned for the JSON APIs. Travelport assigns your organization one or more usernames and access groups, based on their point(s) of sale. An access group contains information about an organization, including PCC, location, currency, NDC and GDS carrier information for the Air APIs, and printer linkages. An access group identifies to Travelport the content to which an application or user has access. Each username is assigned at least one access group and is sent in the API authentication request. The auth token returned ensures that the API responses return data that is relevant to an organization’s specific location.

Endpoint Migration

Travelport is updating the authentication and authorization endpoints for all JSON APIs and providing new credentials. All customers either already have received or will receive new credentials and have or will be migrated to the new endpoints. If your company has not yet migrated to new credentials, continue to use your existing credentials and endpoints.

Authentication Endpoints

Use these endpoints for authentication requests if you haven't received or haven't migrated to the new credentials from Travelport:

Pre-production https://oauth.pp.travelport.com/oauth/oauth20/token

Production https://oauth.travelport.com/oauth/oauth20/token

Use these endpoints for authentication requests after you have migrated to the new credentials from Travelport:

Pre-production https://auth.pp.travelport.net/oauth/token

Production https://auth.travelport.net/oauth/token

Authorization Endpoint Base Paths

You can find the authorization endpoints and base paths for individual APIs in the consolidated Endpoints list for Air, Hotel, and Pay, and at the top of every API Reference in the help. These topics include both the pre- and post-migration base paths.

For consolidated reference, the post-migration base paths are below; update your base paths after you have migrated to the new credentials:

Air

Pre-production https://api.pp.travelport.net/11/air/

Production https://api.travelport.net/11/air/

A small number of JSON Air APIs do not use /air in their base path, as noted in Air Endpoints and their API References: Cancel Workbench Item, Document History, Document List, and Exchange Air Offer.

Hotel

Pre-production https://api.pp.travelport.net/11/hotel/

Production https://api.travelport.net/11/hotel/

Payment

Pre-production https://api.pp.travelport.net/11/payment/

Production https://api.travelport.net/11/payment/

Generate Token in Language of Choice

To generate the auth token in a language of your choice, you must populate the following credentials provided when you were provisioned with the Travelport JSON APIs:

username
password
client_id
client_secret

Use these endpoints for authentication requests if you haven't received or haven't migrated to the new credentials from Travelport:

Pre-production https://oauth.pp.travelport.com/oauth/oauth20/token

Production https://oauth.travelport.com/oauth/oauth20/token

Use these endpoints for authentication requests after you have migrated to the new credentials from Travelport:

Pre-production https://auth.pp.travelport.net/oauth/token

Production https://auth.travelport.net/oauth/token

Generate Token from Postman Developer Toolkits for Air

The following steps detail how to enter credentials and generate the OAuth token from any of the Air developer toolkits.

Travelport provides the credentials required here when your company is provisioned with the JSON Air APIs. If you aren't yet a provisioned user, you can still browse request and response examples in the Developer Toolkit Postman collections.

Open any of the Travelport Postman collections.
Open the dropdown for OAuth and click OAuth. The folder and transaction name may vary between collections, but it is the first transaction in the collection.

in the Body tab at the top of the collection, enter your customer-specific credentials in the following fields:
- username
- password
- client_id
- client_secret

Click the Tests tab. In the list of variables, populate with the value XAUTH_TRAVELPORT_ACCESSGROUP_1G between double quotes per below.

Generate the OAuth token by clicking the Send button. Postman returns the access token, which consists of all text between the quotes after access_token, as shown below. This value is valid for 24 hours and automatically populates the authorization values in all transactions in the Postman collection. You can also copy this token value into your pre-production or production environments.

Generate Token from Postman Developer Toolkits for Hotel and Pay

The following steps detail how to enter credentials and generate the OAuth token from the Hotel DevKit or Pay DevKit.

Travelport provides the credentials required here when your company is provisioned with the JSON Hotel or Pay APIs. If you aren't yet a provisioned user, you can still browse example requests in the Postman collections in the Hotel or Pay Developer Toolkits.

Open any of the Travelport Postman collections.
Open the dropdown for OAuth and click OAuth. The folder and transaction name may vary between collections, or it may appear standalone instead of in a folder, but it is the first transaction in the collection.

Click the Body tab at the top of the collection. Populate the following with the values provided specifically for your company at provisioning:
- username
- password
- client_id
- client_secret

Generate the OAuth token by clicking the Send button. Postman returns the access token, which consists of all text between the quotes after access_token. This value is valid for 24 hours.
Copy all of the text between the quotes after access_token.
Navigate out of the OAuth folder. In the first transaction to send, open the Headers tab at the top. In the Authorization field, after the word Bearer, replace the brackets and any existing text (such as <token> or another token value with or without brackets) with the value copied from the OAuth transaction. After you send this transaction, the token populates into all following transactions.