OverviewRequest Access

This API allows partners to sell Travel Corporation products on their websites. Get started by requesting access. To do so simply click here or the button in the top right of this page.


Current Version

By default, all requests to https://api.ttc.com receive the v4 version of the REST API.

We encourage you to explicitly request this version via the Accept header:

Accept: application/vnd.ttc.v4+json

Schema

All API access is over HTTPS, and accessed from the https://api.ttc.com. All data is sent and received as JSON.

All timestamps return in ISO 8601 format. For example:

2018-04-09T08:00:00+0300

Authentication

Access to this API requires authentication. Requesting any endpoint with incorrect or wrong credentials will result in 401 Unauthorized.

Use HTTP Authentication with the following Authentication Schemes:

  • HTTP Basic

username is token and password is your API_TOKEN. For example, here is how to make an authenticated request with curl on the command line (replace API_TOKEN with your api token):

  $ curl https://token:API_TOKEN@api.ttc.com/brands/trafalgar/tours/1/options/1/availability?regions=nz
  • HTTP Bearer with JWT Token

This authentication scheme requires a signed JWT Token to be sent in the HTTP Authentication header as a "Bearer Token". The JWT token must have these fields:

  • client_id
  • agentId

client_id is your API CLIENT_ID

agentId is the id of the TTC Travel Consultant that will access the API

Note if the Consultant is to book tours then the Third Party Reference must be set on the API client.

For example, here is how to make an authenticated request with curl on the command line:

$ curl https://api.ttc.com/brands/trafalgar/tours/1/options/1/availability?regions=nz -H "Authorization: Bearer JWT_TOKEN"

Single Sign On

TTC SSO allows a Travel Consultant to login to TTC via any Brand and subsequently that user will be logged in across all accessible Brands.

TTC SSO uses OpenID Connect, an authentication layer on top of OAuth 2.0.

Using OAuth 2.0 in your application, a Travel Consultant can access the API via your API Client.

Use the OAuth 2.0 Authorization Code flow and receive a token to access the API - see HTTP Bearer with JWT Token.

Note you do not need to (and cannnot) modify the token, just pass it straight through to the API.

TTC SSO login requires the following OAuth 2.0 parameters:

  • Client Id
[your API CLIENT_ID]
  • Client Secret:
[API Support will supply this]
  • Client Flow
'AuthorizationCode'
  • Scope
'agentId'
  • Authorize Url:
  • https://sso-aatkings.uat.travcorpservices.com/openid/connect/taauth
  • https://sso-brendanvacations.uat.travcorpservices.com/openid/connect/taauth
  • https://sso-contiki.uat.travcorpservices.com/openid/connect/taauth
  • https://sso-grandeuropeantravel.uat.travcorpservices.com/openid/connect/taauth
  • https://sso-insightvacations.uat.travcorpservices.com/openid/connect/taauth
  • https://sso-luxurygold.uat.travcorpservices.com/openid/connect/taauth
  • https://sso-trafalgar.uat.travcorpservices.com/openid/connect/taauth
  • Token Url:
  • https://sso-aatkings.uat.travcorpservices.com/openid/connect/token
  • https://sso-brendanvacations.uat.travcorpservices.com/openid/connect/token
  • https://sso-contiki.uat.travcorpservices.com/openid/connect/token
  • https://sso-grandeuropeantravel.uat.travcorpservices.com/openid/connect/token
  • https://sso-insightvacations.uat.travcorpservices.com/openid/connect/token
  • https://sso-luxurygold.uat.travcorpservices.com/openid/connect/token
  • https://sso-trafalgar.uat.travcorpservices.com/openid/connect/token

Logout

You can logout with the following url:

  • https://sso-aatkings.uat.travcorpservices.com/openid/connect/logout
  • https://sso-brendanvacations.uat.travcorpservices.com/openid/connect/logout
  • https://sso-contiki.uat.travcorpservices.com/openid/connect/logout
  • https://sso-grandeuropeantravel.uat.travcorpservices.com/openid/connect/logout
  • https://sso-insightvacations.uat.travcorpservices.com/openid/connect/logout
  • https://sso-luxurygold.uat.travcorpservices.com/openid/connect/logout
  • https://sso-trafalgar.uat.travcorpservices.com/openid/connect/logout

It is symmetrical to login in that the user is logged out across all TTC Brands.


Rate Limiting

The returned HTTP headers of any API request show your current rate limit status:

$ curl https://token:API_TOKEN@api.ttc.com/countries  
HTTP/1.1 200 OK  
...  
X-RateLimit-Limit: 100  
X-RateLimit-Remaining: 99  
...  

Once the limit is reached, it will start returning 429 Too Many Requests and an extra header - Retry-After - indicating how long to wait (in milliseconds) before making a new request:

$ curl https://token:API_TOKEN@api.ttc.com/countries  
HTTP/1.1 429 Too Many Requests  
...  
X-RateLimit-Limit: 100  
X-RateLimit-Remaining: 0  
Retry-After: 5000  
...