This API allows partners to sell Travel Corporation products on their websites. Get started by requesting access. To do so simply click here or the button in the top right of this page.
Current Version
By default, all requests to https://api.ttc.com
receive the v4 version of the REST API.
We encourage you to explicitly request this version via the Accept
header:
Accept: application/vnd.ttc.v4+json
Schema
All API access is over HTTPS, and accessed from the https://api.ttc.com
. All data is sent and received as JSON.
All timestamps return in ISO 8601 format. For example:
2018-04-09T08:00:00+0300
Authentication
Access to this API requires authentication. Requesting any endpoint with incorrect or wrong credentials will result in 401 Unauthorized
.
Use HTTP Authentication with the following Authentication Schemes:
- HTTP Basic
username is token
and password is your API_TOKEN
. For example, here is how to make an authenticated request with curl on the command line (replace API_TOKEN with your api token):
$ curl https://token:API_TOKEN@api.ttc.com/brands/trafalgar/tours/1/options/1/availability?regions=nz
- HTTP Bearer with JWT Token
This authentication scheme requires a signed JWT Token to be sent in the HTTP Authentication header as a "Bearer Token". The JWT token must have these fields:
- client_id
- agentId
client_id is your API CLIENT_ID
agentId is the id of the TTC Travel Consultant that will access the API
Note if the Consultant is to book tours then the Third Party Reference must be set on the API client.
For example, here is how to make an authenticated request with curl on the command line:
$ curl https://api.ttc.com/brands/trafalgar/tours/1/options/1/availability?regions=nz -H "Authorization: Bearer JWT_TOKEN"
Single Sign On
TTC SSO allows a Travel Consultant to login to TTC via any Brand and subsequently that user will be logged in across all accessible Brands.
TTC SSO uses OpenID Connect, an authentication layer on top of OAuth 2.0.
Using OAuth 2.0 in your application, a Travel Consultant can access the API via your API Client.
Use the OAuth 2.0 Authorization Code flow and receive a token to access the API - see HTTP Bearer with JWT Token.
Note you do not need to (and cannnot) modify the token, just pass it straight through to the API.
TTC SSO login requires the following OAuth 2.0 parameters:
- Client Id
[your API CLIENT_ID]
- Client Secret:
[API Support will supply this]
- Client Flow
'AuthorizationCode'
- Scope
'agentId'
- Authorize Url:
- https://sso-aatkings.uat.travcorpservices.com/openid/connect/taauth
- https://sso-brendanvacations.uat.travcorpservices.com/openid/connect/taauth
- https://sso-contiki.uat.travcorpservices.com/openid/connect/taauth
- https://sso-grandeuropeantravel.uat.travcorpservices.com/openid/connect/taauth
- https://sso-insightvacations.uat.travcorpservices.com/openid/connect/taauth
- https://sso-luxurygold.uat.travcorpservices.com/openid/connect/taauth
- https://sso-trafalgar.uat.travcorpservices.com/openid/connect/taauth
- Token Url:
- https://sso-aatkings.uat.travcorpservices.com/openid/connect/token
- https://sso-brendanvacations.uat.travcorpservices.com/openid/connect/token
- https://sso-contiki.uat.travcorpservices.com/openid/connect/token
- https://sso-grandeuropeantravel.uat.travcorpservices.com/openid/connect/token
- https://sso-insightvacations.uat.travcorpservices.com/openid/connect/token
- https://sso-luxurygold.uat.travcorpservices.com/openid/connect/token
- https://sso-trafalgar.uat.travcorpservices.com/openid/connect/token
Logout
You can logout with the following url:
- https://sso-aatkings.uat.travcorpservices.com/openid/connect/logout
- https://sso-brendanvacations.uat.travcorpservices.com/openid/connect/logout
- https://sso-contiki.uat.travcorpservices.com/openid/connect/logout
- https://sso-grandeuropeantravel.uat.travcorpservices.com/openid/connect/logout
- https://sso-insightvacations.uat.travcorpservices.com/openid/connect/logout
- https://sso-luxurygold.uat.travcorpservices.com/openid/connect/logout
- https://sso-trafalgar.uat.travcorpservices.com/openid/connect/logout
It is symmetrical to login in that the user is logged out across all TTC Brands.
Rate Limiting
The returned HTTP headers of any API request show your current rate limit status:
$ curl https://token:API_TOKEN@api.ttc.com/countries HTTP/1.1 200 OK ... X-RateLimit-Limit: 100 X-RateLimit-Remaining: 99 ...
Once the limit is reached, it will start returning 429 Too Many Requests
and an extra header - Retry-After
- indicating how long to wait (in milliseconds) before making a new request:
$ curl https://token:API_TOKEN@api.ttc.com/countries HTTP/1.1 429 Too Many Requests ... X-RateLimit-Limit: 100 X-RateLimit-Remaining: 0 Retry-After: 5000 ...