Bienvenue dans Travelandz API
Base et authentification
Configurez les URLs de base, les headers requis et l'authentification par API key pour vos intégrations Travelandz.
Configurez les URLs de base, les headers requis et l'authentification par API key pour vos intégrations Travelandz.
Required headers
| Header | Value |
|---|---|
Authorization | Bearer <secret_key> |
X-Travelandz-Id | <public_key>:<profile_code> |
Content-Type | application/json for requests with JSON body |
Authentication flow
- The API token strategy reads
AuthorizationandX-Travelandz-Id. - The bearer token must match the encrypted secret stored for the selected credential.
X-Travelandz-Idmust include the public key and a valid Developer Profile code (profileCode, formatted asdp_<12 alphanumeric>). The legacy Mongo ObjectId format is no longer accepted.- Sandbox uses
testCredentials; production usesliveCredentials. - The profile and company must be active.
- Production requires
isProductionAllowed=true. - If
domainsAllowedis configured, the request IP, Origin hostname or Referer hostname must match. - The used credential receives
lastUsedand the request context storesprofileId,profileCode,profileKey,credentialIdandcompanyId.
Credential fields
| Field | Description |
|---|---|
profileCode | Developer Profile code sent in X-Travelandz-Id, for example dp_a1b2c3d4e5f6. Find it in your dashboard. |
credentialId | Embedded credential _id, used for request log auditability. |
publicKey | Public identifier sent in X-Travelandz-Id, for example pk_sandbox_abc123. |
secretKey | Secret bearer token. Never store it client-side and never log it. |
secretKeyLast4 | Last four visible characters for user identification. |
domainsAllowed | Optional IP or hostname allow-list. |
lastUsed | Last successful usage timestamp. |