Skip to main content

Tenant API Overview

The Travelbase Tenant API provides secure, programmatic access to Travelbase’s travel infrastructure, enabling businesses to discover offers, manage orders, issue tickets, manage wallets, and receive real-time webhook events. It is designed for reliable server-to-server integrations and supports the complete travel booking lifecycle, allowing organizations to integrate travel operations directly into their applications and workflows.

Sandbox URL

https://sandbox.travelbase.aiIsolated environment for development and testing.

Production URL

Available in your Travelbase Business Dashboard under Settings → API KeysUsed for real-world operations and live transactions.
The sandbox environment is fully isolated. Data created here does not affect your production environment or live billing.

Authentication

All API requests must be authenticated using either an API key or a bearer token.

Security Best Practices

Managing API Keys: Keys can be created and rotated in the dashboard under Settings → API Keys.
Never expose API keys in client-side applications (web, mobile, or public code). Always store keys securely in backend systems or secret managers.

Rate Limits

The API enforces rate limits to ensure system stability and fair usage across all tenants.

Default Rate Limit

120 requests per minute per API key.
If a request exceeds the limit, the API returns a 429 Too Many Requests status code.
Implement retry logic using exponential backoff to safely handle rate limit responses and minimize service disruptions.

Error Handling

Errors are returned using standard HTTP status codes and structured JSON responses to help you debug quickly.

Error Response Format

{
        "success": false,
        "statusCode": 400,
        "errorCode": "TB_AUTH_101",
        "message": "Invalid API key",
        "fault": "client",
        "retryable": true,
        "suggestedAction": "verify your API key and try again",
        "reason": "Invalid API key",
        "environment": "sandbox",
        "apiVersion": "1.0.0"
    }

Validation Errors

Validation failures may include additional field-level details to help users correct their input: 
{
    "success": false,
    "status": "error",
    "statusCode": 400,
    "errorCode": "TB_VAL_302",
    "message": "Validation failed",
    "fault": "client",
    "retryable": true,
    "reason": [
        {
            "field": "email",
            "message": "Required"
        },
        {
            "field": "password",
            "message": "Required"
        }
    ],
    "apiVersion": "1.0.0"
}

API Reference & Best Practices

Understanding how to handle responses and ensure data integrity is crucial for a smooth integration.

HTTP Status Codes

CodeMeaningDescription
200SuccessThe request was successful.
201Resource CreatedA new resource has been successfully created.
400Invalid RequestThe request was unacceptable (e.g., missing parameters).
401Authentication FailedNo valid API key provided.
403ForbiddenThe API key does not have permissions for this resource.
404Resource Not FoundThe requested resource doesn’t exist.
429Rate Limit ExceededToo many requests hit the API too quickly.
500Internal Server ErrorSomething went wrong on our end.
CRITICAL: Always check the HTTP status code to determine success or failure before parsing the response body. Do not rely solely on the response content.

Idempotency

Idempotency prevents duplicate resource creation caused by retries or network interruptions. Include an idempotency key when performing write operations (POST or PUT). 
Idempotency-Key: <unique_uuid>
Idempotency Guarantee: If a request with the same key is received multiple times, the API will return the original response instead of creating duplicate resources. Use UUID v4 for these keys.

Next Steps

Explore our guides to start building your integration.

Tenants

Manage organizations and sub-accounts.

Wallets

Handle balances, funds, and transactions.

Locations

Manage physical and virtual service areas.

Offers

Search available travel offers and pricing.

Orders

The full flow for creating and managing orders.

Webhooks

Receive real-time notifications for event updates.