Skip to main content
POST
https://travtus-api.auth.us-east-2.amazoncognito.com
/
oauth2
/
token
curl --location --request POST 'https://travtus-api.auth.us-east-2.amazoncognito.com/oauth2/token' \
--header 'Content-Type:application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_id=<client-id>' \
--data-urlencode 'client_secret=<client-secret>'

{"access_token":"eyJraWQiOiJzXC9jaDliOVJcL1FwM1lzamQ4cFA1aXRodjJENkxoY1lqSFp4YVE4cFVXNmM9IiwiYWxnIjoiUlMyNTYifQ.eyJzdWIiOiIzaDc5aGs0c29mdXNiM2Z0Z25rMTMzZzBqNCIsInRva2VuX3VzZSI6ImFjY2VzcyIsInNjb3BlIjoidHJhdnR1cy1hcGlcL2tub3dsZWRnZS1ncmFwaCIsImF1dGhfdGltZSI6MTcwNTQ4ODc5OCwiaXNzIjoiaHR0cHM6XC9cL2NvZ25pdG8taWRwLnVzLWVhc3QtMi5hbWF6b25hd3MuY29tXC91cy1lYXN0LTJfa21KUXNXQVJKIiwiZXhwIjoxNzA1NDkyMzk4LCJpYXQiOjE3MDU0ODg3OTgsInZlcnNpb24iOjIsImp0aSI6Ijc4OGU5MGIxLTBjYjMtNGRhYi04ZTcxLTY1MTBmZWJjOWMzNiIsImNsaWVudF9pZCI6IjNoNzloazRzb2Z1c2IzZnRnbmsxMzNnMGo0In0.ig8jULH9Y01bvFtUAR_XJO5ljR60mo3XdFXiA58qbNpKSNwvJx1tqpLLOSYTG19O_ZrPBpOAT-kPPlYyL9mqacQvybr_CeWkFp_9WuQP8zSEvrDbg7_jwXN4JYSItEVc_NSs2PArUhYEB_gkOOSs814-DO726L6hUr3R6rn1Wk3bz-KU--U9gI9xh0cvQ0RGD1bCryTAG9qSmrz0LR8Dw96jrCPU0Sgv57gXvJ8M1Z-7oa8ajnwfRJaRGQired8coOt9mFiYPjR5GJWW5QCPELpOTKFJRWfi5nc9vvyKLJgdPeGqQyqruj_bBgA7b9hkwePbpNPRt6f9WVl11ip12w","expires_in":3600,"token_type":"Bearer"}
Travtus API uses token authentication. All API calls must include the following header: 
'Authorization': 'Bearer <team_token>'

Query Parameters

client_id
string
Your API client_id.
client_secret
string
Your API client_secret.
grant_type
string
Must be client_credentials.

Response

access_token
string
The token you will need to use in order to access any other API endpoints.
curl --location --request POST 'https://travtus-api.auth.us-east-2.amazoncognito.com/oauth2/token' \
--header 'Content-Type:application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_id=<client-id>' \
--data-urlencode 'client_secret=<client-secret>'

{"access_token":"eyJraWQiOiJzXC9jaDliOVJcL1FwM1lzamQ4cFA1aXRodjJENkxoY1lqSFp4YVE4cFVXNmM9IiwiYWxnIjoiUlMyNTYifQ.eyJzdWIiOiIzaDc5aGs0c29mdXNiM2Z0Z25rMTMzZzBqNCIsInRva2VuX3VzZSI6ImFjY2VzcyIsInNjb3BlIjoidHJhdnR1cy1hcGlcL2tub3dsZWRnZS1ncmFwaCIsImF1dGhfdGltZSI6MTcwNTQ4ODc5OCwiaXNzIjoiaHR0cHM6XC9cL2NvZ25pdG8taWRwLnVzLWVhc3QtMi5hbWF6b25hd3MuY29tXC91cy1lYXN0LTJfa21KUXNXQVJKIiwiZXhwIjoxNzA1NDkyMzk4LCJpYXQiOjE3MDU0ODg3OTgsInZlcnNpb24iOjIsImp0aSI6Ijc4OGU5MGIxLTBjYjMtNGRhYi04ZTcxLTY1MTBmZWJjOWMzNiIsImNsaWVudF9pZCI6IjNoNzloazRzb2Z1c2IzZnRnbmsxMzNnMGo0In0.ig8jULH9Y01bvFtUAR_XJO5ljR60mo3XdFXiA58qbNpKSNwvJx1tqpLLOSYTG19O_ZrPBpOAT-kPPlYyL9mqacQvybr_CeWkFp_9WuQP8zSEvrDbg7_jwXN4JYSItEVc_NSs2PArUhYEB_gkOOSs814-DO726L6hUr3R6rn1Wk3bz-KU--U9gI9xh0cvQ0RGD1bCryTAG9qSmrz0LR8Dw96jrCPU0Sgv57gXvJ8M1Z-7oa8ajnwfRJaRGQired8coOt9mFiYPjR5GJWW5QCPELpOTKFJRWfi5nc9vvyKLJgdPeGqQyqruj_bBgA7b9hkwePbpNPRt6f9WVl11ip12w","expires_in":3600,"token_type":"Bearer"}

Rate Limiting

The Travtus API enforces rate limits to ensure platform stability and fair usage across all clients.

Limits

The current rate limits are:
  • Burst limit: 5,000 requests
  • Sustained rate: 10,000 requests per second
The burst limit allows short spikes in traffic, while the sustained rate applies to ongoing request volume.

How rate limiting is applied

  • Rate limits are enforced at the API gateway level.
  • Requests exceeding either the burst or sustained rate may be rejected.
  • Limits apply per client and per API key.

Exceeding limits

If a request exceeds the configured rate limits, the API will respond with an HTTP 429 Too Many Requests status code. Clients should implement appropriate retry logic with backoff when receiving a 429 response.