Skip to main content
POST
The Travtus API requires every request to be authenticated using a Bearer token. Tokens are obtained via the OAuth 2.0 client_credentials grant using the credentials provided to you by Travtus.
1

Request an access token

POST your credentials to the token endpoint to receive an access token valid for 60 minutes.
2

Call the API

Include the access token in the Authorization header of every API request.
3

Re-authenticate when the token expires

The token is valid for 60 minutes (3600 seconds). Request a new token before it expires to maintain uninterrupted access.

Request an Access Token

Request body (application/x-www-form-urlencoded)

client_id
string
required
Your API client ID.
client_secret
string
required
Your API client secret.
grant_type
string
required
Must be client_credentials.

Response

access_token
string
Bearer token to include in the Authorization header of all subsequent API requests.
token_type
string
Always Bearer.
expires_in
integer
Seconds remaining until the token expires. Up to 3600 on a fresh token (60 minutes).

Call the API

Include the access_token in the Authorization header of every request.
The bearer token is valid for 60 minutes (3600 seconds). Once it expires, you must re-authenticate to obtain a new token. Requesting a new token on every API call is unnecessary and may result in throttling.

Rate Limiting

The Travtus API enforces rate limits to ensure platform stability and fair usage across all clients. Exceeding a limit returns HTTP 429 Too Many Requests. Implement exponential backoff when retrying after a 429 response.

Token endpoint (/oauth2/token)

All other API endpoints

How limits are applied

  • Limits are applied per API key at the API Gateway level.
  • The burst limit allows short spikes above the sustained rate.
  • Clients should implement retry logic with exponential backoff on 429 responses.