Skip to main content
POST
/
oauth2
/
token
curl -X POST 'https://api.travtus.com/oauth2/token' \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -d 'grant_type=client_credentials' \
  -d 'client_id=<client-id>' \
  -d 'client_secret=<client-secret>'

{
  "access_token": "eyJraWQiOiJzXC9jaDliOVJcL1FwM1lzamQ4cHA1aXRodjJENkxoY1lqSFp4YVE4cFVXNmM9IiwiYWxnIjoiUlMyNTYifQ.eyJzdWIiOiIzaDc5aGs0c29mdXNiM2Z0Z25rMTMzZzBqNCIsInRva2VuX3VzZSI6ImFjY2VzcyIsInNjb3BlIjoidHJhdnR1cy1hcGlcL2tub3dsZWRnZS1ncmFwaCIsImF1dGhfdGltZSI6MTcwNTQ4ODc5OCwiaXNzIjoiaHR0cHM6XC9cL2NvZ25pdG8taWRwLnVzLWVhc3QtMi5hbWF6b25hd3MuY29tXC91cy1lYXN0LTJfa21KUXNXQVJKIiwiZXhwIjoxNzA1NDkyMzk4LCJpYXQiOjE3MDU0ODg3OTgsInZlcnNpb24iOjIsImp0aSI6Ijc4OGU5MGIxLTBjYjMtNGRhYi04ZTcxLTY1MTBmZWJjOWMzNiIsImNsaWVudF9pZCI6IjNoNzloazRzb2Z1c2IzZnRnbmsxMzNnMGo0In0.ig8jULH9Y01bvFtUAR_XJO5ljR60mo3XdFXiA58qbNpKSNwvJx1tqpLLOSYTG19O_ZrPBpOAT-kPPlYyL9mqacQvybr_CeWkFp_9WuQP8zSEvrDbg7_jwXN4JYSItEVc_NSs2PArUhYEB_gkOOSs814-DO726L6hUr3R6rn1Wk3bz-KU--U9gI9xh0cvQ0RGD1bCryTAG9qSmrz0LR8Dw96jrCPU0Sgv57gXvJ8M1Z-7oa8ajnwfRJaRGQired8coOt9mFiYPjR5GJWW5QCPELpOTKFJRWfi5nc9vvyKLJgdPeGqQyqruj_bBgA7b9hkwePbpNPRt6f9WVl11ip12w",
  "token_type": "Bearer",
  "expires_in": 3600
}

Documentation Index

Fetch the complete documentation index at: https://docs2.travtus.com/llms.txt

Use this file to discover all available pages before exploring further.

The Travtus API requires every request to be authenticated using a Bearer token. Tokens are obtained via the OAuth 2.0 client_credentials grant using the credentials provided to you by Travtus.
1

Request an access token

POST your credentials to the token endpoint to receive an access token valid for 60 minutes.
2

Call the API

Include the access token in the Authorization header of every API request.
Authorization: Bearer <access_token>
3

Re-authenticate when the token expires

The token is valid for 60 minutes (3600 seconds). Request a new token before it expires to maintain uninterrupted access.

Request an Access Token

Request body (application/x-www-form-urlencoded)

client_id
string
required
Your API client ID.
client_secret
string
required
Your API client secret.
grant_type
string
required
Must be client_credentials.

Response

access_token
string
Bearer token to include in the Authorization header of all subsequent API requests.
token_type
string
Always Bearer.
expires_in
integer
Seconds remaining until the token expires. Up to 3600 on a fresh token (60 minutes).
curl -X POST 'https://api.travtus.com/oauth2/token' \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -d 'grant_type=client_credentials' \
  -d 'client_id=<client-id>' \
  -d 'client_secret=<client-secret>'

{
  "access_token": "eyJraWQiOiJzXC9jaDliOVJcL1FwM1lzamQ4cHA1aXRodjJENkxoY1lqSFp4YVE4cFVXNmM9IiwiYWxnIjoiUlMyNTYifQ.eyJzdWIiOiIzaDc5aGs0c29mdXNiM2Z0Z25rMTMzZzBqNCIsInRva2VuX3VzZSI6ImFjY2VzcyIsInNjb3BlIjoidHJhdnR1cy1hcGlcL2tub3dsZWRnZS1ncmFwaCIsImF1dGhfdGltZSI6MTcwNTQ4ODc5OCwiaXNzIjoiaHR0cHM6XC9cL2NvZ25pdG8taWRwLnVzLWVhc3QtMi5hbWF6b25hd3MuY29tXC91cy1lYXN0LTJfa21KUXNXQVJKIiwiZXhwIjoxNzA1NDkyMzk4LCJpYXQiOjE3MDU0ODg3OTgsInZlcnNpb24iOjIsImp0aSI6Ijc4OGU5MGIxLTBjYjMtNGRhYi04ZTcxLTY1MTBmZWJjOWMzNiIsImNsaWVudF9pZCI6IjNoNzloazRzb2Z1c2IzZnRnbmsxMzNnMGo0In0.ig8jULH9Y01bvFtUAR_XJO5ljR60mo3XdFXiA58qbNpKSNwvJx1tqpLLOSYTG19O_ZrPBpOAT-kPPlYyL9mqacQvybr_CeWkFp_9WuQP8zSEvrDbg7_jwXN4JYSItEVc_NSs2PArUhYEB_gkOOSs814-DO726L6hUr3R6rn1Wk3bz-KU--U9gI9xh0cvQ0RGD1bCryTAG9qSmrz0LR8Dw96jrCPU0Sgv57gXvJ8M1Z-7oa8ajnwfRJaRGQired8coOt9mFiYPjR5GJWW5QCPELpOTKFJRWfi5nc9vvyKLJgdPeGqQyqruj_bBgA7b9hkwePbpNPRt6f9WVl11ip12w",
  "token_type": "Bearer",
  "expires_in": 3600
}

Call the API

Include the access_token in the Authorization header of every request. 
Authorization: Bearer <access_token>
The bearer token is valid for 60 minutes (3600 seconds). Once it expires, you must re-authenticate to obtain a new token. Requesting a new token on every API call is unnecessary and may result in throttling.
import requests
import json

url = "https://api.travtus.com/messages/"

payload = json.dumps({
  "channel": "email",
  "group_external_ref": "<community-external-ref>",
  "first_name": "First",
  "last_name": "Last",
  "email": {
    "source": "<source>",
    "message_id": "<message-id>",
    "text": "<message-text>",
    "created_datetime": "2025-06-27T16:45:13.000000",
    "from_email_address": "<from-email>",
    "to_email_addresses": "<to-email>",
    "subject": "<subject>",
    "conversation_id": "<conversation-id>",
    "references": []
  }
})

response = requests.post(url, headers={
  'Content-Type': 'application/json',
  'Authorization': 'Bearer <access_token>'
}, data=payload)

print(response.text)

Rate Limiting

The Travtus API enforces rate limits to ensure platform stability and fair usage across all clients. Exceeding a limit returns HTTP 429 Too Many Requests. Implement exponential backoff when retrying after a 429 response.

Token endpoint (/oauth2/token)

LimitValue
Sustained rate100 requests/second
Burst200 requests

All other API endpoints

LimitValue
Sustained rate10,000 requests/second
Burst5,000 requests

How limits are applied

  • Limits are applied per API key at the API Gateway level.
  • The burst limit allows short spikes above the sustained rate.
  • Clients should implement retry logic with exponential backoff on 429 responses.