{"activeVersionTag":"latest","latestAvailableVersionTag":"latest","collection":{"info":{"_postman_id":"8879628a-7be0-4d21-abfc-d678dac52ba1","name":"Travefy API - Public","description":"<img src=\"https://travefy-assets.s3.amazonaws.com/img/app/misc/Travefy-API-Banner.jpg\">\n\nHere are some pre-made requests for you to explore the API using [Postman.](https://getpostman.com)\n\n# API Keys\n\nYou need API credentials (keys) to use Travefy’s API. Please note that Travefy’s API is a paid product separate from seat licenses. Additionally, you can find all API pricing information [here](https://intercom.help/travefy/articles/956803-api-pricing).\n\n- To learn more about Travefy’s paid API or to purchase API Keys please email [apisales@travefy.com](https://mailto:apisales@travefy.com)\n    \n- If you already have API keys / credentials and are in need of support you can contact our API support team at [apisupport@travefy.com](https://mailto:apisupport@travefy.com)\n    \n\nThere is a public key and a private key for your platform.\n\nThink of your private key like a password:\n\n- Store it securely\n    \n- Don't share it with anyone outside of your organization\n    \n- Don't put it in any code on your website or in a Url that someone could find\n    \n\n`Users` you've created on the platform also have a `PublicKey` and private `AccessToken`. This `AccessToken` is specific to your platform and acts as a password for the `User`, so do not share this access token. It may be revoked by the `User` at any time.\n\nDifferent calls in the API require different keys. For example, creating and managing `Users` requires your platform's secret key. Creating `Trips` on behalf of a `User` requires your platform's public key and the `AaccessToken` for the `User`. Check each call for the requirements.\n\n# Setup\n\nNOTE: You'll need to [create an environment in Postman](https://www.getpostman.com/docs/environments), select that environment, and enter your platform's api keys in the `0 - Setup/Environment Setup` pre-request script ([documentation on pre-request scripts](http://www.getpostman.com/docs/pre_request_scripts)) to set the environment variables. Also, the calls have dependencies. A `Trip` must be created before a `TripDay`, a `TripDay` must be created before a `TripEvent`, and `GET`/`UPDATE`/`DELETE` calls will only work after an item is created with a `POST`.\n\nNOTE: The [Create Full Trip](#10087261-a1b2-a05d-966d-bcf4609fc649) request is the only request that allows child entities (days, events, and ideas) to be passed in with the parent entity. All other calls will only affect the primary entity.\n\n# Making Your First Call\n\nMaking your first call  \nTest that you have the headers setup by making a `GET` request to `/api/v1/echo` with the `X-API-PUBLIC-KEY` header set to your platform's public key. [Here's the Postman test for that](#ae3d-d794-c1e9-ba9f-25414ce121bb). You should get a `HTTP 200 OK` response if your keys are correct.\n\nNext, make a `GET` request to /api/v1/secureEcho with the `X-API-PUBLIC-KEY` and `X-API-PRIVATE-KEY` headers set to your platform's public and private keys. [Here's the Postman test for that](#bc0d6a-f565-164d-0699-baae5899a97e). You should get a `HTTP 200 OK` response if your keys are correct.\n\n# Environments\n\n| Environment | API Base Url | Web App Url |\n| --- | --- | --- |\n| Production | [https://api.travefy.com/](https://api.travefy.com/) | [https://travefy.com/](https://travefy.com/) |\n\nNotes:\n\n- Your platform will have separate API keys for each environment.\n    \n- Data created or modified in each environment will not affect the other.\n    \n- Data cannot be transfered from one environment to the other.\n    \n\n# Versioning\n\nIf any breaking changes are made on an endpoint, then those change will be rolled out in a new version of the API. The version of an endpoint to use can be indicated in the request using the following methods:\n\n1. `/v1-{apiVersion}/...`By adding a prefixed path to the api\n    \n2. Header value of `X-API-VERSION: {apiVersion}`\n    \n3. Query string of `apiVersion={apiVersion}`\n    \n\nThe above methods are list in increasing precedence, e.g. if both the `apiVersion={apiVersion}` query string value is present and the `/v1-{apiVersion}/...` route is used, the version given in the `apiVersion` query string parameter will be used. The HTTP response, will contain the version number of the API version selected for the request in a `X-API-VERSION` header.\n\nTo upgrade the API version application-wide, using Methods 1 or 2 is best.\n\nTo upgrade the version to user for a specific enpoint, using Methods 2 or 3 is best.\n\nThe api version numbers are 8-digit encodings of their release date in the format `YYYYMMDD`.\n\n# Deprecations\n\nDeprecated endpoints are marked with `- Deprecated)`. The documentation for these endpoints will indicate when the endpoint was deprecated, as well as the proper alternative endpoint to use.\n\nFurthermore, When hitting these endpoints, the HTTP response with contain the headers `X-API-DEPRECATED-ON` and `X-API-DEPRECATED-MOVE-TO` to provide this information as well.\n\n# Changelog\n\n## 02-12-2019 (v20190212)\n\nThis update now includes the `Info & Documents` section. Below is some information about this section:\n\n- There is no way to delete this section\n    \n- You can only have one `Info & Documents` section on a trip\n    \n- The `Info & Documents` section cannot be renamed\n    \n- The only event type that can be used in the `Info & Documents` section is the \"info\" event type (12)\n    \n- The `Info & Documents` events only have 4 sections\n    \n    1. Name\n        \n    2. Description\n        \n    3. Images\n        \n    4. TripIdeas\n        \n\nThe `Info & Documents` section is parameter `isSupplemental` either `true` or `false`. If you set `\"isSupplemental\": false` the events you created are placed on a \"normal\" day. If you set this to `true`, the events you created are placed in the `Info & Documents` section.\n\nYou will find more infomation about how this section is created or affected by a request, in that specific request's information. Below is a list of some of the requests you should be aware of:\n\n- [Create Trip](https://developer.travefy.com/#58752c87-04ef-4fdb-ad8c-b8619da0948f) - the `Info & Documents` section is automatically created\n    \n- [Create Full Trip](https://developer.travefy.com/#cb4a3717-ca90-4c3a-8e3e-2edb1910c580) - the `IsSupplemental` is required on all days\n    \n- [Create Trip Day](https://developer.travefy.com/#e8c423ef-c19e-4d84-9473-a8f40d60814f) - the `IsSupplemental` is not required on this request but is automatically set to `false`\n    \n\n# Single Sign-On (SSO)\n\nFor platforms that have it enabled, `Users` can be authenticated into your platform the Travefy environment from your site. To use this, `POST` a `form` to `https://{{your-travefy-platform-url}}/auth/tokenBasedLogin`. The `User` will then be authenticated and redirected to their account page.\n\nHere is a sample HTML form:\n\n```html\n <body>\n <!-- Change the host name if you are using a custom domain -->\n   <form action=\"https://travefy.com/auth/tokenBasedLogin\" method=\"post\">\n    <!-- add your PUBLIC key here -->\n     <input type=\"hidden\" name=\"platformPublicKey\" value=\"3f3663bca6b7471281e5751d233e970e\" />\n    <!-- add the user&#x27;s access token here (details on the user token: https://documenter.getpostman.com/view/322751/travefy-api-public/53p#Users) -->\n     <input type=\"hidden\" name=\"userAccessToken\" value=&#x27;adf10ffa370b4b5a836dfd40d691df05&#x27; />\n    <!-- style/name this button whatever you&#x27;d like -->\n     <button type=&#x27;submit&#x27;>Go To Travefy!</button>\n    <!-- after clicking this button, the user will be authenticated on the Travefy platform and have their authentication cookies set -->\n   </form>\n   <br/>\n  <a href=\"https://developer.travefy.com/#intro\">API welcome documentation</a>\n   <br/>\n  <a href=\"https://developer.travefy.com/#Users\">API Users documentation</a>\n </body>\n```\n\nYou'll need to do a few changes from this example:\n\n1. Change the base URL from `travefy.com` to your Travefy platform URL.\n    \n2. Add your platform's public key. _NOTE: DO NOT add your Private Key to any public or user-accessible page_.\n    \n3. Add the user's access token. _NOTE: This is a secure token and should be on a page that only authorized users can access._\n    \n4. Style the button.\n    \n\n# Authorization Redirect Url\n\nFor platforms that have it enabled, after users have completed authorization of the platform, they will be redirected to the authorization redirect url. The platform can retrieve information about user that has just completed authorization of the platform using the provided `authorizationCode`. This would most commonly be used associate a Travefy user account with the user account on the platform.\n\n## Authorization Code\n\nAfter the user has completed authorization they will be redirected to the platform provided authorization redirect url with the `authorizationCode` included in the `code` query parameter.\n\nExample: `https://yourdomain.com/travefy-authorization-callback?code={{authorizationCode}}`\n\nThe `authorizationCode` will only be valid for 10 minutes. Upon redirect he platform should immediately request user information using the [<code>GET Get Users by Authorization Code</code>](https://developer.travefy.com/#7fc0d076-e8dc-4beb-940e-a45282a28a3e) request and complete the association of the Travefy user to the platform user.\n\n## Enabling a Platform Authorization Redirect Url\n\nIf you would like to enable an authorization redirect url please contact support at [apisupport@travefy.com](https://mailto:apisupport@travefy.com).\n\nBefore your authorization redirect url will be enabled, your redirect url must be tested by Travefy and meet the Guidelines for Authorization Redirect Url.\n\n## Guidelines for Authorization Redirect Url\n\nTo enable use of the Authorization Redirect Url your redirect url must meet the following guidelines.\n\n### User Experience Guidelines\n\n- Upon redirection with a valid `authenticationCode`:\n    \n    - The user must be displayed a message that indicates that authorization was successful.\n        \n    - The user should be shown a message that explains what a successful authorization means. An example of this would be `Your {platformName} account has been connected to your Travefy account. You can now send trips to your Travefy account.`\n        \n    - The user must also be provided a link to either your application or Travefy that helps them to get back in to the application. In addition to the link you may also provide a delayed automatic redirect to the link destination.\n        \n- Upon redirection with an invalid `authenticationCode`:\n    \n    - The user must be notified that their authentication was not successful.\n        \n    - The user must be provide with instructions on how to attempt their authorization again.\n        \n    - The user must be provided with support contact information for your platform.\n        \n- Provide a method to de-authorize the platform. This should send the user to `https://travefy.com/account/unauthorize/{platformSlug}` so that they are able to de-authorize your platform.\n    \n\n### Security Guidelines\n\n- The authorization redirect url must include a request throttle. More than 10 attempts an hour should not be allowed for a specific ip.\n    \n- If the `authorizationCode` provided to the authorization redirect url is not valid you must not expose the specific reason. There should be no difference to the user if your platform receives a `Gone`, `NotFound` or any other error response from the [<code>GET Get Users by Authorization Code</code>](https://developer.travefy.com/#7fc0d076-e8dc-4beb-940e-a45282a28a3e) request. Best practice would be to inform the user that their authorization is no longer valid and provide them with instructions on how to attempt again. The request endpoint exposes the specifics of the errors so that the platform assist users with issues they may experience during authorization.\n    \n\n# API Pricing\n\nClick [here](https://intercom.help/travefy/api-and-developer-tools/api-pricing) for information on our API pricing.\n\n# Questions/Comments/Suggestions\n\nIf you have any questions or comments, please let us know at [apisupport@travefy.com](https://mailto:apisupport@travefy.com).","schema":"https://schema.getpostman.com/json/collection/v2.0.0/collection.json","isPublicCollection":false,"owner":"242473","collectionId":"8879628a-7be0-4d21-abfc-d678dac52ba1","publishedId":"RzZFDcZB","public":true,"publicUrl":"https://developer.travefy.com","privateUrl":"https://go.postman.co/documentation/242473-8879628a-7be0-4d21-abfc-d678dac52ba1","customColor":{"top-bar":"44BBFF","right-sidebar":"303030","highlight":"2BEAAF"},"documentationLayout":"classic-double-column","version":"8.11.4","publishDate":"2019-03-29T18:52:38.000Z","activeVersionTag":"latest","documentationTheme":"light","metaTags":{},"logos":{}},"statusCode":200},"environments":[],"user":{"authenticated":false,"permissions":{"publish":false}},"run":{"button":{"js":"https://run.pstmn.io/button.js","css":"https://run.pstmn.io/button.css"}},"web":"https://www.getpostman.com/","team":{"logo":"https://res.cloudinary.com/postman/image/upload/t_team_logo_pubdoc/v1/team/768118b36f06c94b0306958b980558e6915839447e859fe16906e29d683976f0","favicon":"https://travefy.com/favicon.ico"},"isEnvFetchError":false,"languages":"[{\"key\":\"csharp\",\"label\":\"C#\",\"variant\":\"HttpClient\"},{\"key\":\"csharp\",\"label\":\"C#\",\"variant\":\"RestSharp\"},{\"key\":\"curl\",\"label\":\"cURL\",\"variant\":\"cURL\"},{\"key\":\"dart\",\"label\":\"Dart\",\"variant\":\"http\"},{\"key\":\"go\",\"label\":\"Go\",\"variant\":\"Native\"},{\"key\":\"http\",\"label\":\"HTTP\",\"variant\":\"HTTP\"},{\"key\":\"java\",\"label\":\"Java\",\"variant\":\"OkHttp\"},{\"key\":\"java\",\"label\":\"Java\",\"variant\":\"Unirest\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"Fetch\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"jQuery\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"XHR\"},{\"key\":\"c\",\"label\":\"C\",\"variant\":\"libcurl\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Axios\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Native\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Request\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Unirest\"},{\"key\":\"objective-c\",\"label\":\"Objective-C\",\"variant\":\"NSURLSession\"},{\"key\":\"ocaml\",\"label\":\"OCaml\",\"variant\":\"Cohttp\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"cURL\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"Guzzle\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"HTTP_Request2\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"pecl_http\"},{\"key\":\"powershell\",\"label\":\"PowerShell\",\"variant\":\"RestMethod\"},{\"key\":\"python\",\"label\":\"Python\",\"variant\":\"http.client\"},{\"key\":\"python\",\"label\":\"Python\",\"variant\":\"Requests\"},{\"key\":\"r\",\"label\":\"R\",\"variant\":\"httr\"},{\"key\":\"r\",\"label\":\"R\",\"variant\":\"RCurl\"},{\"key\":\"ruby\",\"label\":\"Ruby\",\"variant\":\"Net::HTTP\"},{\"key\":\"shell\",\"label\":\"Shell\",\"variant\":\"Httpie\"},{\"key\":\"shell\",\"label\":\"Shell\",\"variant\":\"wget\"},{\"key\":\"swift\",\"label\":\"Swift\",\"variant\":\"URLSession\"}]","languageSettings":[{"key":"csharp","label":"C#","variant":"HttpClient"},{"key":"csharp","label":"C#","variant":"RestSharp"},{"key":"curl","label":"cURL","variant":"cURL"},{"key":"dart","label":"Dart","variant":"http"},{"key":"go","label":"Go","variant":"Native"},{"key":"http","label":"HTTP","variant":"HTTP"},{"key":"java","label":"Java","variant":"OkHttp"},{"key":"java","label":"Java","variant":"Unirest"},{"key":"javascript","label":"JavaScript","variant":"Fetch"},{"key":"javascript","label":"JavaScript","variant":"jQuery"},{"key":"javascript","label":"JavaScript","variant":"XHR"},{"key":"c","label":"C","variant":"libcurl"},{"key":"nodejs","label":"NodeJs","variant":"Axios"},{"key":"nodejs","label":"NodeJs","variant":"Native"},{"key":"nodejs","label":"NodeJs","variant":"Request"},{"key":"nodejs","label":"NodeJs","variant":"Unirest"},{"key":"objective-c","label":"Objective-C","variant":"NSURLSession"},{"key":"ocaml","label":"OCaml","variant":"Cohttp"},{"key":"php","label":"PHP","variant":"cURL"},{"key":"php","label":"PHP","variant":"Guzzle"},{"key":"php","label":"PHP","variant":"HTTP_Request2"},{"key":"php","label":"PHP","variant":"pecl_http"},{"key":"powershell","label":"PowerShell","variant":"RestMethod"},{"key":"python","label":"Python","variant":"http.client"},{"key":"python","label":"Python","variant":"Requests"},{"key":"r","label":"R","variant":"httr"},{"key":"r","label":"R","variant":"RCurl"},{"key":"ruby","label":"Ruby","variant":"Net::HTTP"},{"key":"shell","label":"Shell","variant":"Httpie"},{"key":"shell","label":"Shell","variant":"wget"},{"key":"swift","label":"Swift","variant":"URLSession"}],"languageOptions":[{"label":"C# - HttpClient","value":"csharp - HttpClient - C#"},{"label":"C# - RestSharp","value":"csharp - RestSharp - C#"},{"label":"cURL - cURL","value":"curl - cURL - cURL"},{"label":"Dart - http","value":"dart - http - Dart"},{"label":"Go - Native","value":"go - Native - Go"},{"label":"HTTP - HTTP","value":"http - HTTP - HTTP"},{"label":"Java - OkHttp","value":"java - OkHttp - Java"},{"label":"Java - Unirest","value":"java - Unirest - Java"},{"label":"JavaScript - Fetch","value":"javascript - Fetch - JavaScript"},{"label":"JavaScript - jQuery","value":"javascript - jQuery - JavaScript"},{"label":"JavaScript - XHR","value":"javascript - XHR - JavaScript"},{"label":"C - libcurl","value":"c - libcurl - C"},{"label":"NodeJs - Axios","value":"nodejs - Axios - NodeJs"},{"label":"NodeJs - Native","value":"nodejs - Native - NodeJs"},{"label":"NodeJs - Request","value":"nodejs - Request - NodeJs"},{"label":"NodeJs - Unirest","value":"nodejs - Unirest - NodeJs"},{"label":"Objective-C - NSURLSession","value":"objective-c - NSURLSession - Objective-C"},{"label":"OCaml - Cohttp","value":"ocaml - Cohttp - OCaml"},{"label":"PHP - cURL","value":"php - cURL - PHP"},{"label":"PHP - Guzzle","value":"php - Guzzle - PHP"},{"label":"PHP - HTTP_Request2","value":"php - HTTP_Request2 - PHP"},{"label":"PHP - pecl_http","value":"php - pecl_http - PHP"},{"label":"PowerShell - RestMethod","value":"powershell - RestMethod - PowerShell"},{"label":"Python - http.client","value":"python - http.client - Python"},{"label":"Python - Requests","value":"python - Requests - Python"},{"label":"R - httr","value":"r - httr - R"},{"label":"R - RCurl","value":"r - RCurl - R"},{"label":"Ruby - Net::HTTP","value":"ruby - Net::HTTP - Ruby"},{"label":"Shell - Httpie","value":"shell - Httpie - Shell"},{"label":"Shell - wget","value":"shell - wget - Shell"},{"label":"Swift - URLSession","value":"swift - URLSession - Swift"}],"layoutOptions":[{"value":"classic-single-column","label":"Single Column"},{"value":"classic-double-column","label":"Double Column"}],"versionOptions":[],"environmentOptions":[{"value":"0","label":"No Environment"}],"canonicalUrl":"https://developer.travefy.com/view/metadata/RzZFDcZB"}