Overview
Here are the building blocks to set up your first request.
Authentication
You'll need to include an access token in every request you make to the API.
To create an access token, head to your dashboard. When you create an access token, you'll be able to choose whether to give it read-only or read-write access.
Send your access token in the
Authorization
request header using the "Bearer" authentication scheme:Authorization: Bearer <YOUR_ACCESS_TOKEN>
Versioning
You'll need to send a
Duffel-Version
header with each request so we know which version of the API you want to use. For example:Duffel-Version: v2
Please refer to the Versioning page to learn more about how we version our API.
MIME types
All responses from the API are in JSON format with UTF-8 encoding. An
Accept
header is required with every request:Accept: application/json
All request bodies sent to the API should be in JSON format.
A
Content-Type
header is required whenever you're sending a request body (i.e. for POST
and PUT
requests):Content-Type: application/json
Compression
We recommend enabling compression for responses returned by the API, since they can be very large. To enable compression, send an
Accept-Encoding
header:Accept-Encoding: gzip
You'll need to configure your HTTP client to decompress responses. Most clients will have this functionality built-in.
Request ID
All responses will contain an
x-request-id
header. The value in this header uniquely identifies the request/response.x-request-id: Fs1ffv5QZAgVh6kATEST
We recommend you keep track of this header for debugging purposes. When interacting with the Duffel API support team providing this header will allow the team to give you prompt and personalised support.
Client Correlation ID
Sometimes, you may want to send your own ID in the headers so that you can correlate requests and responses sent from Duffel.
We also provide a header named
x-client-correlation-id
for that purpose.All responses will contain an
x-client-correlation-id
header. The value in this header allows you to set your own client identifier per request/response.x-client-correlation-id: Fs1ffv5QZAgVh6kATEST
When your API client does not set this header, it will have the same value as
x-request-id
in the response.