Here are the building blocks to set up your first request.


You'll need to include an access token in every request you make to the API.
To create an access token, head to your dashboard. When you create an access token, you'll be able to choose whether to give it read-only or read-write access.
Send your access token in the Authorization request header using the "Bearer" authentication scheme:


Authorization: Bearer <YOUR_ACCESS_TOKEN>


You'll need to send a Duffel-Version header with each request so we know which version of the API you want to use. For example:
Duffel-Version: v1
Please refer to the Versioning page to learn more about how we version our API.

MIME types

All responses from the API are in JSON format with UTF-8 encoding. An Accept header is required with every request:


Accept: application/json
All request bodies sent to the API should be in JSON format. A Content-Type header is required whenever you're sending a request body (i.e. for POST and PUT requests):


Content-Type: application/json


We recommend enabling compression for responses returned by the API, since they can be very large. To enable compression, send an Accept-Encoding header:
Accept-Encoding: gzip
You'll need to configure your HTTP client to decompress responses. Most clients will have this functionality built-in.

Request ID

All responses will contain an x-request-id header. The value in this header uniquely identifies the request/response.


x-request-id: Fs1ffv5QZAgVh6kATEST
We recommend you keep track of this header for debugging purposes. When interacting with the Duffel API support team providing this header will allow the team to give you prompt and personalised support.

Client Correlation ID

Sometimes, you may want to send your own ID in the headers so that you can correlate requests and responses sent from Duffel.
We also provide a header named x-client-correlation-id for that purpose.
All responses will contain an x-client-correlation-id header. The value in this header allows you to set your own client identifier per request/response.


x-client-correlation-id: Fs1ffv5QZAgVh6kATEST
When your API client does not set this header, it will have the same value as x-request-id in the response.