Making requests

Here are the building blocks to set up your first request.

You'll need to include an access token in every request you make to the API.

To create an access token, head to your dashboard. When you create an access token, you'll be able to choose whether to give it read-only or read-write access.

Send your access token in the Authorization request header using the "Bearer" authentication scheme:

Authorization: Bearer <YOUR_ACCESS_TOKEN>

You'll need to send a Duffel-Version header with each request so we know which version of the API you want to use. For example:

Duffel-Version: v1

Please refer to the Versioning page to learn more about how we version our API.

All responses from the API are in JSON format with UTF-8 encoding. An Accept header is required with every request:

Accept: application/json

All request bodies sent to the API should be in JSON format. A Content-Type header is required whenever you're sending a request body (i.e. for POST and PUT requests):

Content-Type: application/json

We recommend enabling compression for responses returned by the API, since they can be very large. To enable compression, send an Accept-Encoding header:

Accept-Encoding: gzip

You'll need to configure your HTTP client to decompress responses. Most clients will have this functionality built-in.

All responses will contain an x-request-id header. The value in this header uniquely identifies the request/response.

x-request-id: Fs1ffv5QZAgVh6kATEST

We recommend you keep track of this header for debugging purposes. When interacting with the Duffel API support team providing this header will allow the team to give you prompt and personalised support.