Picture

Primary API Interactions

The following API interactions are most important when getting started:

Authentication

  • /api/authentication/web-service-user ("authenticated" access)

  • /api/authentication/partner (Trusted Partner access only)

Helpful API's (depending on granted access via web service user setup)

  • /api/companies

  • /api/customers

  • /api/employees

  • /api/reservations (supports non-quoted reservation ops)

  • /api/vehicles

  • /api/webhooks

Reservation/Quote APIS

  • /api/quote-packages (quotes reservations ops only)

Review and search the full API specification for more details.

Access to Operator Databases

Once authenticated via the API, authorization within a specific operator databases is configured within each operator database. Operators have the ability to incrementally authorize access to operator data via API security. That is, operators control what a partner can do via the API. For example, operators can choose to allow the creation and booking of quotes/reservations via the quote engine, but not allow access to customer and corporate profiles.

Click Here to download a QuickStart guide including how to setup the Operators System for access.

JWT Authentication

The Partner API uses JWT authentication to manage identity and access to various APIs. JWTs are issued via the authentication methods for web service users and partners. Once a token is issued, is should be reused within the token expiration time frame (30 minutes). As necessary, access tokens can be "refreshed" using the refresh token key. This allows the an access token to be extended up to 12 hours for a single Partner authentication login. In general, access tokens and refresh tokens should be  retrieved and refreshed as much as possible to limit the number of calls to the authentication endpoint.

Once a token is issues, it should be passed within the Authenticationheader using "bearer" token type.

Authorization: Bearer [TOKEN VALUE]

More Information on JSON Web Tokens can be found here.

Authentication APIs

  • /api/authentication/web-service-user

  • /api/authentication/partner

Required Headers

In addition to the Authorizationheader for post-authentication requests, the headers described below are required for ALL API requests.

Partner-Access-Key

The API allows access via specific partner keys. These keys are generated when your API account is initially provisioned. The keys are provisioned specific to an API "product", which provides access to underlying APIs. You are provides a primary and secondary key; both can be used. Keep in mind, this key provides access to you and should not be shared. Operators will see the related partner information in their database when the key is used.

The Partner-Access-Key header must be sent with every API call.

If this header is not defined or invalid, you will receive the following error:

"[400] API Gateway Not Authorized"

Partner-Api-Version

The API is segregated by version. Although a single version of the API is currently available, the caller must still distinguish the target version via required parameter. The current API version is "v2.2", therefore the header will read "Partner-Api-Version: v2.2".

The Partner-Api-Version header must be sent with every API call.

If this header is not defined, you will receive the following error:

"[400] Missing Required Header: Partner-Api-Version"

System-Id

The API targets specific systems using the System-Id header. This header is required for all API calls. It is the primary driver for which FASTTRAK database is being accessed. The System-Id can be found within the FASTTRAK software or by contacting support@fasttrakcloud.com.

The System-Id header must be sent with every API call.

If this header is not defined or invalid, you will receive the following error:

"[400] Missing Required Header: System-Id"