Skip to main content

Authentication

This guide explains how to authenticate with the Fluxir Travel API using the OAuth 2.0 client_credentials flow. You’ll learn how to activate your API Client in the Travel Agencies Portal and obtain an access token to authorize your API requests.

Prerequisites

Before you begin, make sure you have:

Generating an Access Token

1
Activate an API Client

To activate an API client:

  1. Go to https://travel.fluxir.com.
  2. Navigate to the Settings page.
  3. Click on the API Client Management tab.
  4. Press the Activate API Client button.

A box displaying your Client Secret will appear, similar to the image below:

This secret is shown only once. Copy and store it securely. However, you can regenerate it later if necessary.

After activation, you will have the following credentials:

  • Client ID
  • Client Secret
  • Tenant ID

These are required to request an access token in the next step.

2
Get an Access Token

Send a POST request to the token endpoint:

POST https://auth.fluxir.com/connect/token

Headers:

  • Content-Type: application/x-www-form-urlencoded
  • X-Tenant: <YOUR_TENANT_ID>

Payload:

  • grant_type: client_credentials
  • scope: TravelAide
  • client_id: your Client ID
  • client_secret: your Client Secret
Example Request
curl --request POST 'https://auth.fluxir.com/connect/token' \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --header 'X-Tenant: <YOUR_TENANT_ID>' \
  --data-urlencode 'grant_type=client_credentials' \
  --data-urlencode 'client_id=<YOUR_CLIENT_ID>' \
  --data-urlencode 'client_secret=<YOUR_CLIENT_SECRET>' \
  --data-urlencode 'scope=TravelAide'
Example Response
{
  "access_token": "<ACCESS_TOKEN_VALUE>",
  "expires_in": 31536000,
  "token_type": "Bearer",
  "scope": "TravelAide"
}
Keep your credentials safe

Never share your client_id, client_secret, or access tokens in public places such as GitHub repositories, forums, or others.

These credentials grant access to your tenant’s data and must be treated as sensitive information.

Using the Generated Access Token

Once you obtain the access token, include it in the Authorization header of every API request.

curl --request GET 'https://api.fluxir.com/api/app/travel-services' \
--header 'Authorization: Bearer <ACCESS_TOKEN_VALUE>' \
--header 'X-Tenant: <YOUR_TENANT_ID>' \
--header 'Accept: application/json'