Developer Guide
Itinerary Data Transmission via CIBT Visa Alert API
For CIBT to create the customized emails that are sent to travelers, partners must share enough itinerary information and traveler details to generate the specific email notification.
- The itinerary data must be constructed in the JSON format described in the following paragraphs and sent through our Visa Alert (VA) API.
- The VA API allows partners to submit itinerary data in JSON format with a REST API request.
- The API endpoint accepts multiple (up to 1000) itineraries in one request.
Data Format
{
"ItineraryList": [
{
"RequiredData": {
"AccountCode": 04345,
"ApplicationDomain": "USA",
"FirstName": "John",
"LastName": "Doe",
"Email": "JohnTraveler@SomeDomain.com",
"Nationality": "USA",
"State": "VA",
"Destination1": "CHN",
"EntryDate1": "03/31/2024",
"ExitDate1": "04/10/2024",
"Purpose1": "B",
"Destination2": "IND",
"Purpose2": "T",
"EntryDate2": "04/11/2024",
"ExitDate2": "04/21/2024",
"Destination3": "SRL",
"Purpose3": "T",
"EntryDate3": "04/22/2024",
"ExitDate3": "04/25/2024"
},
"OptionalData": {
"ExternalReference": "XJ4230",
"CountryOfResidence": "USA",
"AgentEmail": "agentsally@cibttravel.com",
"AgentName": "Sally Field"
}
}
]
}
Web Service Authentication
To submit itinerary and traveler profile details to us using the VA API, partners will need their partner_code and partner_password. Partners must use these credentials to establish authentication for API usage. Basic Authenticaton method with encoded credentials must be included in the API request. The security of data transfer process is strictly enforced through SSL. This protects authentication credentials in transit and guarantees the integrity of the transmitted data to CIBT. More details about API Security and Basic Authentication are provided below.
Obtaining Credentials from CIBT
Once the required business arrangement has been completed, your Account Manager will provide a unique partner_code and partner_password.
Credentials | Description |
---|---|
partner_code | Unique Partner Code to identify the partner, required to access the API |
partner_password | Unique Password for partner authentication, required to access the API |
Sending Itineraries
Once a partner has received their partner_code and partner_password from CIBT, they should store these credentials to use them while sending itinerary data to CIBT. The partner_code and partner_password must be included as Authorization headers in the API request to send itinerary data as illustrated in the diagram below. The Authorization will allow a partner to successfully submit itinerary data to CIBT.
API Security
To ensure security of the VA API, CIBT provides HTTPS endpoints for the API. Partners must ensure they use a secure connection (HTTPS) when sending REST API requests. An API request must also include a HTTP Basic Authentication in order for CIBT to accept the request. Partners will need to include a base64 encoded partner_code and partner_password in the Authorization header as Basic Authentication.
Basic Authentication Header Format
An Authorization header with Basic authentication credentials must always be included in the API requests. Partners must follow the below procedure to construct the Authorization header:
- The partner_code and partner_password must be combined with a single colon. (:)
- The resulting string must be base64 encoded
- The encoded string must be appended to authorization method and a space (e.g. “Basic <encoded string>”).
For example, a partner_code of “100001″, and a partner_password of “Api@Test123!” combines into the following string: “100001:Api@Test123!” and is base64 encoded as “MTAwMDAxOkFwaUBUZXN0MTIzIQ==”. Then Authorization header will look like this below:
Authorization: Basic MTAwMDAxOkFwaUBUZXN0MTIzIQ==