Development Reference — API Integration

This page is the high-level reference for developers integrating with the travel portal API.

Base rules

• Prefer versioned routes: /api/v1/...
• Always send Accept: application/json
• For protected endpoints, send Authorization: Bearer {access_token}
• For tenant-scoped behavior on stateless clients, pass one:
  • tenant_id (query/body), or
  • tenant (id/slug/domain), or
  • X-Tenant header

Function references (separate docs)

1. Login / auth
   • 01_AUTHENTICATION.md
2. Hotels API engine (tenant vendor filtering, booking flow)
   • 02_HOTELS_TENANT_ENGINE.md
3. Vacation incentives
   • 03_VACATION_INCENTIVES.md
   • Full contract: VACATION_INCENTIVES_MOBILE_API.md
4. Postman quickstart (ready-to-run)
   • 04_POSTMAN_QUICKSTART.md

Machine-readable checks

• Tenant capabilities, branding, and effective hotel vendors:
  • GET /api/v1/tenant/capabilities
  • Returns enabled_products, mobile.branding (logo, tagline, storefront URL), and mobile.profile_features (same toggles as web profile)

Mobile apps (Flutter)

• Repo: /mobile (Safeway Travel + Lux Vacation Deals flavors)
• Setup: /mobile/README.md
• Auth: POST /api/v1/auth/token → Authorization: Bearer … + X-Tenant: {domain}

In-app developer page

• Tenant admin: /tenant-admin/developer
• Super admin: /super-admin/developer

These pages show the active tenant context and vendor effectivity that should match the front-end behavior.