Skip to content

TQPro API Specification

Overview

The TQPro REST API provides a comprehensive set of endpoints for travel and tourism management. All endpoints use JSON for request and response bodies.

Base URL: https://<server>:11079/api (HTTPS) or http://<server>:11080/api (HTTP)

Content Type: application/json

Authentication

The API supports a three-tier authentication pipeline, evaluated in order:

Tier 1: Bearer JWT Token (OIDC)

Used by the admin site (tqweb-adm) with native OIDC authentication via Keycloak.

Authorization: Bearer <jwt_token>

The JWT is validated against Keycloak's public keys (RS256). User identity and roles are extracted from the token claims. See OIDC Migration Implementation Plan for details.

Tier 2: Proxy Headers (oauth2-proxy)

Used during the OIDC migration transition period when auth-mode=hybrid.

  • X-User — User identity (from oauth2-proxy)
  • X-Roles — User roles (from oauth2-proxy)
  • X-Email — User email
  • X-Auth-Request-Access-Token — Access token

Tier 3: Guest / Session Token

Used by the public site (tqweb-pub) and unauthenticated requests.

  • session parameter in request body — obtained via /user/authenticate endpoint
  • If no authentication is present, the request defaults to guest access

Guest access permissions are defined in api-roles.properties. Obtain a session token via the User API /user/authenticate endpoint.

Authentication Mode

The auth-mode property in tlinqapi.properties controls which tiers are active:

Mode Tier 1 (JWT) Tier 2 (Headers) Tier 3 (Guest)
oauth2-proxy Off On On
hybrid On On On
native-oidc On Off On

Standard Response Format

All endpoints return a TlinqApiResponse wrapper:

{
  "apiStatus": {
    "errorCode": "OK",
    "errorMessage": "Success"
  },
  "apiData": { ... }
}

API Groups

API Base Path Description Specification
System /system Health checks and readiness probes System
Booking /booking Booking creation, confirmation, and ticket retrieval Booking
Cart /cart Shopping cart management and checkout Cart
Common /common Utilities: countries, web tracking, CAPTCHA Common
Customer /customer Customer management and trip requests Customer
Document /document Invoice/quote generation, file uploads, payments Document
Flight /flight Flight search, pricing, and booking Flight
Group /groups Group travel: passengers, hotels, transport, rooms Group
Hotel /hotel Hotel management, availability, and GDS search Hotel
Marketing /marketing Marketing campaigns, activities, and team management Marketing
Media /media CDN media browser, image upload with resize/WebP, marketing file upload Media
Product /product Product catalog, variants, and availability Product
TripMaker /tripmaker Trip planning: projects, itineraries, costing, PDF TripMaker
TripOffer /tripoffer Marketing pages and content snippets TripOffer
User /user Authentication, registration, profile management User
Visa /visa Visa applications, applicants, documents, secure S3 storage, OTP-verified delivery Visa
Cruise /cruise Cruise management: ships, cabins, itineraries, pricing Cruise
Offline Ticket /offline Offline ticket inventory: attractions, batches, PDF upload, sales, downloads Offline Ticket
Payment Callback /payment Telr payment gateway callbacks for offline tickets and hotel bookings Payment Callback

Quick Reference

Customer-Facing APIs

  • User - Login, registration, password management
  • Product - Browse products and check availability
  • Cart - Add items and checkout
  • Booking - View and manage bookings
  • Flight - Search and book flights
  • Hotel - Search accommodations

Back-Office APIs

Payment Integration

Operations

  • System - Health checks and readiness probes

Content Management

Common Error Codes

Code Description
OK Success
GENERAL General error
MISSING_PARAMETER Required parameter not provided
NOTFOUND Resource not found
NOT_LOGGED_IN Authentication required
TOKEN_ERROR Invalid session token
INVALID_FORMAT Invalid data format
NOT_IMPLEMENTED Feature not yet implemented