Getting Started

Get connected with Sabre Corporate Travel Services. (v1)

Scope

This guide outlines the steps to get started with the Corporate Travel Services suite of APIs.

Overview

Get started with Sabre Corporate Travel Services in 4 steps:

Note

If your Sabre Account Representative has already given you base64-encoded credentials, skip to Step 3.

Step 1: Get credentials

To make calls with our APIs, you’ll first need to have access through a set of credentials.

Contact a Sabre Account Representative to sign a contract with Sabre. Your Sabre Account Representative will give you the following credentials:

  • Access to get/use a token
  • Access to Sabre APIs environments
  • Internet Pseudo City Code (iPCC) or Pseudo City Code (PCC): These are alphanumeric identifiers used to identify a travel agency of a Global Distribution System (GDS), such as Sabre. These control which functions your travel agency can perform in the Sabre system.
  • Employee Profile Record (EPR): An EPR is an individual profile of an employee within your travel agency. Your EPR controls which functions you (an employee of a travel agency) can perform in the Sabre GDS. Each EPR is linked to a PCC/iPCC.

In addition to the credentials above, your Sabre Account Representative will also send the following token credentials via email:

Domain: Your domain used to specify your application's Sabre audience.
Password: Your Sabre Corporate Travel Services API password.

Step 2: Construct token credentials

Your token credentials are your signature to our API environment. Now that you've received them from your Sabre Account Representative, it's time to construct them.

Sabre APIs require that you first construct a single base64-encoded string:

Build your Client ID

Build your Client ID using your:

  • EPR (userid)
  • PCC (group)
  • Domain (domain)

Add the static value V1 to the beginning of the string, and separate each value with a colon. The string should follow this format:

V1:userid:group:domain

Base-64 encode your Client ID

Use a base64 encoding tool, such as https://www.base64encode.org, to encode your Client ID from step 1. You'll get something similar to:

VjE6dXNlcmlkOmdyb3VwOmRvbWFpbg==

Base-64 encode your password

Use a base64 encoding tool, such as https://www.pwdgen.org, to encode your Sabre APIs password. You'll get something similar to:

MTIzNDU=

Make a concatenated string

Use your base64-encoded Client ID and base-64 encoded password from steps 2 & 3, and separate the values with a colon to make a concatenated string:

VjE6dXNlcmlkOmdyb3VwOmRvbWFpbg==:MTIzNDU=

Encode a single base-64 encoded string

Base64-encode your concatenated string from step 4 into a single base64 encoded string:

VmpFNmRYTmxjbWxrT21keWIzVndPbVJ2YldGcGJnPT06TVRJek5EVT0=

Verify your token

Use a third-party client such as Postman to verify that your token is valid.

Step 3: Get a token

Your security token gets you connected. These security tokens are mapped to your Sabre credentials and determine your authorization to call your subset of Sabre APIs. To call APIs in the certification environment, you must obtain a token from the certification environment (and vice versa for the production environment).

Follow the steps below to get a sessionless token to call REST APIs:

Make a token request to the endpoint

Construct a token request body as follows:

Field
Description

URL

Required URL

This will always follow the format:
<environment>/v2/auth/token

Authorization

Required authorization header

Must be Authorization: Basic <base64-encoded string>

Content-Type

Required content type header

This will always be application/x-www-form-urlencoded

grant_type

Required grant type header

This will always be client_credentials

source_ip

Optional client source IP payload

Your token request body should look similar to the following:

POST https://api.havail.sabre.com/v2/auth/token HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
Origin: chrome-extension://hgmloofddffdnphfgcellkdfbfbjeloo
Authorization: Basic VmpFNmRYTmxjbWxrT21keWIzVndPbVJ2YldGcGJnPT06TVRJek5EVT0=
Content-Type: application/x-www-form-urlencoded
Accept: */*
grant_type: client_credentials

Get the token from the response

If the request is valid, the body contains the token (access_token), token type (token_type), and token expiration (expires_in):

 {
   "access_token": "T1RLAQLGvbv8bgEDtkUluJb1dBDQ1WJTfBB0OC9XwItgref4u2AKisF4AACQbcNl4UPCzFwNMMXq8VKPTNgXra2nTzlC6Ys45kuwac6d7noUiUb1X+v7rRO5XcNiSUxyie/gPYlPsoZHOWjaQ1pUjDQHJuBZAJ0swMAm2oDiER5HRgCac57GommwHaQNqzTlr4mUgbY6PwQNllIeluAOtKi+42yP+4h7oaWrN/ibm5OWae7dNxDrcwZquGDM",
   "token_type": "bearer",
   "expires_in": 604800
 }
Field
Description

access_token

The sessionless token.

token_type

The type of token returned. Will always be bearer.

expires_in

The time-to-live of the sessionless token in seconds.

If the request is not valid, the server returns the following error message:

 {
   "error": "invalid_client", 
   "error_description": "Credentials are missing or the syntax is not correct"
 }

If the request is unauthorized, the server returns the following error message:

 {
   "error": "invalid_client",
   "error_description": "Wrong clientID or clientSecret"
 }

Note

Refer to Return Codes for further information on API error standards.

Use the token header to call a REST API

Format the header as follows when calling one of our REST APIs:

Field
Description

URL

  • The method, environment, and endpoint for the REST API
  • Method must be UPPER CASE
    Example: GET https://api.havail.sabre.com/v1/lists/supported/shop/themes

Authorization

The header with Authorization: Bearer *your token*

The header used to call the REST API should look like the following:

GET https://api.havail.sabre.com/v1/lists/supported/shop/themes HTTP 1.1
Authorization: Bearer T1RLAQLGvbv8bgEDtkUluJb1dBDQ1WJTfBB0OC9XwItgref4u2AKisF4AACQbcNl4UPCzFwNMMXq8VKPTNgXra2nTzlC6Ys46kuwac6d7noUiUb1X+v7rRO5XcNiSUxyie/gPYlPsoZHOWjaQ1pUjDQHJuCZAJ0swMAm2oDiER5HRgCac57GommwHaQNqzTlr4mUgbY6PwQNllIeluAOtKi+42yP+4h7oaWrN/ibm5OWae7dNxDrcwZquGDM

Note

To determine which environment to make the call to, refer to Environments. To determine the endpoint, refer to API Reference.

Step 4: Build & discover

Now that you’ve constructed your credentials and obtained a token, it’s time to start building.

References

We believe clear, concise documentation is just as important as the API itself. Our API Reference page includes a triple-column sandbox feature that displays example code right next to the documentation. Detailed descriptions and examples are always provided, so you can build faster.

Guides

Looking for inspiration? Check out our Guides for instructions, implementation ideas, resources, and more.

Interact

Know how we can do better? Use the Suggest Edits feature to tell us how.

Announcements

Keep up to date with what’s new, including the most current APIs, with our comprehensive Change Log.

Community

Talk to experts for answers to common questions across our Stack Overflow community.