Getting Started

Get connected with Sabre Corporate Travel Services. (v1)


This guide outlines the steps to get started with the Corporate Travel Services suite of APIs.


Get started with Sabre Corporate Travel Services in 4 steps:


If your Sabre Account Representative has already given you base64-encoded credentials, skip to Step 3.

Step 1: Get credentials

To make calls with our APIs, you’ll first need to have access through a set of credentials.

Contact a Sabre Account Representative to sign a contract with Sabre. Your Sabre Account Representative will give you the following credentials:

  • Access to get/use a token
  • Access to Sabre APIs environments
  • Internet Pseudo City Code (iPCC) or Pseudo City Code (PCC): These are alphanumeric identifiers used to identify a travel agency of a Global Distribution System (GDS), such as Sabre. These control which functions your travel agency can perform in the Sabre system.
  • Employee Profile Record (EPR): An EPR is an individual profile of an employee within your travel agency. Your EPR controls which functions you (an employee of a travel agency) can perform in the Sabre GDS. Each EPR is linked to a PCC/iPCC.

In addition to the credentials above, your Sabre Account Representative will also send the following token credentials via email:

Domain: Your domain used to specify your application's Sabre audience.
Password: Your Sabre Corporate Travel Services API password.

Step 2: Construct token credentials

Your token credentials are your signature to our API environment. Now that you've received them from your Sabre Account Representative, it's time to construct them.

Sabre APIs require that you first construct a single base64-encoded string:

Build your Client ID

Build your Client ID using your:

  • EPR (userid)
  • PCC (group)
  • Domain (domain)

Add the static value V1 to the beginning of the string, and separate each value with a colon. The string should follow this format:


Base-64 encode your Client ID

Use a base64 encoding tool, such as, to encode your Client ID from step 1. You'll get something similar to:


Base-64 encode your password

Use a base64 encoding tool, such as, to encode your Sabre APIs password. You'll get something similar to:


Make a concatenated string

Use your base64-encoded Client ID and base-64 encoded password from steps 2 & 3, and separate the values with a colon to make a concatenated string:


Encode a single base-64 encoded string

Base64-encode your concatenated string from step 4 into a single base64 encoded string:


Verify your token

Use a third-party client such as Postman to verify that your token is valid.

Step 3: Get a token

Your security token gets you connected. These security tokens are mapped to your Sabre credentials and determine your authorization to call your subset of Sabre APIs. To call APIs in the certification environment, you must obtain a token from the certification environment (and vice versa for the production environment).

Follow the steps below to get a sessionless token to call REST APIs:

Make a token request to the endpoint

Construct a token request body as follows:



Required URL

This will always follow the format:


Required authorization header

Must be Authorization: Basic <base64-encoded string>


Required content type header

This will always be application/x-www-form-urlencoded


Required grant type header

This will always be client_credentials


Optional client source IP payload

Your token request body should look similar to the following:

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
Origin: chrome-extension://hgmloofddffdnphfgcellkdfbfbjeloo
Authorization: Basic VmpFNmRYTmxjbWxrT21keWIzVndPbVJ2YldGcGJnPT06TVRJek5EVT0=
Content-Type: application/x-www-form-urlencoded
Accept: */*
grant_type: client_credentials

Get the token from the response

If the request is valid, the body contains the token (access_token), token type (token_type), and token expiration (expires_in):

   "access_token": "T1RLAQLGvbv8bgEDtkUluJb1dBDQ1WJTfBB0OC9XwItgref4u2AKisF4AACQbcNl4UPCzFwNMMXq8VKPTNgXra2nTzlC6Ys45kuwac6d7noUiUb1X+v7rRO5XcNiSUxyie/gPYlPsoZHOWjaQ1pUjDQHJuBZAJ0swMAm2oDiER5HRgCac57GommwHaQNqzTlr4mUgbY6PwQNllIeluAOtKi+42yP+4h7oaWrN/ibm5OWae7dNxDrcwZquGDM",
   "token_type": "bearer",
   "expires_in": 604800


The sessionless token.


The type of token returned. Will always be bearer.


The time-to-live of the sessionless token in seconds.

If the request is not valid, the server returns the following error message:

   "error": "invalid_client", 
   "error_description": "Credentials are missing or the syntax is not correct"

If the request is unauthorized, the server returns the following error message:

   "error": "invalid_client",
   "error_description": "Wrong clientID or clientSecret"


Refer to Return Codes for further information on API error standards.

Use the token header to call a REST API

Format the header as follows when calling one of our REST APIs:



  • The method, environment, and endpoint for the REST API
  • Method must be UPPER CASE
    Example: GET


The header with Authorization: Bearer *your token*

The header used to call the REST API should look like the following:

Authorization: Bearer T1RLAQLGvbv8bgEDtkUluJb1dBDQ1WJTfBB0OC9XwItgref4u2AKisF4AACQbcNl4UPCzFwNMMXq8VKPTNgXra2nTzlC6Ys46kuwac6d7noUiUb1X+v7rRO5XcNiSUxyie/gPYlPsoZHOWjaQ1pUjDQHJuCZAJ0swMAm2oDiER5HRgCac57GommwHaQNqzTlr4mUgbY6PwQNllIeluAOtKi+42yP+4h7oaWrN/ibm5OWae7dNxDrcwZquGDM


To determine which environment to make the call to, refer to Environments. To determine the endpoint, refer to API Reference.

Step 4: Build & discover

Now that you’ve constructed your credentials and obtained a token, it’s time to start building.


We believe clear, concise documentation is just as important as the API itself. Our API Reference page includes a triple-column sandbox feature that displays example code right next to the documentation. Detailed descriptions and examples are always provided, so you can build faster.


Looking for inspiration? Check out our Guides for instructions, implementation ideas, resources, and more.


Know how we can do better? Use the Suggest Edits feature to tell us how.


Keep up to date with what’s new, including the most current APIs, with our comprehensive Change Log.


Talk to experts for answers to common questions across our Stack Overflow community.

Getting Started

Get connected with Sabre Corporate Travel Services. (v1)

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.