API background
Developer API

Build with the
Tour Frontier API

Integrate AI-powered travel planning, real-time flight & hotel search, destination data, and itinerary generation into your own products.

Request API AccessView Endpoints
EndpointsAuthenticationRate LimitsError CodesWebhooksGet API Key
6+
API Endpoints
99.9%
Uptime SLA
<120ms
Avg Response Time
50M+
API Calls Served

Who Uses Our API?

From indie developers to enterprise travel platforms — our API fits every scale.

Travel Agencies

Embed AI itinerary generation and live flight search directly into your booking platform.

Mobile Apps

Power your travel app with destination data, weather, and hotel search via REST.

Developers

Build custom travel tools, bots, or dashboards using our clean, well-documented API.

OTAs & Portals

Integrate Tour Frontier's AI recommendations into your existing travel portal.

API Endpoints

Explore our REST API endpoints. All responses are JSON. Base URL: https://api.tourfrontier.com

GET/v1/destinations

Returns a paginated list of destinations with metadata, ratings, and travel tips.

Parameters

limitintegerNumber of results (max 100)
offsetintegerPagination offset
regionstringFilter by region (e.g. "europe")

Sample Response

{
  "status": "success",
  "data": {
    "id": "paris-france",
    "name": "Paris",
    "country": "France",
    "region": "europe",
    "rating": 4.9,
    "avg_temp_c": 12,
    "best_months": ["Apr", "May", "Sep", "Oct"],
    "highlights": [
      "Eiffel Tower",
      "Louvre Museum",
      "Montmartre",
      "Seine River Cruise"
    ],
    "avg_daily_budget_usd": 180,
    "visa_required": false
  }
}
Quick Start

Up and running in minutes

Authenticate with your API key, make your first request, and start building. Our REST API follows standard conventions — no SDKs required, though we offer them for JavaScript, Python, and Go.

  • RESTful JSON API with predictable responses
  • Bearer token authentication
  • Comprehensive error codes & messages
  • Webhook support for async events
  • Rate limiting with clear headers
example.js
// Install: npm install axios
const axios = require('axios');

const response = await axios.get(
  'https://api.tourfrontier.com/v1/destinations',
  {
    headers: {
      'Authorization': `Bearer $${YOUR_API_KEY}`,
    }
  }
);

console.log(response.data);
Security

Authentication

All API requests must be authenticated. Choose the method that fits your architecture — all keys are scoped to your plan and can be rotated at any time.

API Key Format

Live keys are prefixed tf_live_ and test keys are prefixed tf_test_. Never expose live keys in client-side code or public repositories.

Get API Key

Bearer Token

Pass your API key as a Bearer token in the Authorization header. This is the recommended method for server-side requests.

Example

// HTTP Header
Authorization: Bearer YOUR_API_KEY

// Example with fetch
const res = await fetch('https://api.tourfrontier.com/v1/destinations', {
  headers: {
    'Authorization': 'Bearer tf_live_abc123xyz',
    'Content-Type': 'application/json'
  }
});

Never expose keys client-side

Store API keys in environment variables or a secrets manager. Never commit them to version control.

Rotate keys regularly

Rotate your API keys every 90 days or immediately if you suspect a compromise. Old keys are invalidated instantly.

Use scoped permissions

Request only the OAuth scopes your app needs. Principle of least privilege reduces your attack surface.

Throttling

Rate Limits

Rate limits are enforced per API key using a sliding window algorithm. Exceeding limits returns a 429 Too Many Requests response.

Limits by Plan

PlanPer MinutePer HourPer Day
Sandbox10 req/min100 req/hr1,000 req/day
Growth120 req/min5,000 req/hr50,000 req/day
EnterpriseCustomCustomUnlimited

Rate Limit Response Headers

X-RateLimit-LimitTotal requests allowed in the current window
X-RateLimit-RemainingRequests remaining in the current window
X-RateLimit-ResetUnix timestamp when the window resets
Retry-AfterSeconds to wait before retrying (only on 429 responses)

Handling Rate Limits — Retry with Backoff

retry.ts
async function fetchWithRetry(
  url: string,
  options: RequestInit,
  maxRetries = 3
): Promise<Response> {
  for (let attempt = 0; attempt <= maxRetries; attempt++) {
    const res = await fetch(url, options);

    if (res.status !== 429) return res;

    const retryAfter = res.headers.get('Retry-After');
    const delay = retryAfter
      ? parseInt(retryAfter) * 1000
      : Math.pow(2, attempt) * 1000; // exponential backoff

    console.warn(`Rate limited. Retrying in ${delay}ms...`);
    await new Promise((r) => setTimeout(r, delay));
  }
  throw new Error('Max retries exceeded');
}

Pro Tip: Cache responses

Destination data and weather forecasts change infrequently. Cache responses for 5–15 minutes to dramatically reduce your request count and improve latency.

Reference

Error Codes

All errors return a consistent JSON body with error.code, error.message, and an optional error.details array.

HTTP Status Codes

200

OK

Request succeeded. Response body contains the requested data.

201

Created

Resource created successfully (e.g. new itinerary generated).

400

Bad Request

Invalid request parameters. Check the error.details field for specifics.

401

Unauthorized

Missing or invalid API key. Verify your Authorization header.

403

Forbidden

Valid key but insufficient permissions for this endpoint or plan.

404

Not Found

The requested resource does not exist.

422

Unprocessable

Request body is valid JSON but fails business logic validation.

429

Too Many Requests

Rate limit exceeded. Check Retry-After header and back off.

500

Server Error

Unexpected server error. Retry with exponential backoff.

503

Service Unavailable

Temporary outage. Check status.tourfrontier.com for updates.

Error Response Shape

error-response.json
// 401 Unauthorized
{
  "error": {
    "code": "UNAUTHORIZED",
    "message": "Invalid or missing API key.",
    "docs": "https://docs.tourfrontier.com/auth"
  }
}

// 422 Validation Error
{
  "error": {
    "code": "VALIDATION_FAILED",
    "message": "Request validation failed.",
    "details": [
      {
        "field": "duration",
        "issue": "Must be between 1 and 30 days"
      },
      {
        "field": "interests",
        "issue": "At least one interest is required"
      }
    ]
  }
}

// 429 Rate Limited
{
  "error": {
    "code": "RATE_LIMIT_EXCEEDED",
    "message": "Too many requests. Slow down.",
    "retry_after": 12
  }
}

Quick Debugging Checklist

  • Verify your API key starts with tf_live_ or tf_test_
  • Check Authorization header spelling and spacing
  • Confirm your plan supports the endpoint you're calling
  • Validate all required parameters are present
  • Check status.tourfrontier.com for active incidents
Request Access

Get Your API Key

Tell us a bit about your project and we'll get you set up with API credentials within 1 business day. For urgent needs, contact us directly.

0/500

Tour Frontier Developer API — Build with AI Travel Data

What You Can BuildThe Tour Frontier API gives developers programmatic access to AI itinerary generation, real-time flight and hotel search, destination data for 55+ curated locations, 7-day weather forecasts, and webhook events for bookings and payments. Travel agencies can embed AI itinerary generation into their booking flows. Mobile app developers can power destination discovery and hotel search. AI and chatbot developers can use our structured endpoints as tool calls in LLM-powered applications. OTAs can integrate Tour Frontier's recommendations into existing portals. The free Sandbox plan provides 1,000 API calls per month for development and testing.
API Design & ReliabilityThe Tour Frontier API is a RESTful JSON API with a 99.9% uptime SLA and sub-120ms average response times. It follows standard HTTP conventions — predictable URLs, consistent error formats, cursor-based pagination, and ETag support for conditional requests. Authentication uses industry-standard Bearer tokens and OAuth 2.0. All endpoints are versioned (currently v1) with a backward-compatibility guarantee. Rate limits are enforced per API key using a sliding window algorithm, with clear response headers showing your remaining quota. The Growth plan ($49/month) allows 120 requests per minute and 50,000 requests per day.
Getting StartedGetting started with the Tour Frontier API takes less than 10 minutes. Fill out the API access request form on this page and we'll send your credentials within 1 business day. A free Sandbox plan is available immediately for development and testing. We provide official client libraries for JavaScript/TypeScript (available on npm as @tourfrontier/sdk), Python (available on PyPI as tourfrontier), and Go (available as a Go module). All SDKs include full type definitions, automatic retry with exponential backoff, and built-in support for pagination. For questions, contact developers@tourfrontier.com.

We use cookies to enhance your experience

We use cookies to personalize content, analyze traffic, and improve our services. By clicking "Accept All", you consent to our use of cookies. Cookie Policy & Privacy Policy

Talk with Us