04_POSTMAN_QUICKSTART

Graphical reference view with linked API documentation.

Postman Quickstart — Copy/Paste Requests

Use this page for fastest API testing in Postman.

Environment variables

Create a Postman environment with:

  • base_url = https://www.safewaytravel.net (or your tenant domain)
  • tenant_id = your tenant id (e.g. 1)
  • tenant_slug = your tenant slug (optional alternative to tenant_id)
  • email = test user email
  • password = test user password
  • access_token = (empty initially; set from token response)

1) Login / issue token

Method: POST
URL: {{base_url}}/api/v1/auth/token

Headers

  • Accept: application/json
  • Content-Type: application/json

Body (raw JSON)

{
  "email": "{{email}}",
  "password": "{{password}}",
  "device_name": "Postman Dev"
}

Tests tab script (optional)

const json = pm.response.json();
if (json.access_token) {
  pm.environment.set("access_token", json.access_token);
}

2) Profile details (for other end display)

Method: GET
URL: {{base_url}}/api/v1/auth/profile

Headers

  • Accept: application/json
  • Authorization: Bearer {{access_token}}

This returns the full profile payload (identity, role, permissions, tenant, balances, preferences).

3) Hotel availability (tenant-aware engine)

Method: POST
URL: {{base_url}}/api/v1/availability/search

Headers

  • Accept: application/json
  • Content-Type: application/json
  • X-Tenant: {{tenant_slug}} (or pass tenant_id in body)

Body (raw JSON)

{
  "tenant_id": {{tenant_id}},
  "checkIn": "2026-05-20",
  "checkOut": "2026-05-23",
  "destinationCode": "NYC",
  "adults": 2,
  "children": 0,
  "roomQuantity": 1,
  "currency": "USD"
}

This follows tenant admin vendor configuration (example: Bonotel-only tenant returns Bonotel inventory only).

4) Vacation incentives — destinations

Method: GET
URL: {{base_url}}/api/v1/deals/incentives/destinations?country=US&tenant_id={{tenant_id}}

Headers

  • Accept: application/json

5) Vacation incentives — issue vacation

Method: POST
URL: {{base_url}}/api/v1/deals/incentives/issue-vacation

Headers

  • Accept: application/json
  • Content-Type: application/json
  • Authorization: Bearer {{access_token}}
  • X-Tenant: {{tenant_slug}}

Body (raw JSON)

{
  "tenant_id": {{tenant_id}},
  "country": "US",
  "destination_id": "123",
  "full_name": "John Agent",
  "email": "john@example.com",
  "phone": "+1-555-100-2000",
  "message": "Issuing from Postman quickstart"
}

6) Vacation pool (post-login)

Method: GET
URL: {{base_url}}/api/v1/deals/incentives/vacation-pool

Headers

  • Accept: application/json
  • Authorization: Bearer {{access_token}}

Troubleshooting

  • 401 with HTML login response -> ensure Accept: application/json is present.
  • 401 JSON -> token missing/expired; re-run token request.
  • 403 on issue-vacation -> tenant mismatch (non-super-admin users must redeem in their own tenant).
  • Availability results not matching expected vendors -> call /api/v1/tenant/capabilities first and verify vendors_effective.