Please check with your Trust My Travel Account Manager before completing any integration work to ensure you follow the correct developer documents depending on the Trust My Travel product you have signed up for.
Requests to our API can now be signed with an API Token, as an alternative to the JWT token authentication that we also provide. The main difference between these two methods is that you control when an API Token expires, whereas a JWT token will always expire after 15 minutes. This also reduces the number of requests per round trip by one, as you no longer need to obtain a JWT token as your first request in the chain.
You have the option of setting an expiry date on an API token or having no expiry if you wish to handle token rotation on a more manual basis. You can also invalidate an API token at any time if you suspect it has been compromised or if it has expired. Please note, there is a maximum of 2 API tokens per site (including expired tokens). Please also be aware that at the point of API token creation the token must be stored to your systems or password manager as it is not viewable again.
Documentation on API tokens is available here: