Skip to main content
GET
/
bookings
Paginated list of the partner's bookings
curl --request GET \
  --url https://api.safarapi.com/api/partner/v1/bookings \
  --header 'Authorization: Bearer <token>'
import requests

url = "https://api.safarapi.com/api/partner/v1/bookings"

headers = {"Authorization": "Bearer <token>"}

response = requests.get(url, headers=headers)

print(response.text)
const options = {method: 'GET', headers: {Authorization: 'Bearer <token>'}};

fetch('https://api.safarapi.com/api/partner/v1/bookings', options)
  .then(res => res.json())
  .then(res => console.log(res))
  .catch(err => console.error(err));
<?php

$curl = curl_init();

curl_setopt_array($curl, [
  CURLOPT_URL => "https://api.safarapi.com/api/partner/v1/bookings",
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => "",
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 30,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => "GET",
  CURLOPT_HTTPHEADER => [
    "Authorization: Bearer <token>"
  ],
]);

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
  echo "cURL Error #:" . $err;
} else {
  echo $response;
}
package main

import (
	"fmt"
	"net/http"
	"io"
)

func main() {

	url := "https://api.safarapi.com/api/partner/v1/bookings"

	req, _ := http.NewRequest("GET", url, nil)

	req.Header.Add("Authorization", "Bearer <token>")

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := io.ReadAll(res.Body)

	fmt.Println(string(body))

}
HttpResponse<String> response = Unirest.get("https://api.safarapi.com/api/partner/v1/bookings")
  .header("Authorization", "Bearer <token>")
  .asString();
require 'uri'
require 'net/http'

url = URI("https://api.safarapi.com/api/partner/v1/bookings")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Get.new(url)
request["Authorization"] = 'Bearer <token>'

response = http.request(request)
puts response.read_body
{ "data": [ { "booking_number": "MV-AB7X92", "partner_reference": "YBANK-BOOK-001", "status": "CONFIRMED", "adventure_slug": "marrakech-3-jours-desert-sandbox", "adventure_title": "[DEMO] 3-day Sahara desert circuit from Marrakech", "travel_date": "2026-07-12", "traveler_name": "A. B.", "pricing": { "b2c_price": { "amount": "5250.00", "currency": "MAD" }, "customer_price": { "amount": "6210.00", "currency": "MAD" }, "amount_due_to_safariat": { "amount": "5162.50", "currency": "MAD" }, "awb_commission_share": { "amount": "87.50", "currency": "MAD" }, "sandbox_surcharge": { "amount": "960.00", "currency": "MAD" }, "indicative": false }, "settlement_id": "0a9f8e7d-6c5b-4a3f-8e2d-1c0b9a8f7e6d", "created_at": "2026-07-12T10:05:00Z" } ], "meta": { "count": 1, "next_cursor": null } }

Authorizations

Authorization
string
header
default:sk_test_DEMO0000_replace_with_your_sandbox_key
required

API key authentication. Issued by the Safariat admin or via the partner portal. The secret is shown only once at generation.

Production sk_live_* keys must additionally sign every write request (POST/PUT/DELETE) with the X-Timestamp and X-Signature headers. Sandbox sk_test_* keys are exempt from request signing: X-Signature and X-Timestamp are not required for writes in the sandbox (so the developer-portal "Try it" playground works end to end). The Idempotency-Key header remains required on writes in both environments.

Query Parameters

status
enum<string>[]

Filter by status (multiple comma-separated values).

The partner channel skips the PENDING status (no payment-wait window). Additional internal Safariat statuses (PAYMENT_PROCESSING, REFUND_PENDING) are never exposed on this API.

Available options:
CONFIRMED,
COMPLETED,
CANCELLED
created_from
string<date-time>
created_to
string<date-time>
travel_date_from
string<date>
travel_date_to
string<date>
customer_reference
string

Filter to bookings whose traveler customer_reference matches this value. Send the plaintext bank customer ID — Safariat applies the same keyed, per-partner-namespaced HMAC-SHA256 used at booking creation and matches the stored hash (exact match; the plaintext is never stored or returned).

Required string length: 1 - 100
cursor
string

Opaque pagination cursor returned by the previous response in meta.next_cursor. Pass null/omit on the first request; absence of next_cursor in the response signals the last page. Treat the cursor as fully opaque — its format is internal and may evolve.

Keyset pagination (all listing endpoints except /adventures). The cursor is anchored on the last row of the previous page, so results are stable under concurrent writes — no duplicates, no skipped rows when items are inserted between page fetches. Two cursors are not interchangeable across endpoints: a cursor obtained from /reviews will be rejected with 400 on /bookings.

/adventures is offset-based by design (dynamic sort: popularity, price, distance) and will not migrate to keyset. Its cursor cannot be passed to other endpoints.

Behavior change (Phase B): /webhooks/deliveries now sorts by created_at instead of updated_at. The previous sort field is mutable (retry attempts), which is incompatible with the keyset invariant. Use the status filter to surface deliveries currently being retried (status=PENDING,FAILED).

Maximum string length: 256
limit
integer
default:25

Maximum number of items per page.

Required range: 1 <= x <= 100

Response

Page of bookings

data
object[]
required
meta
object
required