Skip to main content

Documentation Index

Fetch the complete documentation index at: https://developers.safarapi.com/llms.txt

Use this file to discover all available pages before exploring further.

1. Sign up for sandbox

curl -X POST https://api.safarapi.com/v1/auth/signup \
  -H 'Content-Type: application/json' \
  -d '{
    "company_name": "Your Bank",
    "legal_name": "Your Bank S.A.",
    "contact_email": "dev@yourbank.com",
    "contact_phone": "+212600000000",
    "use_case": "Embed travel marketplace in mobile app"
  }'
Within seconds, your inbox receives a magic link. Clicking it lands you in console.safarapi.com where your sandbox bearer key is displayed once. Copy it — we cannot retrieve it for you.
The bearer token is shown a single time. Lose it and you’ll have to revoke and re‑issue a new key from the console.

2. Browse the catalogue

curl https://api.safarapi.com/v1/adventures \
  -H 'Authorization: Bearer sk_test_ABCDWXYZ_<your-secret>'
The catalogue is paginated. Every adventure includes title, duration, price already adjusted to your partner pricing rules (zero margin in sandbox by default).

3. Get a frozen quote

curl -X POST https://api.safarapi.com/v1/quotes \
  -H 'Authorization: Bearer sk_test_...' \
  -H 'Idempotency-Key: 11111111-1111-1111-1111-111111111111' \
  -H 'X-Timestamp: '$(date +%s) \
  -H 'X-Signature: <hmac>' \
  -H 'Content-Type: application/json' \
  -d '{
    "adventure_slug": "marrakech-3-jours-desert",
    "rate_pack_id": "DEMO-rp-001",
    "start_date": "2026-07-12",
    "rooms": [{ "adults": 2, "children": [{ "age": 8 }], "extra_beds": 0 }]
  }'
The response includes id (the quote_id), net_amount (what you owe SafarAPI), breakdown (per‑line detail), and expires_at (30 minutes from now).
The HMAC signature is hex(HMAC_SHA256(secret, "{timestamp}\n{method}\n{path}\n{body}")). Code samples for Node.js, Python, PHP, Java are in authentication.

4. Confirm a booking

Your customer pays in your app’s checkout — SafarAPI never touches the card data. Once payment is captured on your side, send the booking: 
curl -X POST https://api.safarapi.com/v1/bookings \
  -H 'Authorization: Bearer sk_test_...' \
  -H 'Idempotency-Key: 22222222-2222-2222-2222-222222222222' \
  -H 'X-Timestamp: '$(date +%s) \
  -H 'X-Signature: <hmac>' \
  -H 'Content-Type: application/json' \
  -d '{
    "quote_id": "...",
    "partner_reference": "YBANK-BOOK-2026-01234",
    "traveler": {
      "first_name": "Ali",
      "last_name": "Benali",
      "email": "test.success@bank.example",
      "phone": "+212600000001",
      "language": "fr",
      "customer_reference": "your-internal-customer-id"
    },
    "payment_confirmation": {
      "bank_payment_ref": "YBANK-PAY-2026-99887",
      "paid_amount_total": "3200.00",
      "paid_amount_net": "2880.00",
      "paid_at": "2026-07-01T14:23:55Z",
      "payment_method": "CARD"
    }
  }'
Response includes booking_number (format MV-XXXXXX), status: CONFIRMED, and the immediate voucher.

5. Retrieve the voucher

curl -L https://api.safarapi.com/v1/bookings/MV-ABC123/voucher.pdf \
  -H 'Authorization: Bearer sk_test_...'
Returns a 302 redirect to a signed R2 URL valid for 7 days. The voucher is also emailed to the traveller automatically.

Next steps

Authentication deep dive

Bearer + HMAC details, code samples in 4 languages

Sandbox guide

Test traveller emails, reset behaviour, rate limits