Jets & Partners API
Docs / Authentication

Authentication

Secure your API requests with key-based authentication.

Keep your API key secure

Never expose API keys in client-side code, public repositories, or URLs. Treat your key like a password.

Obtaining an API Key

  1. Contact hello@jets.partners with your company name and use case
  2. Complete the client registration process
  3. Receive your API key (prefixed with jtp_)
  4. Store securely in environment variables

Authentication Methods

RECOMMENDED

Bearer Token

curl -H "Authorization: Bearer jtp_your_api_key" \
  https://booking.api.jets.partners/api/airports/search?q=Paris

X-API-Key Header

curl -H "X-API-Key: jtp_your_api_key" \
  https://booking.api.jets.partners/api/airports/search?q=Paris

Permissions

Permission Endpoints Description
read All GET endpoints Search airports, view account info, usage stats
write All POST endpoints Quoting, empty legs search

Rate Limiting

Rate limit information is included in response headers:

Header Description
X-RateLimit-LimitMaximum requests per window
X-RateLimit-RemainingRemaining requests in current window
X-RateLimit-ResetUnix timestamp when the window resets

Security Best Practices

Use Environment Variables

Store API keys in env vars, never hardcode in source files.

Rotate Keys Regularly

Generate new keys periodically and revoke old ones.

HTTPS Only

All requests must use HTTPS. HTTP requests are rejected.

Monitor Usage

Check your usage dashboard for unexpected activity patterns.

Authentication Errors

Code Status Description
MISSING_API_KEY401No API key provided in request
INVALID_API_KEY401API key is invalid or revoked
INSUFFICIENT_PERMISSIONS403Key lacks required permissions
RATE_LIMIT_EXCEEDED429Too many requests in time window