GlossaryRequest Access

Card Payments

The API allows card payments to be made to an existing booking using the following endpoint:

which returns an URL to the TTC Payment Services card payment form, e.g:-


This URL can be used to render the card payment form within an iFrame, e.g:-

                <iframe id='paymentServicesForm' class='Payment-iframe'
                width='100%' scrolling='no' />

After the card payment form is submitted. TTC Payment Services sends a callback response which is published to the browser as a window event.

TTC Payment Services browser window event callback response

Below is an example of the TTC Payment Services callback response:-

Response Fields
paymentSuccessful"true" or "false" depending on whether the payment was successfully submitted to the payment provider i.e. CyberSource
typedetermines the response type, currently only set to "CyberSourcePaymentResponse"
paymentStatuscan be either "SUCCESS" - payment was successfully processed by both the payment provider and TTC downstream systems
or "PARTIALLY_COMPLETED" - payment was successfully processed by the payment provider but the failed to update TTC downstream systems
amountPaidspecifies the amount paid and any fees if applicable

The following JavaScript code provides an example of how to attach an event listener to the browser window. It checks the paymentSuccessful boolean flag in the TTC Payment Services response JSON.
The JavaScript function needs to run within the same page which contains the card payment form embedded as an iFrame.

// function for attaching a TTC Payment Services event listener to the browser window
function listenForPaymentServicesPostMessages () {
  if (window._paymentServicesPostMessageHandler) {
    window.removeEventListener('message', window._paymentServicesPostMessageHandler, false)
  var postMessageHandler = function(event) {
    return this.paymentServicesResponseReceived(event)
  window._paymentServicesPostMessageHandler = postMessageHandler
  window.addEventListener('message', postMessageHandler, false)

function paymentServicesResponseReceived (event) {
  // Get TTC Payment Services card payment form URL
  var paymentFormURL = // i.e. $
  var origin = event.origin || event.originalEvent.origin
  if (paymentFormURL.indexOf(origin) !== -1) {
    var paymentServicesResponse = JSON.parse(
    if (paymentServicesResponse.paymentSuccessful === 'true') {

TTC Payment Services server-to-server callback response

Below is an example of the TTC Payment Services server-to-server callback response:-

 "status": "success",
 "amount": "1000",
 "currency": "USD",
 "bookingId": "B12345",
 "sellingCompany": "TTUSAS",
 "transactionId": "TTUSAS-B12345-1234567",
 "billingAddress": {
   "line1": "11 Grosvenor Place",
   "line2": "",
   "city": "London",
   "country": "United Kingdom",
   "state": "",
   "postCode": "SW1X 7HH"
 "authToken": "eyJhbGciOiJIUzI1N.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c",
Response Fields
status"success" or "failure" depending on whether the payment was successfully processed
amountthe amount paid and any fees if applicable
currencythe currency that was used to make the payment
bookingIdId of the booking for which payment was made
sellingCompanySelling company of the tour
transactionIdUnique identifier of a payment made for a booking
billingAddressBilling address used to make the card payment
authTokenJWT signature for the response data

How to verify signature in the card payment server-to-server callback response

We use JWT asymmetric keys mechanism to sign the card payment response sent in the server-to-server callback after a payment is done. The response payload is signed by a private key on the sender end and a public key is used on the receiver end to verify the signature.

In order to verify the signature in the response payload, please use this public key :-

-----END PUBLIC KEY-----


Departure availability status. Some statuses are only shown to internal API clients. Possible values are:

availableDeparture can be booked online.
closedDeparture is no longer available and can not be booked.
cancelledDeparture has been cancelled and can not be booked.
onRequestDeparture is still available but can not be booked online. One needs to get in touch with the selling company.
noYieldThe departure has not been entered into yield management.
tooLateDeparture date is too close to the current date.internal
closedNotAmendableDeparture has been closed and can not be reopened.internal


Travel Corporation tour operator. Possible values are:

aatkingsAAT Kings
brendanvacationsBrendan Vacations
insightvacationsInsight Vacations
luxurygoldLuxury Gold
grandeuropeantravelGrand European Travel <i>(coming soon)</i>


A particular date on which tour departs. Tours have typically many departures sold in (and localised to) multiple regions.


Tours may have seasonal differences in itinerary, prices, accommodation, etc. Each season has its own set of departures.

Tour Options

Tours can have options. For example "Best of Greece" tour may have a "3 day Aegean cruise" extension resulting in "Best of Greece" having 2 options. Each option has its own set of seasons with departures.


Regions where tours are sold (aka Point of Sale). In API responses, tour content and departures differ for each selling region. Possible values are:

usUnited StatesUSD
ukUnited KingdomGBP
nzNew ZealandNZD
zaSouth AfricaZAR
zzRest of WorldUSD