POST /api-clients/token

Exchange your API credentials (API Key + API Secret) for a JWT token usable to authenticate your requests to the geocoding API.

Endpoint

POST https://api2.gotravelyzer.com/api-clients/token

Authentication

This endpoint does not require a token. It uses your API credentials (apiKey + apiSecret) in the request body.

Parameters

Request Body

Parameter	Type	Required	Description
`apiKey`	`string`	Yes	Your API Key (format `gck_xxx`)
`apiSecret`	`string`	Yes	Your API Secret (format `gcs_xxx`)
`expiresIn`	`string`	No	Token validity duration (default: `1h`)

`expiresIn` Values

Value	Duration	Recommendation
`30m`	30 minutes	Quick tests
`1h`	1 hour	Short user sessions
`24h`	24 hours	Web applications (recommended default)
`7d`	7 days	Mobile applications
`30d`	30 days	Server-to-server integrations

The longer the validity duration, the higher the risk if compromised. Choose a duration appropriate for your use case.

Request

Basic Example

curl -X POST "https://api2.gotravelyzer.com/api-clients/token" \
  -H "Content-Type: application/json" \
  -d '{
    "apiKey": "gck_your_api_key",
    "apiSecret": "gcs_your_api_secret"
  }'

With Custom Duration

curl -X POST "https://api2.gotravelyzer.com/api-clients/token" \
  -H "Content-Type: application/json" \
  -d '{
    "apiKey": "gck_your_api_key",
    "apiSecret": "gcs_your_api_secret",
    "expiresIn": "24h"
  }'

Response

Success (200 OK)

{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJjbGllbnRfYWJjMTIzIiwiaWF0IjoxNzA5MDAwMDAwLCJleHAiOjE3MDkwMDM2MDB9.abc123...",
  "expiresAt": "2026-02-24T13:00:00.000Z",
  "clientId": "client_abc123"
}

Response Fields

Field	Type	Description
`token`	`string`	JWT token to use in the `Authorization: Bearer <token>` header
`expiresAt`	`string`	Token expiration date and time (ISO 8601 format)
`clientId`	`string`	Unique identifier of your application

Using the Token

Once the token is obtained, include it in all your geocoding API requests:

curl "https://places.gotravelyzer.com/v1/geocoding/forward?query=Paris" \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."

HTTP Codes

Code	Status	Description
`200`	OK	Token generated successfully
`400`	Bad Request	Missing or invalid parameter
`401`	Unauthorized	Invalid API Key or API Secret
`403`	Forbidden	Account disabled or restrictions in place
`429`	Too Many Requests	Too many token requests

Error Examples

400 Bad Request - Missing Parameter

{
  "statusCode": 400,
  "error": "Bad Request",
  "message": "apiKey is required"
}

401 Unauthorized - Invalid Credentials

{
  "statusCode": 401,
  "error": "Unauthorized",
  "message": "Invalid API key"
}

{
  "statusCode": 401,
  "error": "Unauthorized",
  "message": "Invalid API secret"
}

403 Forbidden - Disabled Account

{
  "statusCode": 403,
  "error": "Forbidden",
  "message": "API key disabled"
}

Automation Script

Here's a practical script to obtain and use a token:

#!/bin/bash
 
# Configuration
API_KEY="gck_your_api_key"
API_SECRET="gcs_your_api_secret"
 
# Get the token
RESPONSE=$(curl -s -X POST "https://api2.gotravelyzer.com/api-clients/token" \
  -H "Content-Type: application/json" \
  -d "{\"apiKey\": \"$API_KEY\", \"apiSecret\": \"$API_SECRET\", \"expiresIn\": \"24h\"}")
 
# Extract the token
TOKEN=$(echo $RESPONSE | jq -r '.token')
 
# Check if the token is valid
if [ "$TOKEN" == "null" ] || [ -z "$TOKEN" ]; then
  echo "Error: Unable to get token"
  echo $RESPONSE
  exit 1
fi
 
echo "Token obtained successfully"
echo "Expiration: $(echo $RESPONSE | jq -r '.expiresAt')"
 
# Usage example
curl "https://places.gotravelyzer.com/v1/geocoding/forward?query=Paris" \
  -H "Authorization: Bearer $TOKEN"

Best Practices

Token Storage

Never store the token in source code
Use environment variables or a secrets manager
In production, implement an automatic refresh mechanism

Renewal

Renew the token before it expires
Monitor the expiresAt field to anticipate renewal
On 401 Token expired error, request a new token

Security

Use HTTPS for all communications
Don't log tokens in your application logs
Implement regular rotation of API Secrets

Limits

Limit	Value
Maximum token size	~500 characters
Minimum duration	1 minute
Maximum duration	30 days
Token requests	100 per minute per API Key

Token

POST /api-clients/token

Endpoint

Authentication

Parameters

Request Body

`expiresIn` Values

Request

Basic Example

With Custom Duration

Response

Success (200 OK)

Response Fields

Using the Token

HTTP Codes

Error Examples

400 Bad Request - Missing Parameter

401 Unauthorized - Invalid Credentials

403 Forbidden - Disabled Account

Automation Script

Best Practices

Token Storage

Renewal

Security

Limits

Next Steps

Forward Geocoding

Rate Limits

POST /api-clients/token

Endpoint

Authentication

Parameters

Request Body

expiresIn Values

Request

Basic Example

With Custom Duration

Response

Success (200 OK)

Response Fields

Using the Token

HTTP Codes

Error Examples

400 Bad Request - Missing Parameter

401 Unauthorized - Invalid Credentials

403 Forbidden - Disabled Account

Automation Script

Best Practices

Token Storage

Renewal

Security

Limits

Next Steps

Forward Geocoding

Rate Limits

`expiresIn` Values