RESTful API with Full Documentation

Hotel API for Travel Agents

Connect your systems to 50,000+ hotels with our straightforward API. Real-time availability, wholesale rates, instant confirmations. Most integrations are live within 2 weeks.

50K+

Hotels Available

99.7%

API Uptime

< 2 sec

Avg Response

In This Guide

API Overview - What You're Getting

Let me be direct about what this API does and doesn't do. It's a hotel booking API - you send requests, you get hotel data, you make bookings. It's not rocket science, but the devil's in the details.

What the API Provides

  • Hotel search: Find hotels by city, coordinates, or specific hotel IDs. Filter by star rating, price, amenities.
  • Real-time availability: Check what's actually bookable for your dates. Not cached static content - live inventory.
  • Pricing: Net rates (your cost). You handle the markup to your customers.
  • Booking creation: Reserve rooms, get instant confirmation for most properties.
  • Booking management: Retrieve, modify, cancel existing bookings.
  • Voucher generation: Get booking vouchers in PDF or HTML format.

Technical Specs

Protocol REST over HTTPS (TLS 1.2+)
Format JSON (default) or XML
Authentication API Key + Secret (HMAC signature)
Rate Limits 100 requests/minute (standard), higher on request
Environments Sandbox (testing) + Production
Response Time < 2 seconds average, 5 seconds timeout

50,000+

Hotels in API

15+

Countries

99.7%

Uptime SLA

24/7

Tech Support

Who Actually Needs API Integration

Here's the thing - not everyone needs API access. Our web portal handles 90% of use cases just fine. But there are situations where API integration makes sense:

You Should Use the API If...

  • You do 100+ bookings per month
  • You have your own booking website
  • You use custom agency software
  • You need automated workflows
  • You're building a white-label solution

You Probably Don't Need API If...

  • You book manually through staff
  • You do fewer than 50 bookings/month
  • You don't have development resources
  • Our web portal does what you need
  • You're just starting out

If you're in the "probably don't need" category, start with our web portal first. You can always add API integration later. The rates and inventory are identical.

Core Endpoints

Here's an overview of the main API endpoints. Full documentation is provided after registration, but this gives you a sense of the structure.

Hotel Search

GET /api/v2/hotels/search

Search hotels by city, coordinates, or hotel IDs. Returns hotel list with room types and rates.

GET /api/v2/hotels/search? city_code=SIN &check_in=2025-03-15 &check_out=2025-03-18 &rooms=1 &adults=2 &children=0 ¤cy=SGD
{ "success": true, "hotels": [ { "hotel_id": "SIN_12345", "name": "Marina Bay Sands", "star_rating": 5, "address": "10 Bayfront Avenue", "rooms": [ { "room_id": "DLX_CITY", "name": "Deluxe City View", "net_rate": 485.00, "cancellation": "Free until Mar 12" } ] } ], "total": 147 }

Create Booking

POST /api/v2/bookings

Create a new hotel reservation. Returns booking confirmation or error.

{ "hotel_id": "SIN_12345", "room_id": "DLX_CITY", "check_in": "2025-03-15", "check_out": "2025-03-18", "guests": [ { "title": "Mr", "first_name": "John", "last_name": "Smith" } ], "special_requests": "High floor preferred", "your_reference": "AGENCY-2025-001" }

Other Endpoints

GET /api/v2/hotels/{hotel_id}

Get detailed hotel information including photos, amenities, policies.

GET /api/v2/bookings/{booking_id}

Retrieve booking details and current status.

PUT /api/v2/bookings/{booking_id}

Modify an existing booking (dates, guest names, requests).

DELETE /api/v2/bookings/{booking_id}

Cancel a booking. Cancellation fees applied based on policy.

GET /api/v2/bookings/{booking_id}/voucher

Generate PDF or HTML voucher for the booking.

Authentication & Security

We use API Key + HMAC signature for authentication. It's more secure than basic auth and prevents replay attacks.

How It Works

  1. You get an API Key and Secret when approved for API access
  2. Each request includes your API Key in the header
  3. You generate an HMAC-SHA256 signature using your secret + request body + timestamp
  4. We validate the signature server-side
X-API-Key: your_api_key_here X-Timestamp: 1709251200 X-Signature: hmac_sha256(secret, api_key + timestamp + body) Content-Type: application/json

Security Measures

  • TLS 1.2+ Required: All connections must be HTTPS
  • IP Whitelisting: Optional but recommended for production
  • Rate Limiting: 100 req/min default, protects against abuse
  • Request Signing: Prevents tampering and replay attacks
  • Audit Logging: All API calls are logged for troubleshooting

Sandbox Credentials

Sandbox uses separate credentials from production. You can test freely without affecting real inventory or charges. Sandbox data resets weekly.

Code Examples

Here are working examples in common languages. These are simplified - production code should include better error handling.

PHP Example

// Hotel search example in PHP $api_key = 'your_api_key'; $secret = 'your_secret'; $timestamp = time(); $params = [ 'city_code' => 'SIN', 'check_in' => '2025-03-15', 'check_out' => '2025-03-18', 'rooms' => 1, 'adults' => 2 ]; $query = http_build_query($params); $signature = hash_hmac('sha256', $api_key . $timestamp . $query, $secret); $ch = curl_init("https://api.dmcquote.com/v2/hotels/search?{$query}"); curl_setopt($ch, CURLOPT_HTTPHEADER, [ "X-API-Key: {$api_key}", "X-Timestamp: {$timestamp}", "X-Signature: {$signature}" ]); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $response = curl_exec($ch); $hotels = json_decode($response, true);

Python Example

# Hotel search example in Python import requests import hmac import hashlib import time api_key = 'your_api_key' secret = 'your_secret' timestamp = str(int(time.time())) params = { 'city_code': 'SIN', 'check_in': '2025-03-15', 'check_out': '2025-03-18', 'rooms': 1, 'adults': 2 } query = '&'.join([f'{k}={v}' for k, v in params.items()]) signature = hmac.new( secret.encode(), (api_key + timestamp + query).encode(), hashlib.sha256 ).hexdigest() response = requests.get( 'https://api.dmcquote.com/v2/hotels/search', params=params, headers={ 'X-API-Key': api_key, 'X-Timestamp': timestamp, 'X-Signature': signature } ) hotels = response.json()

Node.js Example

// Hotel search example in Node.js const crypto = require('crypto'); const axios = require('axios'); const apiKey = 'your_api_key'; const secret = 'your_secret'; const timestamp = Math.floor(Date.now() / 1000).toString(); const params = { city_code: 'SIN', check_in: '2025-03-15', check_out: '2025-03-18', rooms: 1, adults: 2 }; const query = new URLSearchParams(params).toString(); const signature = crypto .createHmac('sha256', secret) .update(apiKey + timestamp + query) .digest('hex'); const response = await axios.get( 'https://api.dmcquote.com/v2/hotels/search', { params, headers: { 'X-API-Key': apiKey, 'X-Timestamp': timestamp, 'X-Signature': signature } } );

Integration Process

Here's what the typical integration timeline looks like:

Week 1: Setup

  • Register for API access (approval usually same-day for existing agents)
  • Receive sandbox credentials
  • Review documentation
  • Test basic search endpoint

Week 2: Core Integration

  • Implement authentication
  • Build search integration
  • Build booking flow
  • Test in sandbox

Week 3: Polish & Edge Cases

  • Handle error scenarios
  • Implement cancellation flow
  • Add voucher generation
  • Performance testing

Week 4: Go Live

  • Production credentials issued
  • Final testing with real (but refundable) bookings
  • Monitoring setup
  • Live deployment

Support During Integration

You get a dedicated technical contact during integration. Most questions get answered within 2 hours during business hours. We've done this enough times to anticipate common issues.

Technical FAQ

Our hotel API supports both JSON (recommended) and XML formats. JSON is the default and provides faster parsing. Set Accept: application/xml header if you need XML responses. Both use REST architecture with standard HTTP methods.

Most integrations are complete in 2-4 weeks. Basic search and booking functionality can be working in 1 week for experienced developers. Full production integration with error handling, edge cases, and proper testing typically takes 3-4 weeks. We've seen it done in 3 days by teams that really push.

Yes, we provide a full sandbox environment with test data. You can test all API endpoints without making real bookings or charges. Sandbox access is included with API registration. Data resets weekly, so don't rely on specific booking IDs persisting.

Standard rate limit is 100 requests per minute. That's plenty for most integrations. If you need higher limits (high-traffic websites, real-time comparison engines), contact us - we can increase limits for legitimate use cases. Exceeding limits returns 429 status with retry-after header.

Hotel static content (descriptions, photos, amenities) - yes, cache for 24 hours. Rates and availability - cache for maximum 15 minutes, and always re-check before booking. Prices change frequently, and showing stale rates creates booking failures and customer frustration.

We support webhooks for booking status changes (confirmations, cancellations, amendments). You provide an endpoint, we POST updates when bookings change. Useful for keeping your systems in sync without polling. Webhook setup is documented in the API portal.

Related Resources

B2B Hotel Portal

Use our web portal if you don't need API integration - same inventory, no development required.

Portal Development Guide

Building your own travel portal? This guide covers build vs buy decisions.

Hotel Booking System

Overview of our complete hotel booking capabilities.

Technical Support

Questions about API integration? Our tech team can help.

Ready to Integrate?

API access is available to registered agents after initial portal usage. Start with the portal, then add API integration when you're ready.

Register as Agent Talk to Tech Team

Technical questions? Email api-support@travel-dmc.com or call +65-8948-0242