Hospitality Commerce API
Concepts

How does delegation work?

Agents act on behalf of travelers using short-lived JWTs. The platform records both "which agent acted" and "on whose behalf."

What is delegation?

When an agent books or cancels a stay, the platform needs to know who the traveler is. The agent attaches a short-lived JWT in the X-Delegated-User header, signed by a trusted delegation issuer.

Which routes require delegation?

RouteDelegation required
POST /v1/bookingsYes
POST /v1/bookings/{id}/cancelYes
All other routesNo

JWT requirements

ClaimRequiredDescription
issYesMust match a registered delegation issuer
subYesTraveler identifier
audYesMust include the platform's audience
expYesKeep short (minutes, not hours)

Accepted algorithms: RS256, ES256.

Error codes

CodeStatusRecovery
delegation_required401Mint a JWT and retry
delegation_invalid401Check detail.reason, remint
delegation_issuer_unknown401Escalate to tenant admin

detail.reason values for delegation_invalid: expired, bad_signature, missing_claim, audience_mismatch, unsupported_algorithm.

Discovering trusted issuers

GET /.well-known/delegation-issuers

Returns active issuers with JWKS URL and allowed audiences.

How does idempotency work?

Holds and bookings use client-chosen idempotency keys. Retries return cached responses — including sealed business errors.

How do receipts work?

High-value mutations return HMAC-signed receipts. Agents keep them as proof of transactions.

On this page

What is delegation?Which routes require delegation?JWT requirementsError codesDiscovering trusted issuers