Skip to main content
The Tripfy Africa REST API gives you programmatic access to packages, destinations, bookings, and user management. It is designed for mobile apps, SPAs, and third-party integrations.
Base URL: https://tripfy.africa/api/v1All requests and responses use application/json. Character encoding is UTF-8.

Authentication

The API uses Laravel Sanctum bearer tokens. Obtain a token by calling POST /api/v1/auth/login or POST /api/v1/auth/register, then include it in every authenticated request: 
Authorization: Bearer 1|abc123def456...
See the Authentication page for the full token lifecycle.

Rate limiting

Three tiers apply depending on the endpoint type:
Endpoint typeLimitWindow
Public endpoints60 requestsper minute
Auth endpoints (/auth/register, /auth/login)10 requestsper minute
Write endpoints30 requestsper minute
Every response includes rate-limit headers: 
X-RateLimit-Limit: 60
X-RateLimit-Remaining: 45
X-RateLimit-Reset: 1740000000
When you exceed a limit the API responds with HTTP 429: 
{
  "message": "Too Many Attempts.",
  "retry_after": 60
}

Response format

Success response

{
  "data": { },
  "message": "Operation completed successfully."
}
List endpoints wrap items in data and include a meta object: 
{
  "data": [
    { "id": 1, "title": "Safari Adventure" }
  ],
  "meta": {
    "current_page": 1,
    "last_page": 10,
    "per_page": 15,
    "total": 150
  }
}

Error response

{
  "message": "The given data was invalid.",
  "errors": {
    "email": ["The email field is required."],
    "password": ["The password must be at least 8 characters."]
  }
}

HTTP status codes

CodeMeaningWhen it is returned
200OKSuccessful GET, PUT
201CreatedSuccessful POST that creates a resource
401UnauthorizedMissing or invalid token
403ForbiddenAuthenticated but not permitted (e.g. suspended account)
404Not foundResource does not exist
422Unprocessable entityValidation failure
429Too many requestsRate limit exceeded
500Internal server errorUnexpected server-side error

Pagination

List endpoints return paginated results. Control the page with query parameters:
page
integer
Page number to return. Defaults to 1.
per_page
integer
Number of items per page. Defaults to 12 for packages, 15 for bookings and reviews. Maximum is 50.
The response meta object contains:
current_page
integer
The page number returned.
last_page
integer
Total number of pages.
per_page
integer
Items returned per page.
total
integer
Total number of matching items across all pages.

Filtering and sorting

Most list endpoints accept these common query parameters:
search
string
Full-text search against title and description fields.
destination_id
integer
Filter packages by destination ID.
category_id
integer
Filter packages by category ID.
min_price
number
Minimum adult price filter (inclusive).
max_price
number
Maximum adult price filter (inclusive).
sort
string
Sort order. Accepted values: newest (default), price_asc, price_desc, rating.

Data formats

  • Dates — ISO 8601 strings, e.g. 2024-01-15 or 2024-01-15T10:30:00Z.
  • Prices — Decimal floats in USD, e.g. 250.00.
  • Coordinates — Decimal degrees, e.g. { "latitude": -6.1659, "longitude": 35.7363 }.
  • Boolean flags — JSON true / false.

Endpoint index

Authentication (public)

MethodPathDescription
POST/api/v1/auth/registerRegister a new traveller account
POST/api/v1/auth/loginLog in and receive a token

Authentication (requires token)

MethodPathDescription
GET/api/v1/auth/meReturn the authenticated user
POST/api/v1/auth/logoutRevoke the current token
POST/api/v1/auth/logout-allRevoke all tokens for the user

Packages (public)

MethodPathDescription
GET/api/v1/packagesList active packages
GET/api/v1/packages/categoriesList package categories
GET/api/v1/packages/featuredList featured packages
GET/api/v1/packages/{slug}Package detail
GET/api/v1/packages/{slug}/reviewsReviews for a package

Destinations (public)

MethodPathDescription
GET/api/v1/destinationsList active destinations
GET/api/v1/destinations/{slug}Destination detail with packages

Bookings

MethodPathAuthDescription
GET/api/v1/bookings/availabilityPublicCheck available spaces for a date
GET/api/v1/bookingsRequiredList bookings for the current user
GET/api/v1/bookings/{uid}RequiredSingle booking detail
POST/api/v1/bookings/{uid}/cancelRequiredCancel a pending or confirmed booking

Reviews

MethodPathAuthDescription
GET/api/v1/packages/{slug}/reviewsPublicList approved reviews
POST/api/v1/reviewsRequiredSubmit a review

User profile (requires token)

MethodPathDescription
GET/api/v1/user/profileGet full profile
PUT/api/v1/user/profileUpdate profile fields
PUT/api/v1/user/passwordChange password
GET/api/v1/user/statsBooking statistics summary

Payment webhooks

MethodPathDescription
GET / POST/api/payment/{gateway}/{transaction}/{type}Payment gateway IPN callback

Code examples

# List packages
curl https://tripfy.africa/api/v1/packages

# Authenticated request
curl https://tripfy.africa/api/v1/user/profile \
  -H "Authorization: Bearer YOUR_TOKEN"

Build docs developers (and LLMs) love

Get started for freeTalk to us