REST API

Direct HTTPS integration for backend tools and services. JSON in, JSON out.

Approval required

API keys are issued after review. Apply through the developer portal — quotas are set at approval time based on expected volume.

Base URL

All endpoints are mounted under:

https://api.allflyghts.com/api

See the full reference for the complete endpoint list, request schemas, and example payloads.

Authentication

Send your key in the X-API-Key header on every request:

X-API-Key: <YOUR_API_KEY>

Keys are scoped to your organisation and shown once at creation time. Rotate a compromised key from your dashboard — the previous secret is invalidated immediately.

Example — search routes

Request

curl -X POST 'https://api.allflyghts.com/api/search/routes' \
  -H 'X-API-Key: $ALLFLYGHTS_API_KEY' \
  -H 'Content-Type: application/json' \
  -d '{
    "legs": [
      {
        "from": { "cityId": 48217 },
        "to":   { "cityId": 12845, "fromDate": "2026-04-25", "toDate": "2026-05-02" }
      }
    ]
  }'

Response — 200 OK

{
  "searchId": "s_20260425_48217_12845",
  "flights": [
    {
      "id": "r001",
      "segments": [
        {
          "departure": { "iata": "BUD", "city": "Budapest" },
          "arrival":   { "iata": "STN", "city": "London"   },
          "options":   [{ "airline": { "name": "Ryanair", "iata": "FR" } }]
        }
      ],
      "departureAirportDistance": 117,
      "destinationAirportDistance": 35
    }
  ]
}

Error format

Errors return a JSON body with an error message and a stable code for programmatic handling:

{
  "error": "City ID 99999 not found",
  "code": "CITY_NOT_FOUND"
}

Common codes include INVALID_REQUEST, CITY_NOT_FOUND, RATE_LIMITED, and INTERNAL_ERROR. Rate-limit responses use HTTP 429.

Read the public docs: Overview · MCP · full reference (REST · MCP) · OpenAPI spec (REST · MCP) · MCP server.json.