Authentication | NaviSavi Commercial API

The NaviSavi Commercial API uses API keys for authentication. Every request must include your API key in the x-api-key header.

$ curl https://api.navisavitravel.com/v1/countries \
>   -H "x-api-key: YOUR_API_KEY"

Requests without a valid API key will receive a 403 Forbidden response.

Getting an API key

API keys are issued when you sign up for a plan. Get your key →

Permissions

Each API key is granted one or more permissions that control which endpoints it can call. Calling an endpoint your key does not have permission for returns a 403 Forbidden response.

Permission	Endpoints
`geography.read`	Countries, regions, localities, locations
`taxonomy.read`	Experience types, suitabilities, tags, keywords, vibes
`videos.read`	`/v1/videos`, `/v1/videos/{videoId}`
`playlists.read`	`/v1/playlists/{playlistId}`

The permissions granted to your key depend on your plan. Contact us at contact@navi-savi.com if you need access to additional endpoints.

Key security

Never expose your API key in client-side code, public repositories, or logs
If a key is compromised, contact us immediately at contact@navi-savi.com to have it rotated
Each key is scoped to a usage plan - exceeding your plan’s rate or quota limits will return a 429 Too Many Requests response