AviaFrame Docs | API Reference

Authentication

All API requests require a Bearer token in the Authorization header:

Authorization: Bearer YOUR_AGENCY_API_KEY

Your API key is found in the AviaFrame portal under Agency Settings. Keep it secret — never expose it in client-side code. The booking widget makes requests through your backend, which holds the key server-side.

Flight Search

POST /webhook/drct/search

This is the endpoint you provide in data-api-url. The widget sends search parameters here and expects an array of flight offers in response.

Request body

{
  "origin":        "DXB",          // IATA code
  "destination":   "LHR",          // IATA code
  "depart_date":   "2026-04-10",   // YYYY-MM-DD
  "return_date":   "2026-04-17",   // YYYY-MM-DD, omit for one-way
  "trip_type":     "return",       // "return" | "one_way" | "multi_city"
  "adults":        1,
  "children":      0,
  "infants":       0,
  "children_ages": [],             // array of ages, e.g. [8, 5]
  "infant_ages":   [],
  "cabin_class":   "economy"       // "economy" | "premium_economy" | "business" | "first"
}

Response

{
  "search_id": "abc123",
  "offers": [
    {
      "offer_id":        "LH_123",
      "origin":          "DXB",
      "destination":     "LHR",
      "departure_time":  "2026-04-10T06:25:00",
      "arrival_time":    "2026-04-10T11:10:00",
      "airline":         "LH",
      "airline_name":    "Lufthansa",
      "stops":           0,
      "duration_minutes": 405,
      "with_baggage":    true,
      "baggage_text":    "1 x 23 kg",
      "price": {
        "total":    8384,
        "currency": "USD"
      },
      "segments": [
        {
          "origin":         "DXB",
          "destination":    "LHR",
          "departure_time": "2026-04-10T06:25:00",
          "arrival_time":   "2026-04-10T11:10:00",
          "carrier": { "airline_code": "LH", "airline_name": "Lufthansa" },
          "flight_number":  "LH 530"
        }
      ]
    }
  ]
}

The widget renders results from this response. Airline logos are fetched automatically from https://pics.avs.io/200/80/{AIRLINE_CODE}.png.

JavaScript Events

The widget fires DOM events you can listen to in your page:

Event	When	event.detail
`aviaframe:results`	Search returns offers	`{ offers: [...] }`
`aviaframe:offerSelected`	User clicks Select on a flight	`{ offer: { offer_id, price, ... } }`
`aviaframe:continueToBooking`	Passenger form submitted	`{ offer: {...}, passenger: { firstName, lastName, email, phone, passportNumber, passportExpiry, ... } }`

// Example: intercept booking without redirect
window.addEventListener('aviaframe:continueToBooking', function(e) {
  const { offer, passenger } = e.detail;
  fetch('/api/orders', {
    method: 'POST',
    headers: { 'Content-Type': 'application/json' },
    body: JSON.stringify({ offer, passenger })
  });
});

Portal Admin API

The AviaFrame backend exposes a REST API used by the portal. All endpoints are under /api/ and require authentication.

Method & Path	Description
`GET /api/orders`	List orders for the current agency
`GET /api/orders/:id`	Get order details including segments and passengers
`GET /api/orders/:id/payment-instructions`	Get payment instructions to send to the client (includes agency bank details)
`POST /api/admin/agencies`	Create a new agency (super admin only)
`PATCH /api/admin/agencies/:id`	Update agency settings, bank details, allowed domains
`POST /api/orders/:id/issue-ticket`	Trigger ticket issuance and send e-ticket PDF to client

Full API documentation with request/response schemas is available on request. Write to sales@aviaframe.com.