NAV
php python shell javascript

Introduction

With a shortage of financial failure and supplier failure insurance products currently available in the market for travel providers, the Trust My Group have extended their offering to provide a Protection Only solution. Use your preferred payment provider and integrate the Trust My Group Protection Only solution to financially protect your payments.

Getting Started

Firstly you will need to complete the onboarding process if you haven't already done so. To begin this process, please contact our support team and let them know that you wish to sign up for our Protection Only offering.

Having completed the onboarding process, Trust My Group will create a Protection Only enabled site for you and supply you with the necessary credentials for an admin account for the site.

Your site will come with a single test channel by default. You are free to create as many test channels as you require.

When you wish to begin using our protection services, you will require a protection only channel. To obtain one, you can either create a channel with account_mode: "draft" and request that Trust My Group switch it to protection-only, or request that Trust My Group create a protection only channel for you.

API Reference

Authentication

Make sure to replace {{username}} with your site username, and {{password}} with your password.

$curl = curl_init();

curl_setopt_array($curl, array(
  CURLOPT_URL => 'https://tmtprotects.com/wp/wp-json/jwt-auth/v1/token',
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => '',
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 0,
  CURLOPT_FOLLOWLOCATION => true,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => 'POST',
  CURLOPT_POSTFIELDS =>'{
    "username": "{{username}}",
    "password": "{{password}}"
  }',
  CURLOPT_HTTPHEADER => array(
    'Content-Type: application/json'
  ),
));

$response = curl_exec($curl);

curl_close($curl);
echo $response;
import http.client
import json

conn = http.client.HTTPSConnection("tmtprotects.com")
payload = json.dumps({
  "username": "{{username}}",
  "password": "{{password}}"
})
headers = {
  'Content-Type': 'application/json'
}
conn.request("POST", "/wp/wp-json/jwt-auth/v1/token", payload, headers)
res = conn.getresponse()
data = res.read()
curl --location --request POST 'https://tmtprotects.com/wp/wp-json/jwt-auth/v1/token' \
--header 'Content-Type: application/json' \
--data-raw '{
    "username": "{{username}}",
    "password": "{{password}}"
}'
var myHeaders = new Headers();
myHeaders.append("Content-Type", "application/json");

var raw = JSON.stringify({
  "username": "{{username}}",
  "password": "{{password}}"
});

var requestOptions = {
  method: 'POST',
  headers: myHeaders,
  body: raw,
  redirect: 'follow'
};

fetch("https://tmtprotects.com/wp/wp-json/jwt-auth/v1/token", requestOptions)
  .then(response => response.text())
  .then(result => console.log(result))
  .catch(error => console.log('error', error));

The above command returns JSON structured like this:

{
    "id": 69,
    "name": "Elvis Sauer",
    "username": "elvissauer",
    "user_email": "elvissauer@example.org",
    "user_nicename": "Elvis Sauer",
    "user_display_name": "Elvis Sauer",
    "usertype": "member_admin",
    "type": "member_admin",
    "read_only": false,
    "can_sign_off_payout": false,
    "default_site": {
        "id": 3,
        "name": "TMT Test Site",
        "path": "/tmt-test/",
        "permissions": [],
        "channel_count": 17,
        "usertype": "member_admin"
    },
    "site_count": 2,
    "sites": [
        {
            "id": 3,
            "name": "TMT Test Site"
        },
        {
            "id": 9,
            "name": "Protection Only Site"
        }
    ],
    "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOi8vbG9jYWxob3N0L3dwL3dwLWpzb24vand0LWF1dGgvdjEvdG9rZW4iLCJpYXQiOjE2NzgzNzAzODAsImV4cCI6MTY3ODM3MTI4MCwibmJmIjoxNjc4MzcwMzgwLCJqdGkiOiIyTU9pb3BUeVBvY0xrcHdvIiwic3ViIjo2OSwicHJ2IjoiODdlMGFmMWVmOWZkMTU4MTJmZGVjOTcxNTNhMTRlMGIwNDc1NDZhYSJ9.RxHbTimB8g2U9h8Ugf_ZshY4zfCSjblopwZAyhNaI60",
    "refresh_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOi8vbG9jYWxob3N0L3dwL3dwLWpzb24vand0LWF1dGgvdjEvdG9rZW4iLCJpYXQiOjE2NzgzNzAzODAsImV4cCI6MTY3ODM3MTI4MCwibmJmIjoxNjc4MzcwMzgwLCJqdGkiOiIyMGhMVVBVUENvN3BnUFJ2Iiwic3ViIjo2OSwicHJ2IjoiODdlMGFmMWVmOWZkMTU4MTJmZGVjOTcxNTNhMTRlMGIwNDc1NDZhYSJ9.NA5gQUHjTUoFcGgVoCNqDT-1qY-rzyuyIfkU7gLXYa8"
}

All API requests require an authentication header in the form of:

Authorization: Bearer %TOKEN%

where %TOKEN% is replaced with a token retrieved from an authentication request.

HTTP Request

POST https://tmtprotects.com/wp/wp-json/jwt-auth/v1/token

Refresh Tokens

Make sure to replace {{path}} with your site path and {{refreshToken}} with a valid API refresh token.

$curl = curl_init();

curl_setopt_array($curl, array(
  CURLOPT_URL => 'https://tmtprotects.com/{{path}}/wp-json/jwt-auth/v1/token/refresh',
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => '',
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 0,
  CURLOPT_FOLLOWLOCATION => true,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => 'POST',
  CURLOPT_HTTPHEADER => array(
    'Authorization: Bearer {{refreshToken}}'
  ),
));

$response = curl_exec($curl);

curl_close($curl);
echo $response;
import http.client
import json

conn = http.client.HTTPSConnection("tmtprotects.com")
payload = ''
headers = {
  'Content-Type': 'application/json',
  'Authorization': 'Bearer {{refreshToken}}'
}
conn.request("POST", "/wp/wp-json/jwt-auth/v1/token/refresh", payload, headers)
res = conn.getresponse()
data = res.read()
curl --location --request POST 'https://tmtprotects.com/{{path}}/wp-json/jwt-auth/v1/token/refresh' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer {{refreshToken}}' \
--data-raw ''
var myHeaders = new Headers();
myHeaders.append("Content-Type", "application/json");
myHeaders.append("Authorization", "Bearer {{refreshToken}}");

var raw = "";

var requestOptions = {
  method: 'POST',
  headers: myHeaders,
  body: raw,
  redirect: 'follow'
};

fetch("https://tmtprotects.com/{{path}}/wp-json/jwt-auth/v1/token/refresh", requestOptions)
  .then(response => response.text())
  .then(result => console.log(result))
  .catch(error => console.log('error', error));

The above command returns JSON structured like this:

{
    "id": 69,
    "name": "Elvis Sauer",
    "username": "elvissauer",
    "user_email": "elvissauer@example.org",
    "user_nicename": "Elvis Sauer",
    "user_display_name": "Elvis Sauer",
    "usertype": "member_admin",
    "type": "member_admin",
    "read_only": false,
    "can_sign_off_payout": false,
    "default_site": {
        "id": 3,
        "name": "TMT Test Site",
        "path": "/tmt-test/",
        "permissions": [],
        "channel_count": 17,
        "usertype": "member_admin"
    },
    "site_count": 2,
    "sites": [
        {
            "id": 3,
            "name": "TMT Test Site"
        },
        {
            "id": 9,
            "name": "Protection Only Site"
        }
    ],
    "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOi8vbG9jYWxob3N0L3RtdC10ZXN0L3dwLWpzb24vand0LWF1dGgvdjEvdG9rZW4vcmVmcmVzaCIsImlhdCI6MTY3ODM3MDM4MCwiZXhwIjoxNjc4MzcxMjgwLCJuYmYiOjE2NzgzNzAzODAsImp0aSI6InoyR2Y2TVI0cW0ySHpScHoiLCJzdWIiOjY5LCJwcnYiOiI4N2UwYWYxZWY5ZmQxNTgxMmZkZWM5NzE1M2ExNGUwYjA0NzU0NmFhIn0.tIk87d4AX2lxuWljJOiazCL8UqxwEo6pxjLcLt9sdLQ",
    "refresh_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOi8vbG9jYWxob3N0L3dwL3dwLWpzb24vand0LWF1dGgvdjEvdG9rZW4iLCJpYXQiOjE2NzgzNzAzODAsImV4cCI6MTY3ODM3MTI4MCwibmJmIjoxNjc4MzcwMzgwLCJqdGkiOiIyMGhMVVBVUENvN3BnUFJ2Iiwic3ViIjo2OSwicHJ2IjoiODdlMGFmMWVmOWZkMTU4MTJmZGVjOTcxNTNhMTRlMGIwNDc1NDZhYSJ9.NA5gQUHjTUoFcGgVoCNqDT-1qY-rzyuyIfkU7gLXYa8"
}

All authentication payloads include a refresh_token in the response. This token can be retained indefinitely and used to obtain a valid JWT token via the refresh token endpoint. The token returned in the refresh token response can be used to sign subsequent API requests.

HTTP Request

POST https://tmtprotects.com/wp/wp-json/jwt-auth/v1/token/refresh

Replace Refresh Token

Make sure to replace {{path}} with your site path and {{token}} with a valid API token.

$curl = curl_init();

curl_setopt_array($curl, array(
  CURLOPT_URL => 'https://tmtprotects.com/{{path}}/wp-json/jwt-auth/v1/token/refresh',
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => '',
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 0,
  CURLOPT_FOLLOWLOCATION => true,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => 'DELETE',
  CURLOPT_HTTPHEADER => array(
    'Authorization: Bearer {{token}}'
  ),
));

$response = curl_exec($curl);

curl_close($curl);
echo $response;
import http.client
import json

conn = http.client.HTTPSConnection("tmtprotects.com")
payload = ''
headers = {
  'Content-Type': 'application/json',
  'Authorization': 'Bearer {{token}}'
}
conn.request("DELETE", "/wp/wp-json/jwt-auth/v1/token/refresh", payload, headers)
res = conn.getresponse()
data = res.read()
curl --location --request DELETE 'https://tmtprotects.com/{{path}}/wp-json/jwt-auth/v1/token/refresh' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer {{token}}' \
--data-raw ''
var myHeaders = new Headers();
myHeaders.append("Content-Type", "application/json");
myHeaders.append("Authorization", "Bearer {{token}}");

var raw = "";

var requestOptions = {
  method: 'DELETE',
  headers: myHeaders,
  body: raw,
  redirect: 'follow'
};

fetch("https://tmtprotects.com/{{path}}/wp-json/jwt-auth/v1/token/refresh", requestOptions)
  .then(response => response.text())
  .then(result => console.log(result))
  .catch(error => console.log('error', error));

The above command returns JSON structured like this:

{
    "deleted": true
}

You may wish to rotate your refresh token on a regular basis. To do so, make a DELETE /token/refresh request signed with a valid user token. You will receive a new refresh token the next time you complete an auth request.

HTTP Request

DELETE https://tmtprotects.com/wp/wp-json/jwt-auth/v1/token/refresh

Channels

Get All Channels

Make sure to replace {{path}} with your site path and {{token}} with a valid API token.

$curl = curl_init();

curl_setopt_array($curl, array(
    CURLOPT_URL => 'https://tmtprotects.com/{{path}}/wp-json/tmt/v2/channels',
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_ENCODING => '',
    CURLOPT_MAXREDIRS => 10,
    CURLOPT_TIMEOUT => 0,
    CURLOPT_FOLLOWLOCATION => true,
    CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
    CURLOPT_CUSTOMREQUEST => 'GET',
    CURLOPT_HTTPHEADER => array(
        'Authorization: Bearer {{token}}'
    ),
));

$response = curl_exec($curl);

curl_close($curl);
echo $response;
import http.client

conn = http.client.HTTPSConnection("tmtprotects.com")
payload = ''
headers = {
    'Authorization': 'Bearer {{token}}'
}
conn.request("GET", "/{{path}}/wp-json/tmt/v2/channels", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
curl --location --request GET 'https://tmtprotects.com/{{path}}/wp-json/tmt/v2/channels' \
--header 'Authorization: Bearer {{token}}'
var myHeaders = new Headers();
myHeaders.append("Authorization", "Bearer {{token}}");

var requestOptions = {
    method: 'GET',
    headers: myHeaders,
    redirect: 'follow'
};

fetch("https://tmtprotects.com/{{path}}/wp-json/tmt/v2/channels", requestOptions)
    .then(response => response.text())
    .then(result => console.log(result))
    .catch(error => console.log('error', error));

The above command returns JSON structured like this:

[
    {
        "id": 3434,
        "uuid": "5e6421a2-1357-4b27-893d-9ab8b8816076",
        "name": "Robel PLC1674744202",
        "slug": "robel-plc1674744202",
        "account_type": "protected-processing",
        "account_mode": "protection-only",
        "protection_type": "trust-my-travel",
        "currencies": "GBP",
        "language": "enGB",
        "primary_mail": "elvissauer@example.org",
        "mail_bcc_transactional_mails": false,
        "receipt_label": "Protection Only Site",
        "external_id": "",
        "channel_status": "tmt-protection",
        "suppliers": []
    }
    ...
]

HTTP Request

GET https://tmtprotects.com/{{path}}/wp-json/tmt/v2/channels

Query Parameters

Parameter Default Description
include all Limit result set to comma separated list of IDs.
page 1 Page of the collection to view.
per_page 10 Maximum number of items to be returned per page.
order asc Enum: asc, desc
orderby id Sort collection by defined attribute.
account_mode all Enum: test, draft, protection-only, affiliate, closed
account_type all Enum: protected-processing, trust
currencies all Return all items where field contains requested value
external_id all Search for exact matches with requested value
name all Search for wildcard matches with requested value
statement_period all Enum: biweek, week, month

Get A Channel

Make sure to replace {{channel_id}} with a valid channel ID, {{path}} with your site path and {{token}} with a valid API token.

$curl = curl_init();

curl_setopt_array($curl, array(
    CURLOPT_URL => 'https://tmtprotects.com/{{path}}/wp-json/tmt/v2/channels/{{channel_id}}',
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_ENCODING => '',
    CURLOPT_MAXREDIRS => 10,
    CURLOPT_TIMEOUT => 0,
    CURLOPT_FOLLOWLOCATION => true,
    CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
    CURLOPT_CUSTOMREQUEST => 'GET',
    CURLOPT_HTTPHEADER => array(
        'Authorization: Bearer {{token}}'
    ),
));

$response = curl_exec($curl);

curl_close($curl);
echo $response;
import http.client

conn = http.client.HTTPSConnection("tmtprotects.com")
payload = ''
headers = {
    'Authorization': 'Bearer {{token}}'
}
conn.request("GET", "/{{path}}/wp-json/tmt/v2/channels/{{channel_id}}", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
curl --location --request GET 'https://tmtprotects.com/{{path}}/wp-json/tmt/v2/channels/{{channel_id}}' \
--header 'Authorization: Bearer {{token}}'
var myHeaders = new Headers();
myHeaders.append("Authorization", "Bearer {{token}}");

var requestOptions = {
    method: 'GET',
    headers: myHeaders,
    redirect: 'follow'
};

fetch("https://tmtprotects.com/{{path}}/wp-json/tmt/v2/channels/{{channel_id}}", requestOptions)
    .then(response => response.text())
    .then(result => console.log(result))
    .catch(error => console.log('error', error));

The above command returns JSON structured like this:

{
    "id": 3434,
    "uuid": "5e6421a2-1357-4b27-893d-9ab8b8816076",
    "name": "Robel PLC1674744202",
    "slug": "robel-plc1674744202",
    "account_type": "protected-processing",
    "account_mode": "protection-only",
    "protection_type": "trust-my-travel",
    "currencies": "GBP",
    "language": "enGB",
    "primary_mail": "elvissauer@example.org",
    "mail_bcc_transactional_mails": false,
    "receipt_label": "Protection Only Site",
    "external_id": "",
    "channel_status": "tmt-protection",
    "suppliers": []
}

HTTP Request

GET https://tmtprotects.com/{{path}}/wp-json/tmt/v2/channels/{{channel_id}}

Schema

Parameter Type Description
id^ integer Unique identifier for the channel.
uuid^ string Unique identifier for the channel.
name string Title for the channel.
slug^ string The slug for the channel.
account_type^ string The account type for the channel.
Enum: protected-processing
Default: protected-processing
account_mode string The mode that the channel is in. NB Not all modes can be set when creating a channel.
Enum: test, draft, protection-only, affiliate, closed
Default: test
protection_type^ string The protection type for the channel.
Enum: trust-my-travel, tmu-management
Default: trust-my-travel
currencies string The ISO 4217 value of the base currency of the channel.
Enum: valid currencies
language string Default mail receipt language.
Enum: deDE, enGB, esES, frFR, itIT, jaJA, kkKK, koKO, lvLV, ptBR, roRO, ruRU, ukUK, uzUZ, zhZH
Default: enGB
primary_mail string Comma separated list of email addresses to use if BCC'ing email.
mail_bcc_transactional_mails boolean Whether to BCC mail receipts to primary mail.
Default: false
receipt_label string Company name to use in mail receipts. Defaults to site name.
external_id string The external identifier for the channel.
channel_status^ string The status of the channel.
Enum: tms-end-user, tmt-protection, tmu-protection
Default: test
suppliers^ array IDs of suppliers linked to the channel

^Readonly

Create A Channel

Make sure to replace {{path}} with your site path and {{token}} with a valid API token.

$curl = curl_init();
curl_setopt_array($curl, array(
    CURLOPT_URL => 'https://tmtprotects.com/{{path}}/wp-json/tmt/v2/channels',
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_ENCODING => '',
    CURLOPT_MAXREDIRS => 10,
    CURLOPT_TIMEOUT => 0,
    CURLOPT_FOLLOWLOCATION => true,
    CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
    CURLOPT_CUSTOMREQUEST => 'POST',
    CURLOPT_POSTFIELDS => {
        "name": "GBP Channel",
        "account_mode": "draft",
        "currencies": "GBP",
        "language": "enGB",
        "primary_mail": "john.smith@example.org,jane.smith@example.org",
        "mail_bcc_transactional_mails": true,
        "receipt_label": "Smith Inc",
        "external_id": "SMITH1234",
    },
    CURLOPT_HTTPHEADER => array(
        'Content-Type: application/json',
        'Authorization: Bearer {{token}}'
    ),
));
$response = curl_exec($curl);
curl_close($curl);
echo $response;
import http.client
import json
conn = http.client.HTTPSConnection("tmtprotects.com")
payload = json.dumps({
    "name": "GBP Channel",
    "account_mode": "draft",
    "currencies": "GBP",
    "language": "enGB",
    "primary_mail": "john.smith@example.org,jane.smith@example.org",
    "mail_bcc_transactional_mails": true,
    "receipt_label": "Smith Inc",
    "external_id": "SMITH1234",
})
headers = {
    'Content-Type': 'application/json',
    'Authorization': 'Bearer {{token}}}}'
}
conn.request("POST", "/{{path}}/wp-json/tmt/v2/channels", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
 curl --location --request POST 'https://tmtprotects.com/{{path}}/wp-json/tmt/v2/channels' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer {{token}}' \
--data-raw '{
    "name": "GBP Channel",
    "account_mode": "draft",
    "currencies": "GBP",
    "language": "enGB",
    "primary_mail": "john.smith@example.org,jane.smith@example.org",
    "mail_bcc_transactional_mails": true,
    "receipt_label": "Smith Inc",
    "external_id": "SMITH1234",
}
var myHeaders = new Headers();
myHeaders.append("Content-Type", "application/json");
myHeaders.append("Authorization", "Bearer {{token}}");


var raw = JSON.stringify({
    "name": "GBP Channel",
    "account_mode": "draft",
    "currencies": "GBP",
    "language": "enGB",
    "primary_mail": "john.smith@example.org,jane.smith@example.org",
    "mail_bcc_transactional_mails": true,
    "receipt_label": "Smith Inc",
    "external_id": "SMITH1234",
});


var requestOptions = {
    'method: 'POST',
    headers: myHeaders,
    body: raw,
    redirect: 'follow'
};


fetch("https://tmtprotects.com/{{path}}/wp-json/tmt/v2/channels", requestOptions)
    .then(response => response.text())
    .then(result => console.log(result))
    .catch(error => console.log('error', error));

The above command returns JSON structured like this:

{
    "id": 3434,
    "uuid": "5e6421a2-1357-4b27-893d-9ab8b8816076",
    "name": "GBP Channel",
    "slug": "robel-plc1674744202",
    "account_type": "trust",
    "account_mode": "draft",
    "protection_type": "trust-my-travel",
    "currencies": "GBP",
    "language": "enGB",
    "primary_mail": "john.smith@example.org,jane.smith@example.org",
    "mail_bcc_transactional_mails": true,
    "receipt_label": "Smith Inc",
    "external_id": "SMITH1234",
    "channel_status": "admin",
    "suppliers": [
        "ZA-14-AP",
        "TZ-15-DM"
    ]
}

HTTP Request

POST https://tmtprotects.com/{{path}}/wp-json/tmt/v2/channels

Schema

Parameter Type Description
name^ string Title for the channel.
account_mode string The mode that the channel is in. NB Not all modes can be set when creating a channel.
Enum: test, draft, protection-only, affiliate, closed
Default: test
currencies^ string The ISO 4217 value of the base currency of the channel.
Enum: valid currencies
language string Default mail receipt language.
Enum: deDE, enGB, esES, frFR, itIT, jaJA, kkKK, koKO, lvLV, ptBR, roRO, ruRU, ukUK, uzUZ, zhZH
Default: enGB
primary_mail string Comma separated list of email addresses to use if BCC'ing email.
mail_bcc_transactional_mails boolean Whether to BCC mail receipts to primary mail.
Default: false
receipt_label string Company name to use in mail receipts. Defaults to site name.
external_id string The external identifier for the channel.

^Required

Update A Channel

Make sure to replace {{path}} with your site path, {{id}} with a valid channel ID and {{token}} with a valid API token.

$curl = curl_init();
curl_setopt_array($curl, array(
    CURLOPT_URL => 'https://tmtprotects.com/{{path}}/wp-json/tmt/v2/channels/{{id}}',
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_ENCODING => '',
    CURLOPT_MAXREDIRS => 10,
    CURLOPT_TIMEOUT => 0,
    CURLOPT_FOLLOWLOCATION => true,
    CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
    CURLOPT_CUSTOMREQUEST => 'PUT',
    CURLOPT_POSTFIELDS => {
        "name": "GBP Channel",
        "currencies": "GBP",
        "language": "enGB",
        "primary_mail": "john.smith@example.org,jane.smith@example.org",
        "mail_bcc_transactional_mails": true,
        "receipt_label": "Smith Inc",
        "external_id": "SMITH1234",
    },
    CURLOPT_HTTPHEADER => array(
        'Content-Type: application/json',
        'Authorization: Bearer {{token}}'
    ),
));
$response = curl_exec($curl);
curl_close($curl);
echo $response;
import http.client
import json
conn = http.client.HTTPSConnection("tmtprotects.com")
payload = json.dumps({
    "name": "GBP Channel",
    "currencies": "GBP",
    "language": "enGB",
    "primary_mail": "john.smith@example.org,jane.smith@example.org",
    "mail_bcc_transactional_mails": true,
    "receipt_label": "Smith Inc",
    "external_id": "SMITH1234",
})
headers = {
    'Content-Type': 'application/json',
    'Authorization': 'Bearer {{token}}}}'
}
conn.request("PUT", "/{{path}}/wp-json/tmt/v2/channels/{{id}}", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
 curl --location --request PUT 'https://tmtprotects.com/{{path}}/wp-json/tmt/v2/channels/{{id}}' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer {{token}}' \
--data-raw '{
    "name": "GBP Channel",
    "currencies": "GBP",
    "language": "enGB",
    "primary_mail": "john.smith@example.org,jane.smith@example.org",
    "mail_bcc_transactional_mails": true,
    "receipt_label": "Smith Inc",
    "external_id": "SMITH1234",
}
var myHeaders = new Headers();
myHeaders.append("Content-Type", "application/json");
myHeaders.append("Authorization", "Bearer {{token}}");


var raw = JSON.stringify({
    "name": "GBP Channel",
    "currencies": "GBP",
    "language": "enGB",
    "primary_mail": "john.smith@example.org,jane.smith@example.org",
    "mail_bcc_transactional_mails": true,
    "receipt_label": "Smith Inc",
    "external_id": "SMITH1234",
});


var requestOptions = {
    'method: 'PUT',
    headers: myHeaders,
    body: raw,
    redirect: 'follow'
};


fetch("https://tmtprotects.com/{{path}}/wp-json/tmt/v2/channels/{{id}}", requestOptions)
    .then(response => response.text())
    .then(result => console.log(result))
    .catch(error => console.log('error', error));

The above command returns JSON structured like this:

{
    "id": 3434,
    "uuid": "5e6421a2-1357-4b27-893d-9ab8b8816076",
    "name": "GBP Channel",
    "slug": "robel-plc1674744202",
    "account_type": "trust",
    "account_mode": "draft",
    "protection_type": "trust-my-travel",
    "currencies": "GBP",
    "language": "enGB",
    "primary_mail": "john.smith@example.org,jane.smith@example.org",
    "mail_bcc_transactional_mails": true,
    "receipt_label": "Smith Inc",
    "external_id": "SMITH1234",
    "channel_status": "admin",
    "suppliers": [
        "ZA-14-AP",
        "TZ-15-DM"
    ]
}

HTTP Request

PUT https://tmtprotects.com/{{path}}/wp-json/tmt/v2/channels/{{id}}

Schema

Parameter Type Description
name^ string Title for the channel.
currencies^ string The ISO 4217 value of the base currency of the channel.
Enum: valid currencies
language string Default mail receipt language.
Enum: deDE, enGB, esES, frFR, itIT, jaJA, kkKK, koKO, lvLV, ptBR, roRO, ruRU, ukUK, uzUZ, zhZH
Default: enGB
primary_mail string Comma separated list of email addresses to use if BCC'ing email.
mail_bcc_transactional_mails boolean Whether to BCC mail receipts to primary mail.
Default: false
receipt_label string Company name to use in mail receipts. Defaults to site name.
external_id string The external identifier for the channel.

^Required

Delete A Channel

Make sure to replace {{path}} with your site path, {{id}} with a valid channel ID and {{token}} with a valid API token.

$curl = curl_init();

curl_setopt_array($curl, array(
    CURLOPT_URL => 'https://tmtprotects.com/{{path}}/wp-json/tmt/v2/channels/{{channel_id}}',
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_ENCODING => '',
    CURLOPT_MAXREDIRS => 10,
    CURLOPT_TIMEOUT => 0,
    CURLOPT_FOLLOWLOCATION => true,
    CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
    CURLOPT_CUSTOMREQUEST => 'DELETE',
    CURLOPT_HTTPHEADER => array(
        'Authorization: Bearer {{token}}'
    ),
));

$response = curl_exec($curl);

curl_close($curl);
echo $response;
import http.client

conn = http.client.HTTPSConnection("tmtprotects.com")
payload = ''
headers = {
    'Authorization': 'Bearer {{token}}'
}
conn.request("DELETE", "/{{path}}/wp-json/tmt/v2/channels/{{channel_id}}", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
curl --location --request DELETE 'https://tmtprotects.com/{{path}}/wp-json/tmt/v2/channels/{{channel_id}}' \
--header 'Authorization: Bearer {{token}}'
var myHeaders = new Headers();
myHeaders.append("Authorization", "Bearer {{token}}");

var requestOptions = {
    method: 'DELETE',
    headers: myHeaders,
    redirect: 'follow'
};

fetch("https://tmtprotects.com/{{path}}/wp-json/tmt/v2/channels/{{channel_id}}", requestOptions)
    .then(response => response.text())
    .then(result => console.log(result))
    .catch(error => console.log('error', error));

The above command returns JSON structured like this:

{
    "deleted": true
}

HTTP Request

DELETE https://tmtprotects.com/{{path}}/wp-json/tmt/v2/channels/{{channel_id}}

Bookings

Protection starts on the day a transaction is created against a booking and ends on the date supplied as the value for the date field. The protection is also based on the content field, so please describe the booking in a meaningful way to ensure that the booking is correctly protected.

Get All Bookings

Make sure to replace {{path}} with your site path and {{token}} with a valid API token.

$curl = curl_init();

curl_setopt_array($curl, array(
    CURLOPT_URL => 'https://tmtprotects.com/{{path}}/wp-json/tmt/v2/bookings',
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_ENCODING => '',
    CURLOPT_MAXREDIRS => 10,
    CURLOPT_TIMEOUT => 0,
    CURLOPT_FOLLOWLOCATION => true,
    CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
    CURLOPT_CUSTOMREQUEST => 'GET',
    CURLOPT_HTTPHEADER => array(
        'Authorization: Bearer {{token}}'
    ),
));

$response = curl_exec($curl);

curl_close($curl);
echo $response;
import http.client

conn = http.client.HTTPSConnection("tmtprotects.com")
payload = ''
headers = {
    'Authorization': 'Bearer {{token}}'
}
conn.request("GET", "/{{path}}/wp-json/tmt/v2/bookings", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
curl --location --request GET 'https://tmtprotects.com/{{path}}/wp-json/tmt/v2/bookings' \
--header 'Authorization: Bearer {{token}}'
var myHeaders = new Headers();
myHeaders.append("Authorization", "Bearer {{token}}");

var requestOptions = {
    method: 'GET',
    headers: myHeaders,
    redirect: 'follow'
};

fetch("https://tmtprotects.com/{{path}}/wp-json/tmt/v2/bookings", requestOptions)
    .then(response => response.text())
    .then(result => console.log(result))
    .catch(error => console.log('error', error));

The above command returns JSON structured like this:

[
    {
        "id": 45,
        "trust_id": "9-45",
        "internal_id": 45,
        "author": "elvissauer",
        "status": "paid",
        "title": "Fahey | durwardfahey@example.org",
        "content": "Holiday for 2 to nowhere.",
        "firstname": "Durward",
        "surname": "Fahey",
        "email": "durwardfahey@example.org",
        "date": "2023-12-01",
        "date_start": "2023-11-26",
        "pax": 5,
        "reference": "VENICE-12345",
        "total": 9999,
        "total_unpaid": 0,
        "currencies": "GBP",
        "country": "IT",
        "countries": "IT",
        "transaction_ids": [
            66
        ],
        "channels": 3434,
        "language": "enGB",
        "author_id": 69,
        "authorname": "elvissauer",
        "suppliers": [
            "ET-15-BU",
            "MK-14-AC"
        ],
        "created": "2023-01-26 14:43:22",
        "modified": "2023-01-26 14:43:22",
        "_links": {
            "self": [
                {
                    "href": "https://tmtprotects.com/protection-only-site/wp-json/tmt/v2/bookings/45"
                }
            ],
            "collection": [
                {
                    "href": "https://tmtprotects.com/protection-only-site/wp-json/tmt/v2/bookings"
                }
            ]
        }
    }
    ...
]

HTTP Request

GET https://tmtprotects.com/{{path}}/wp-json/tmt/v2/bookings

Query Parameters

Parameter Default Description
include all Limit result set to comma separated list of IDs.
page 1 Page of the collection to view.
per_page 10 Maximum number of items to be returned per page.
order asc Enum: asc, desc
orderby id Sort collection by defined attribute.
before all Limit response to items published before a given ISO8601 compliant date.
after all Limit response to items published after a given ISO8601 compliant date.
status all Limit result set to items assigned one or more statuses.
channels all Limit result set to all bookings that have the specified terms assigned in the channels taxonomy.
countries all Limit result set to all bookings that have the specified terms assigned in the countries taxonomy.
surname all Limit result set to all bookings that have the specified surname
email all Limit result set to all bookings that have the specified email
date_before all Limit response to bookings with end date of travel before a given ISO8601 compliant date.
date_after all Limit response to bookings with end date of travel after a given ISO8601 compliant date.
reference all Limit result set to all bookings that have the specified reference

Get A Booking

Make sure to replace {{booking_id}} with a valid booking ID, {{path}} with your site path and {{token}} with a valid API token.

$curl = curl_init();

curl_setopt_array($curl, array(
    CURLOPT_URL => 'https://tmtprotects.com/{{path}}/wp-json/tmt/v2/bookings/{{booking_id}}',
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_ENCODING => '',
    CURLOPT_MAXREDIRS => 10,
    CURLOPT_TIMEOUT => 0,
    CURLOPT_FOLLOWLOCATION => true,
    CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
    CURLOPT_CUSTOMREQUEST => 'GET',
    CURLOPT_HTTPHEADER => array(
        'Authorization: Bearer {{token}}'
    ),
));

$response = curl_exec($curl);

curl_close($curl);
echo $response;
import http.client

conn = http.client.HTTPSConnection("tmtprotects.com")
payload = ''
headers = {
    'Authorization': 'Bearer {{token}}'
}
conn.request("GET", "/{{path}}/wp-json/tmt/v2/bookings/{{booking_id}}", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
curl --location --request GET 'https://tmtprotects.com/{{path}}/wp-json/tmt/v2/bookings/{{booking_id}}' \
--header 'Authorization: Bearer {{token}}'
var myHeaders = new Headers();
myHeaders.append("Authorization", "Bearer {{token}}");

var requestOptions = {
    method: 'GET',
    headers: myHeaders,
    redirect: 'follow'
};

fetch("https://tmtprotects.com/{{path}}/wp-json/tmt/v2/bookings/{{booking_id}}", requestOptions)
    .then(response => response.text())
    .then(result => console.log(result))
    .catch(error => console.log('error', error));

The above command returns JSON structured like this:

{
    "id": 45,
    "trust_id": "9-45",
    "internal_id": 45,
    "author": "elvissauer",
    "status": "paid",
    "title": "Fahey | durwardfahey@example.org",
    "content": "Holiday for 2 to nowhere.",
    "firstname": "Durward",
    "surname": "Fahey",
    "email": "durwardfahey@example.org",
    "date": "2023-12-01",
    "date_start": "2023-11-26",
    "pax": 5,
    "reference": "VENICE-12345",
    "total": 9999,
    "total_unpaid": 0,
    "currencies": "GBP",
    "country": "IT",
    "countries": "IT",
    "transaction_ids": [
        66
    ],
    "channels": 3434,
    "language": "enGB",
    "author_id": 69,
    "authorname": "elvissauer",
    "suppliers": [
        "ET-15-BU",
        "MK-14-AC"
    ],
    "created": "2023-01-26 14:43:22",
    "modified": "2023-01-26 14:43:22",
    "_links": {
        "self": [
            {
                "href": "https://tmtprotects.com/protection-only-site/wp-json/tmt/v2/bookings/45"
            }
        ],
        "collection": [
            {
                "href": "https://tmtprotects.com/protection-only-site/wp-json/tmt/v2/bookings"
            }
        ]
    }
}

HTTP Request

GET https://tmtprotects.com/{{path}}/wp-json/tmt/v2/bookings/{{booking_id}}

Schema

Parameter Type Description
id^ integer Unique identifier for the booking.
trust_id^ string Identifier for the booking prefixed with Site ID.
internal_id^ integer DEPRECATED.
author^ string The user name of the author of the booking.
status^ string The status of the booking. This is automatically set to unpaid and adjusted as and when payments are received.
Enum: authorized, completed, locked, paid, partial-payment, unpaid
title^ string The auto-generated title of the booking as format Trust ID, Surname, Email.
content string Description of the booking.
firstname string The first name of the lead traveller.
surname string The surname of the lead traveller.
email string The email of the lead traveller.
date string The end date of the booking in Y-m-d format.
date_start string The start date of the booking in Y-m-d format.
pax integer Number of people the booking is for.
reference string Your reference for the booking.
total integer The total base currency cost of the booking in cents. This cannot be updated to be less than the total of all linked transactions.
total_unpaid^ integer The total unpaid base currency cost of the booking in cents.
currencies string The ISO 4217 value of the base currency of the booking. Must match the base currency of the Channel.
Enum: valid currencies
country^ string DEPRECATED
Enum: valid countries
countries string The ISO 3166-1 alpha-2 value of the country(s) the booking takes place in. A comma separated string can be used for multiple values
Enum: valid countries
transaction_ids^ array Unique identifier(s) for any transaction(s) attempted against the booking.
channels integer Unique identifier for the channel the booking is for.
language string Mail receipt language.
Enum: deDE, enGB, esES, frFR, itIT, jaJA, kkKK, koKO, lvLV, ptBR, roRO, ruRU, ukUK, uzUZ, zhZH
Default: enGB
author_id^ integer The user ID of the author of the booking.
authorname^ string The username of the author of the booking.
suppliers array IDs of suppliers included in the booking
created^ string The date the booking was created, in GMT.
modified^ string The date the booking was last modified, in GMT.

^Readonly

Create A Booking

Make sure to replace {{path}} with your site path and {{token}} with a valid API token.

$curl = curl_init();
curl_setopt_array($curl, array(
    CURLOPT_URL => 'https://tmtprotects.com/{{path}}/wp-json/tmt/v2/bookings',
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_ENCODING => '',
    CURLOPT_MAXREDIRS => 10,
    CURLOPT_TIMEOUT => 0,
    CURLOPT_FOLLOWLOCATION => true,
    CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
    CURLOPT_CUSTOMREQUEST => 'POST',
    CURLOPT_POSTFIELDS => {
        "content": "River cruise in Venice",
        "firstname": "John",
        "surname": "Smith",
        "email": "john.smith@example.org",
        "date": "2025-10-07",
        "date_start": "2025-10-07",
        "pax": 3,
        "reference": "VENICE-12345",
        "total": 9999,
        "currencies": "GBP",
        "countries": "IT",
        "channels": 10165,
        "language": "enGB",
        "suppliers": ["ZA-14-AP", "TZ-15-DM"],
    },
    CURLOPT_HTTPHEADER => array(
        'Content-Type: application/json',
        'Authorization: Bearer {{token}}'
    ),
));
$response = curl_exec($curl);
curl_close($curl);
echo $response;
import http.client
import json
conn = http.client.HTTPSConnection("tmtprotects.com")
payload = json.dumps({
    "content": "River cruise in Venice",
    "firstname": "John",
    "surname": "Smith",
    "email": "john.smith@example.org",
    "date": "2025-10-07",
    "date_start": "2025-10-07",
    "pax": 3,
    "reference": "VENICE-12345",
    "total": 9999,
    "currencies": "GBP",
    "countries": "IT",
    "channels": 10165,
    "language": "enGB",
    "suppliers": ["ZA-14-AP", "TZ-15-DM"],
})
headers = {
    'Content-Type': 'application/json',
    'Authorization': 'Bearer {{token}}}}'
}
conn.request("POST", "/{{path}}/wp-json/tmt/v2/bookings", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
 curl --location --request POST 'https://tmtprotects.com/{{path}}/wp-json/tmt/v2/bookings' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer {{token}}' \
--data-raw '{
    "content": "River cruise in Venice",
    "firstname": "John",
    "surname": "Smith",
    "email": "john.smith@example.org",
    "date": "2025-10-07",
    "date_start": "2025-10-07",
    "pax": 3,
    "reference": "VENICE-12345",
    "total": 9999,
    "currencies": "GBP",
    "countries": "IT",
    "channels": 10165,
    "language": "enGB",
    "suppliers": ["ZA-14-AP", "TZ-15-DM"],
}
var myHeaders = new Headers();
myHeaders.append("Content-Type", "application/json");
myHeaders.append("Authorization", "Bearer {{token}}");


var raw = JSON.stringify({
    "content": "River cruise in Venice",
    "firstname": "John",
    "surname": "Smith",
    "email": "john.smith@example.org",
    "date": "2025-10-07",
    "date_start": "2025-10-07",
    "pax": 3,
    "reference": "VENICE-12345",
    "total": 9999,
    "currencies": "GBP",
    "countries": "IT",
    "channels": 10165,
    "language": "enGB",
    "suppliers": ["ZA-14-AP", "TZ-15-DM"],
});


var requestOptions = {
    'method: 'POST',
    headers: myHeaders,
    body: raw,
    redirect: 'follow'
};


fetch("https://tmtprotects.com/{{path}}/wp-json/tmt/v2/bookings", requestOptions)
    .then(response => response.text())
    .then(result => console.log(result))
    .catch(error => console.log('error', error));

The above command returns JSON structured like this:

{
    "id": 45,
    "trust_id": "9-45",
    "internal_id": 45,
    "author": "elvissauer",
    "status": "paid",
    "title": "Fahey | durwardfahey@example.org",
    "content": "River cruise in Venice",
    "firstname": "John",
    "surname": "Smith",
    "email": "john.smith@example.org",
    "date": "2025-10-07",
    "date_start": "2025-10-07",
    "pax": "3",
    "reference": "VENICE-12345",
    "total": 9999,
    "total_unpaid": 0,
    "currencies": "GBP",
    "country": "IT",
    "countries": "IT",
    "transaction_ids": [
        66
    ],
    "channels": 10165,
    "language": "enGB",
    "author_id": 69,
    "authorname": "elvissauer",
    "suppliers": [
        "ZA-14-AP",
        "TZ-15-DM"
    ],
    "created": "2023-01-26 14:43:22",
    "modified": "2023-01-26 14:43:22",
    "_links": {
        "self": [
            {
                "href": "https://tmtprotects.com/protection-only-site/wp-json/tmt/v2/bookings/45"
            }
        ],
        "collection": [
            {
                "href": "https://tmtprotects.com/protection-only-site/wp-json/tmt/v2/bookings"
            }
        ]
    }
}

HTTP Request

POST https://tmtprotects.com/{{path}}/wp-json/tmt/v2/bookings

Schema

Parameter Type Description
content^ string Description of the booking.
firstname^ string The first name of the lead traveller.
surname^ string The surname of the lead traveller.
email^ string The email of the lead traveller.
date^ string The end date of the booking in Y-m-d format.
date_start string The start date of the booking in Y-m-d format.
pax integer Number of people the booking is for.
reference string Your reference for the booking.
total^ integer The total base currency cost of the booking in cents. This cannot be updated to be less than the total of all linked transactions.
currencies^ string The ISO 4217 value of the base currency of the booking. Must match the base currency of the Channel.
Enum: valid currencies
countries^ string The ISO 3166-1 alpha-2 value of the country(s) the booking takes place in. A comma separated string can be used for multiple values
Enum: valid countries
channels^ integer Unique identifier for the channel the booking is for.
language string Mail receipt language.
Enum: deDE, enGB, esES, frFR, itIT, jaJA, kkKK, koKO, lvLV, ptBR, roRO, ruRU, ukUK, uzUZ, zhZH
Default: enGB
suppliers array IDs of suppliers included in the booking

^Required

Update A Booking

Make sure to replace {{path}} with your site path, {{id}} with a valid booking ID and {{token}} with a valid API token.

$curl = curl_init();
curl_setopt_array($curl, array(
    CURLOPT_URL => 'https://tmtprotects.com/{{path}}/wp-json/tmt/v2/bookings/{{id}}',
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_ENCODING => '',
    CURLOPT_MAXREDIRS => 10,
    CURLOPT_TIMEOUT => 0,
    CURLOPT_FOLLOWLOCATION => true,
    CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
    CURLOPT_CUSTOMREQUEST => 'PUT',
    CURLOPT_POSTFIELDS => {
        "content": "River cruise in Venice",
        "firstname": "John",
        "surname": "Smith",
        "email": "john.smith@example.org",
        "date": "2025-10-07",
        "date_start": "2025-10-07",
        "pax": 3,
        "reference": "VENICE-12345",
        "total": 9999,
        "currencies": "GBP",
        "countries": "IT",
        "channels": 10165,
        "language": "enGB",
        "suppliers": ["ZA-14-AP", "TZ-15-DM"],
    },
    CURLOPT_HTTPHEADER => array(
        'Content-Type: application/json',
        'Authorization: Bearer {{token}}'
    ),
));
$response = curl_exec($curl);
curl_close($curl);
echo $response;
import http.client
import json
conn = http.client.HTTPSConnection("tmtprotects.com")
payload = json.dumps({
    "content": "River cruise in Venice",
    "firstname": "John",
    "surname": "Smith",
    "email": "john.smith@example.org",
    "date": "2025-10-07",
    "date_start": "2025-10-07",
    "pax": 3,
    "reference": "VENICE-12345",
    "total": 9999,
    "currencies": "GBP",
    "countries": "IT",
    "channels": 10165,
    "language": "enGB",
    "suppliers": ["ZA-14-AP", "TZ-15-DM"],
})
headers = {
    'Content-Type': 'application/json',
    'Authorization': 'Bearer {{token}}}}'
}
conn.request("PUT", "/{{path}}/wp-json/tmt/v2/bookings/{{id}}", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
 curl --location --request PUT 'https://tmtprotects.com/{{path}}/wp-json/tmt/v2/bookings/{{id}}' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer {{token}}' \
--data-raw '{
    "content": "River cruise in Venice",
    "firstname": "John",
    "surname": "Smith",
    "email": "john.smith@example.org",
    "date": "2025-10-07",
    "date_start": "2025-10-07",
    "pax": 3,
    "reference": "VENICE-12345",
    "total": 9999,
    "currencies": "GBP",
    "countries": "IT",
    "channels": 10165,
    "language": "enGB",
    "suppliers": ["ZA-14-AP", "TZ-15-DM"],
}
var myHeaders = new Headers();
myHeaders.append("Content-Type", "application/json");
myHeaders.append("Authorization", "Bearer {{token}}");


var raw = JSON.stringify({
    "content": "River cruise in Venice",
    "firstname": "John",
    "surname": "Smith",
    "email": "john.smith@example.org",
    "date": "2025-10-07",
    "date_start": "2025-10-07",
    "pax": 3,
    "reference": "VENICE-12345",
    "total": 9999,
    "currencies": "GBP",
    "countries": "IT",
    "channels": 10165,
    "language": "enGB",
    "suppliers": ["ZA-14-AP", "TZ-15-DM"],
});


var requestOptions = {
    'method: 'PUT',
    headers: myHeaders,
    body: raw,
    redirect: 'follow'
};


fetch("https://tmtprotects.com/{{path}}/wp-json/tmt/v2/bookings/{{id}}", requestOptions)
    .then(response => response.text())
    .then(result => console.log(result))
    .catch(error => console.log('error', error));

The above command returns JSON structured like this:

{
    "id": 45,
    "trust_id": "9-45",
    "internal_id": 45,
    "author": "elvissauer",
    "status": "paid",
    "title": "Fahey | durwardfahey@example.org",
    "content": "River cruise in Venice",
    "firstname": "John",
    "surname": "Smith",
    "email": "john.smith@example.org",
    "date": "2025-10-07",
    "date_start": "2025-10-07",
    "pax": "3",
    "reference": "VENICE-12345",
    "total": 9999,
    "total_unpaid": 0,
    "currencies": "GBP",
    "country": "IT",
    "countries": "IT",
    "transaction_ids": [
        66
    ],
    "channels": 10165,
    "language": "enGB",
    "author_id": 69,
    "authorname": "elvissauer",
    "suppliers": [
        "ZA-14-AP",
        "TZ-15-DM"
    ],
    "created": "2023-01-26 14:43:22",
    "modified": "2023-01-26 14:43:22",
    "_links": {
        "self": [
            {
                "href": "https://tmtprotects.com/protection-only-site/wp-json/tmt/v2/bookings/45"
            }
        ],
        "collection": [
            {
                "href": "https://tmtprotects.com/protection-only-site/wp-json/tmt/v2/bookings"
            }
        ]
    }
}

HTTP Request

PUT https://tmtprotects.com/{{path}}/wp-json/tmt/v2/bookings/{{id}}

Schema

Parameter Type Description
content^ string Description of the booking.
firstname^ string The first name of the lead traveller.
surname^ string The surname of the lead traveller.
email^ string The email of the lead traveller.
date^ string The end date of the booking in Y-m-d format.
date_start string The start date of the booking in Y-m-d format.
pax integer Number of people the booking is for.
reference string Your reference for the booking.
total^ integer The total base currency cost of the booking in cents. This cannot be updated to be less than the total of all linked transactions.
currencies^ string The ISO 4217 value of the base currency of the booking. Must match the base currency of the Channel.
Enum: valid currencies
countries^ string The ISO 3166-1 alpha-2 value of the country(s) the booking takes place in. A comma separated string can be used for multiple values
Enum: valid countries
channels^ integer Unique identifier for the channel the booking is for.
language string Mail receipt language.
Enum: deDE, enGB, esES, frFR, itIT, jaJA, kkKK, koKO, lvLV, ptBR, roRO, ruRU, ukUK, uzUZ, zhZH
Default: enGB
suppliers array IDs of suppliers included in the booking

^Required

Delete A Booking

Make sure to replace {{path}} with your site path, {{id}} with a valid booking ID and {{token}} with a valid API token.

$curl = curl_init();

curl_setopt_array($curl, array(
    CURLOPT_URL => 'https://tmtprotects.com/{{path}}/wp-json/tmt/v2/bookings/{{booking_id}}',
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_ENCODING => '',
    CURLOPT_MAXREDIRS => 10,
    CURLOPT_TIMEOUT => 0,
    CURLOPT_FOLLOWLOCATION => true,
    CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
    CURLOPT_CUSTOMREQUEST => 'DELETE',
    CURLOPT_HTTPHEADER => array(
        'Authorization: Bearer {{token}}'
    ),
));

$response = curl_exec($curl);

curl_close($curl);
echo $response;
import http.client

conn = http.client.HTTPSConnection("tmtprotects.com")
payload = ''
headers = {
    'Authorization': 'Bearer {{token}}'
}
conn.request("DELETE", "/{{path}}/wp-json/tmt/v2/bookings/{{booking_id}}", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
curl --location --request DELETE 'https://tmtprotects.com/{{path}}/wp-json/tmt/v2/bookings/{{booking_id}}' \
--header 'Authorization: Bearer {{token}}'
var myHeaders = new Headers();
myHeaders.append("Authorization", "Bearer {{token}}");

var requestOptions = {
    method: 'DELETE',
    headers: myHeaders,
    redirect: 'follow'
};

fetch("https://tmtprotects.com/{{path}}/wp-json/tmt/v2/bookings/{{booking_id}}", requestOptions)
    .then(response => response.text())
    .then(result => console.log(result))
    .catch(error => console.log('error', error));

The above command returns JSON structured like this:

{
    "deleted": true
}

HTTP Request

DELETE https://tmtprotects.com/{{path}}/wp-json/tmt/v2/bookings/{{booking_id}}

Suppliers

Get All Suppliers

Make sure to replace {{path}} with your site path and {{token}} with a valid API token.

$curl = curl_init();

curl_setopt_array($curl, array(
    CURLOPT_URL => 'https://tmtprotects.com/{{path}}/wp-json/tmt/v2/suppliers',
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_ENCODING => '',
    CURLOPT_MAXREDIRS => 10,
    CURLOPT_TIMEOUT => 0,
    CURLOPT_FOLLOWLOCATION => true,
    CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
    CURLOPT_CUSTOMREQUEST => 'GET',
    CURLOPT_HTTPHEADER => array(
        'Authorization: Bearer {{token}}'
    ),
));

$response = curl_exec($curl);

curl_close($curl);
echo $response;
import http.client

conn = http.client.HTTPSConnection("tmtprotects.com")
payload = ''
headers = {
    'Authorization': 'Bearer {{token}}'
}
conn.request("GET", "/{{path}}/wp-json/tmt/v2/suppliers", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
curl --location --request GET 'https://tmtprotects.com/{{path}}/wp-json/tmt/v2/suppliers' \
--header 'Authorization: Bearer {{token}}'
var myHeaders = new Headers();
myHeaders.append("Authorization", "Bearer {{token}}");

var requestOptions = {
    method: 'GET',
    headers: myHeaders,
    redirect: 'follow'
};

fetch("https://tmtprotects.com/{{path}}/wp-json/tmt/v2/suppliers", requestOptions)
    .then(response => response.text())
    .then(result => console.log(result))
    .catch(error => console.log('error', error));

The above command returns JSON structured like this:

[
    {
        "id": "MK-14-AC",
        "name": "Schuster Ltd",
        "url": "https://schusterltd.com",
        "category": "AC",
        "country": "MK"
    }
    ...
]

HTTP Request

GET https://tmtprotects.com/{{path}}/wp-json/tmt/v2/suppliers

Query Parameters

Parameter Default Description
include all Limit result set to comma separated list of IDs.
page 1 Page of the collection to view.
per_page 10 Maximum number of items to be returned per page.
order asc Enum: asc, desc
orderby id Sort collection by defined attribute.
name all Search on wildcard name matches.
url all Search on url matches.
countries all Limit result set to all suppliers that have the countries specified.
categories all Limit result set to all suppliers that have the categories specified.

Get A Supplier

Make sure to replace {[supplier_id}} with a valid supplier ID, {{path}} with your site path and {{token}} with a valid API token.

$curl = curl_init();

curl_setopt_array($curl, array(
    CURLOPT_URL => 'https://tmtprotects.com/{{path}}/wp-json/tmt/v2/suppliers/{[supplier_id}}',
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_ENCODING => '',
    CURLOPT_MAXREDIRS => 10,
    CURLOPT_TIMEOUT => 0,
    CURLOPT_FOLLOWLOCATION => true,
    CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
    CURLOPT_CUSTOMREQUEST => 'GET',
    CURLOPT_HTTPHEADER => array(
        'Authorization: Bearer {{token}}'
    ),
));

$response = curl_exec($curl);

curl_close($curl);
echo $response;
import http.client

conn = http.client.HTTPSConnection("tmtprotects.com")
payload = ''
headers = {
    'Authorization': 'Bearer {{token}}'
}
conn.request("GET", "/{{path}}/wp-json/tmt/v2/suppliers/{{supplier_id}}", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
curl --location --request GET 'https://tmtprotects.com/{{path}}/wp-json/tmt/v2/suppliers/{{supplier_id}}' \
--header 'Authorization: Bearer {{token}}'
var myHeaders = new Headers();
myHeaders.append("Authorization", "Bearer {{token}}");

var requestOptions = {
    method: 'GET',
    headers: myHeaders,
    redirect: 'follow'
};

fetch("https://tmtprotects.com/{{path}}/wp-json/tmt/v2/suppliers/{{supplier_id}}", requestOptions)
    .then(response => response.text())
    .then(result => console.log(result))
    .catch(error => console.log('error', error));

The above command returns JSON structured like this:

{
    "id": "MK-14-AC",
    "name": "Schuster Ltd",
    "url": "https://schusterltd.com",
    "category": "AC",
    "country": "MK"
}

HTTP Request

GET https://tmtprotects.com/{{path}}/wp-json/tmt/v2/suppliers/{{supplier_id}}

Schema

Parameter Type Description
id^ string Unique identifier for the supplier.
name^ string The name of the supplier.
url^ url The url of the supplier's website.
country^ string The ISO 3166-1 alpha-2 country code of the country the supplier is located in.
Enum: valid countries
category^ string The category code of the supplier.
Enum: valid category code

^Readonly

PSPs

When creating a transaction, you must indicate which payment provider was used to process the payment. This is done by including the ID of the PSP in the transactions.psp field. To obtain the ID of a PSP, you can use the name query param to perform wildcard queries of the psps endpoint.

Alternatively, you can refer to the appendix for details on a GUI we provide for searching for PSPs

If you cannot locate the payment processor you are using, please contact our support team and request that they add it for you.

Get All PSPs

Make sure to replace {{path}} with your site path and {{token}} with a valid API token.

$curl = curl_init();

curl_setopt_array($curl, array(
    CURLOPT_URL => 'https://tmtprotects.com/{{path}}/wp-json/tmt/v2/psps',
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_ENCODING => '',
    CURLOPT_MAXREDIRS => 10,
    CURLOPT_TIMEOUT => 0,
    CURLOPT_FOLLOWLOCATION => true,
    CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
    CURLOPT_CUSTOMREQUEST => 'GET',
    CURLOPT_HTTPHEADER => array(
        'Authorization: Bearer {{token}}'
    ),
));

$response = curl_exec($curl);

curl_close($curl);
echo $response;
import http.client

conn = http.client.HTTPSConnection("tmtprotects.com")
payload = ''
headers = {
    'Authorization': 'Bearer {{token}}'
}
conn.request("GET", "/{{path}}/wp-json/tmt/v2/psps", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
curl --location --request GET 'https://tmtprotects.com/{{path}}/wp-json/tmt/v2/psps' \
--header 'Authorization: Bearer {{token}}'
var myHeaders = new Headers();
myHeaders.append("Authorization", "Bearer {{token}}");

var requestOptions = {
    method: 'GET',
    headers: myHeaders,
    redirect: 'follow'
};

fetch("https://tmtprotects.com/{{path}}/wp-json/tmt/v2/psps", requestOptions)
    .then(response => response.text())
    .then(result => console.log(result))
    .catch(error => console.log('error', error));

The above command returns JSON structured like this:

[
    {
        "id": 2,
        "name": "1&1 Cardgate, LLC",
        "_links": {
            "self": [
                {
                    "href": "https://tmtprotects.com/wp/wp-json/tmt/v2/psps/2"
                }
            ],
            "collection": [
                {
                    "href": "https://tmtprotects.com/wp/wp-json/tmt/v2/psps"
                }
            ]
        }
    }
    ...
]

HTTP Request

GET https://tmtprotects.com/{{path}}/wp-json/tmt/v2/psps

Query Parameters

Parameter Default Description
include all Limit result set to comma separated list of IDs.
page 1 Page of the collection to view.
per_page 10 Maximum number of items to be returned per page.
order asc Enum: asc, desc
orderby id Sort collection by defined attribute.
name all Search on name matches.

Get A PSP

Make sure to replace {{psp_id}} with a valid psp ID, {{path}} with your site path and {{token}} with a valid API token.

$curl = curl_init();

curl_setopt_array($curl, array(
    CURLOPT_URL => 'https://tmtprotects.com/{{path}}/wp-json/tmt/v2/psps/{{psp_id}}',
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_ENCODING => '',
    CURLOPT_MAXREDIRS => 10,
    CURLOPT_TIMEOUT => 0,
    CURLOPT_FOLLOWLOCATION => true,
    CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
    CURLOPT_CUSTOMREQUEST => 'GET',
    CURLOPT_HTTPHEADER => array(
        'Authorization: Bearer {{token}}'
    ),
));

$response = curl_exec($curl);

curl_close($curl);
echo $response;
import http.client

conn = http.client.HTTPSConnection("tmtprotects.com")
payload = ''
headers = {
    'Authorization': 'Bearer {{token}}'
}
conn.request("GET", "/{{path}}/wp-json/tmt/v2/psps/{{psp_id}}", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
curl --location --request GET 'https://tmtprotects.com/{{path}}/wp-json/tmt/v2/psps/{{psp_id}}' \
--header 'Authorization: Bearer {{token}}'
var myHeaders = new Headers();
myHeaders.append("Authorization", "Bearer {{token}}");

var requestOptions = {
    method: 'GET',
    headers: myHeaders,
    redirect: 'follow'
};

fetch("https://tmtprotects.com/{{path}}/wp-json/tmt/v2/psps/{{psp_id}}", requestOptions)
    .then(response => response.text())
    .then(result => console.log(result))
    .catch(error => console.log('error', error));

The above command returns JSON structured like this:

{
    "id": 2,
    "name": "1&1 Cardgate, LLC",
    "_links": {
        "self": [
            {
                "href": "https://tmtprotects.com/wp/wp-json/tmt/v2/psps/2"
            }
        ],
        "collection": [
            {
                "href": "https://tmtprotects.com/wp/wp-json/tmt/v2/psps"
            }
        ]
    }
}

HTTP Request

GET https://tmtprotects.com/{{path}}/wp-json/tmt/v2/psps/{{psp_id}}

Schema

Parameter Type Description
id^ integer Unique identifier for the psp.
name^ string The psp name.

^Readonly

Transactions

Although bookings are logged via the API, and essentially we are protecting the booking, it is important to note that the protection for the booking is based on the value of the transactions logged against it. If you generate a booking, it will not be protected until you generate a transaction(s) against it.

Get All Transactions

Make sure to replace {{path}} with your site path and {{token}} with a valid API token.

$curl = curl_init();

curl_setopt_array($curl, array(
    CURLOPT_URL => 'https://tmtprotects.com/{{path}}/wp-json/tmt/v2/transactions',
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_ENCODING => '',
    CURLOPT_MAXREDIRS => 10,
    CURLOPT_TIMEOUT => 0,
    CURLOPT_FOLLOWLOCATION => true,
    CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
    CURLOPT_CUSTOMREQUEST => 'GET',
    CURLOPT_HTTPHEADER => array(
        'Authorization: Bearer {{token}}'
    ),
));

$response = curl_exec($curl);

curl_close($curl);
echo $response;
import http.client

conn = http.client.HTTPSConnection("tmtprotects.com")
payload = ''
headers = {
    'Authorization': 'Bearer {{token}}'
}
conn.request("GET", "/{{path}}/wp-json/tmt/v2/transactions", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
curl --location --request GET 'https://tmtprotects.com/{{path}}/wp-json/tmt/v2/transactions' \
--header 'Authorization: Bearer {{token}}'
var myHeaders = new Headers();
myHeaders.append("Authorization", "Bearer {{token}}");

var requestOptions = {
    method: 'GET',
    headers: myHeaders,
    redirect: 'follow'
};

fetch("https://tmtprotects.com/{{path}}/wp-json/tmt/v2/transactions", requestOptions)
    .then(response => response.text())
    .then(result => console.log(result))
    .catch(error => console.log('error', error));

The above command returns JSON structured like this:

[
    {
        "id": 66,
        "uuid": "d66c45bf-e877-4229-ac9e-8f5025a0f0fd",
        "trust_id": "9-66",
        "created": "2023-01-26 14:43:22",
        "modified": "2023-01-26 14:43:22",
        "author": null,
        "status": "complete",
        "adjustments": [],
        "auth_code": null,
        "author_id": 69,
        "authorname": "elvissauer",
        "allocations": [
            {
                "id": 33,
                "value": 1000,
                "total": 1000,
                "channels": 3433,
                "currencies": "GBP",
                "operator": "flat",
                "reversed": false,
                "debit": {
                    "currencies": "GBP",
                    "total": 1000
                },
                "credit": {
                    "currencies": "GBP",
                    "total": 1000
                }
            }
        ],
        "bookings": [
            {
                "id": 45,
                "total": 9999,
                "reference": "VENICE-12345",
                "country": "IT",
                "channels": "3434",
                "currencies": "GBP"
            }
        ],
        "channels": 3434,
        "content": "",
        "countries": "GB",
        "issuer_countries": "GB",
        "currencies": "GBP",
        "forex_id": null,
        "forex_rate": null,
        "forex": null,
        "hash": "87a702db6531d1fd38cfba49032de5aab7ac67684aae955f11a32f39956abbc2",
        "language": "enGB",
        "last_four_digits": null,
        "linked_id": null,
        "payee_email": "doylehagenes@example.org",
        "payee_name": "Doyle",
        "payee_surname": "Hagenes",
        "payment_ids": [
            179,
            180,
            181
        ],
        "psp": "1202",
        "statement_date": "2023-01-26 00:00:00",
        "title": "Doyle Hagenes | doylehagenes@example.org | purchase",
        "total_remaining": 9999,
        "total": 9999,
        "transaction_type": "purchase",
        "transaction_types": "purchase",
        "_links": {
            "self": [
                {
                    "href": "https://tmtprotects.com/protection-only-site/wp-json/tmt/v2/transactions/66"
                }
            ],
            "collection": [
                {
                    "href": "https://tmtprotects.com/protection-only-site/wp-json/tmt/v2/transactions"
                }
            ]
        }
    }
    ...
]

HTTP Request

GET https://tmtprotects.com/{{path}}/wp-json/tmt/v2/transactions

Query Parameters

Parameter Default Description
include all Limit result set to specific IDs.
page 1 Page of the collection to view.
per_page 10 Maximum number of items to be returned per page.
order asc Enum: asc, desc
orderby id Sort collection by defined attribute.
after all Limit response to posts published after a given ISO8601 compliant date.
before all Limit response to posts published before a given ISO8601 compliant date.
exclude all Ensure result set excludes specific IDs.
status all Limit result set to posts assigned one or more statuses.
channels all Limit result set to all transactions that have the specified terms assigned in the channels taxonomy.
channels_exclude all Limit result set to all transactions except those that have the specified terms assigned in the channels taxonomy.
bin_number all Limit result set to all transactions that have the specified terms assigned in the bin_number taxonomy.
countries all Limit result set to all transactions that have the specified terms assigned in the countries taxonomy.
currencies all Limit result set to all transactions that have the specified terms assigned in the currencies taxonomy.
currencies_exclude all Limit result set to all transactions except those that have the specified terms assigned in the currencies taxonomy.
last_four_digits all Limit result set to all transactions that have the specified terms assigned in the last_four_digits taxonomy.
payment_methods all Limit result set to all transactions that have the specified terms assigned in the payment_methods taxonomy.
transaction_types all Limit result set to all transactions that have the specified terms assigned in the transaction_types taxonomy.
payee_surname all Limit result set to all transactions that have the specified payee_surname
payee_email all Limit result set to all transactions that have the specified payee_email
reference all Reference for the booking(s) the transaction was for.

Get A Transaction

Make sure to replace {{transaction_id}} with a valid transaction ID, {{path}} with your site path and {{token}} with a valid API token.

$curl = curl_init();

curl_setopt_array($curl, array(
    CURLOPT_URL => 'https://tmtprotects.com/{{path}}/wp-json/tmt/v2/transactions/{{transaction_id}}',
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_ENCODING => '',
    CURLOPT_MAXREDIRS => 10,
    CURLOPT_TIMEOUT => 0,
    CURLOPT_FOLLOWLOCATION => true,
    CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
    CURLOPT_CUSTOMREQUEST => 'GET',
    CURLOPT_HTTPHEADER => array(
        'Authorization: Bearer {{token}}'
    ),
));

$response = curl_exec($curl);

curl_close($curl);
echo $response;
import http.client

conn = http.client.HTTPSConnection("tmtprotects.com")
payload = ''
headers = {
    'Authorization': 'Bearer {{token}}'
}
conn.request("GET", "/{{path}}/wp-json/tmt/v2/transactions/{{transaction_id}}", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
curl --location --request GET 'https://tmtprotects.com/{{path}}/wp-json/tmt/v2/transactions/{{transaction_id}}' \
--header 'Authorization: Bearer {{token}}'
var myHeaders = new Headers();
myHeaders.append("Authorization", "Bearer {{token}}");

var requestOptions = {
    method: 'GET',
    headers: myHeaders,
    redirect: 'follow'
};

fetch("https://tmtprotects.com/{{path}}/wp-json/tmt/v2/transactions/{{transaction_id}}", requestOptions)
    .then(response => response.text())
    .then(result => console.log(result))
    .catch(error => console.log('error', error));

The above command returns JSON structured like this:

{
    "id": 66,
    "uuid": "d66c45bf-e877-4229-ac9e-8f5025a0f0fd",
    "trust_id": "9-66",
    "created": "2023-01-26 14:43:22",
    "modified": "2023-01-26 14:43:22",
    "author": null,
    "status": "complete",
    "adjustments": [],
    "auth_code": null,
    "author_id": 69,
    "authorname": "elvissauer",
    "allocations": [
        {
            "id": 33,
            "value": 1000,
            "total": 1000,
            "channels": 3433,
            "currencies": "GBP",
            "operator": "flat",
            "reversed": false,
            "debit": {
                "currencies": "GBP",
                "total": 1000
            },
            "credit": {
                "currencies": "GBP",
                "total": 1000
            }
        }
    ],
    "bookings": [
        {
            "id": 45,
            "total": 9999,
            "reference": "VENICE-12345",
            "country": "IT",
            "channels": "3434",
            "currencies": "GBP"
        }
    ],
    "channels": 3434,
    "content": "",
    "countries": "GB",
    "issuer_countries": "GB",
    "currencies": "GBP",
    "forex_id": null,
    "forex_rate": null,
    "forex": null,
    "hash": "87a702db6531d1fd38cfba49032de5aab7ac67684aae955f11a32f39956abbc2",
    "language": "enGB",
    "last_four_digits": null,
    "linked_id": null,
    "payee_email": "doylehagenes@example.org",
    "payee_name": "Doyle",
    "payee_surname": "Hagenes",
    "payment_ids": [
        179,
        180,
        181
    ],
    "psp": "1202",
    "statement_date": "2023-01-26 00:00:00",
    "title": "Doyle Hagenes | doylehagenes@example.org | purchase",
    "total_remaining": 9999,
    "total": 9999,
    "transaction_type": "purchase",
    "transaction_types": "purchase",
    "_links": {
        "self": [
            {
                "href": "https://tmtprotects.com/protection-only-site/wp-json/tmt/v2/transactions/66"
            }
        ],
        "collection": [
            {
                "href": "https://tmtprotects.com/protection-only-site/wp-json/tmt/v2/transactions"
            }
        ]
    }
}

HTTP Request

GET https://tmtprotects.com/{{path}}/wp-json/tmt/v2/transactions/{{transaction_id}}

Schema

Parameter Type Description
id^ integer Unique identifier for the transaction.
trust_id^ string Identifier for the transaction prefixed with Site ID.
uuid^ string Unique identifier for the transaction.
author^ integer Deprecated: The user ID of the author of the transaction.
author_id^ integer The user ID of the author of the transaction.
authorname^ string The username of the author of the transaction.
status^ string The status of the transaction.
Enum: complete, expired, failed, incomplete, locked, pending
created^ string The date the transaction was created, in GMT.
modified^ string The date the booking was last modified, in GMT.
title^ string The name of the transaction. Auto generated from booking title and transaction type
total_remaining^ integer The total available for refund, capture or void on the transaction.
statement_date^ string The date that the transaction is available for statements.
last_four_digits^ string Last four digits of the credit card used for the transaction. Can be set for protection only requests. Ignored in other requests
forex^ array Forex applied to transaction (forex transaction only). These values will be auto-generated.
forex_id^ integer ID of the forex transaction.
forex_rate^ string Exchange rate applied to transaction (forex transaction only). This value will be auto-generated.
payment_ids^ array IDs of credits and debits generated in relation to the transaction.
adjustments^ array IDs of any transactions that adjusted this one.
content^ string Payment gateway response
language string Mail receipt language.
Enum: deDE, enGB, esES, frFR, itIT, jaJA, kkKK, koKO, lvLV, ptBR, roRO, ruRU, ukUK, uzUZ, zhZH
Default: enGB
channels integer Unique identifier for the channel the transaction is for.
currencies string The ISO 4217 value of the currency of the transaction.
Enum: valid currencies
total integer The transaction total in cents.
transaction_type^ string Deprecated: The transaction type
transaction_types string The transaction type
Enum: purchase, refund
allocations array Allocate part of the transaction to another channel.
bookings array Funds allocation for the booking(s) the transaction is for.
psp string The payment service provider for the transaction. Must be a valid psp ID if channel is protection only
payee_name string The first name of the payer as registered to their payment method (e.g. cardholder name).
payee_surname string The surname of the payer as registered to their payment method (e.g. cardholder name).
payee_email string The email address of the payer.
countries string The ISO 3166-1 alpha-2 value of the country the payment method is registered in.
Enum: valid countries
issuer_countries^ string The ISO 3166-1 alpha-2 value of the country the credit card is registered in.
linked_id integer Unique identifier for the transaction that we are applying the transaction_type to.
auth_code^ string Six digit authorization code generated by the bank when the transaction is created.
hash^ string Hash of the transaction's id, total, status and created timestamp which is used to verify the transaction once created.

^Readonly

Create Purchase Transaction

Make sure to replace {{path}} with your site path and {{token}} with a valid API token.

$curl = curl_init();
curl_setopt_array($curl, array(
    CURLOPT_URL => 'https://tmtprotects.com/{{path}}/wp-json/tmt/v2/transactions',
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_ENCODING => '',
    CURLOPT_MAXREDIRS => 10,
    CURLOPT_TIMEOUT => 0,
    CURLOPT_FOLLOWLOCATION => true,
    CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
    CURLOPT_CUSTOMREQUEST => 'POST',
    CURLOPT_POSTFIELDS => {
        "language": "enGB",
        "channels": 10165,
        "currencies": "GBP",
        "total": 9999,
        "transaction_types": "purchase",
        "allocations": [
            {
                "title": "Sundowner Game Ride",
                "reference": "SG-GR-02349",
                "description": "Tour of the game park at sundown complete with drinks and snacks.",
                "channels": 10342,
                "currencies": "GBP",
                "total": 1000,
                "operator": "flat"
            }
        ],
        "bookings": [
            {
                "id": 342,
                "currencies": "GBP",
                "total": 9999
            }
        ],
        "psp": "1",
        "expiry_month": "05",
        "expiry_year": 2028,
        "payee_name": "John",
        "payee_surname": "Smith",
        "payee_email": "john.smith@example.org",
        "address_street": "23 Long Street",
        "address_street2": "Small Suburb",
        "address_city": "Big City",
        "address_postcode": "1234",
        "countries": "GB",
    },
    CURLOPT_HTTPHEADER => array(
        'Content-Type: application/json',
        'Authorization: Bearer {{token}}'
    ),
));
$response = curl_exec($curl);
curl_close($curl);
echo $response;
import http.client
import json
conn = http.client.HTTPSConnection("tmtprotects.com")
payload = json.dumps({
    "language": "enGB",
    "channels": 10165,
    "currencies": "GBP",
    "total": 9999,
    "transaction_types": "purchase",
    "allocations": [
        {
            "title": "Sundowner Game Ride",
            "reference": "SG-GR-02349",
            "description": "Tour of the game park at sundown complete with drinks and snacks.",
            "channels": 10342,
            "currencies": "GBP",
            "total": 1000,
            "operator": "flat"
        }
    ],
    "bookings": [
        {
            "id": 342,
            "currencies": "GBP",
            "total": 9999
        }
    ],
    "psp": "1",
    "expiry_month": "05",
    "expiry_year": 2028,
    "payee_name": "John",
    "payee_surname": "Smith",
    "payee_email": "john.smith@example.org",
    "address_street": "23 Long Street",
    "address_street2": "Small Suburb",
    "address_city": "Big City",
    "address_postcode": "1234",
    "countries": "GB",
})
headers = {
    'Content-Type': 'application/json',
    'Authorization': 'Bearer {{token}}}}'
}
conn.request("POST", "/{{path}}/wp-json/tmt/v2/transactions", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
 curl --location --request POST 'https://tmtprotects.com/{{path}}/wp-json/tmt/v2/transactions' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer {{token}}' \
--data-raw '{
    "language": "enGB",
    "channels": 10165,
    "currencies": "GBP",
    "total": 9999,
    "transaction_types": "purchase",
    "allocations": [
        {
            "title": "Sundowner Game Ride",
            "reference": "SG-GR-02349",
            "description": "Tour of the game park at sundown complete with drinks and snacks.",
            "channels": 10342,
            "currencies": "GBP",
            "total": 1000,
            "operator": "flat"
        }
    ],
    "bookings": [
        {
            "id": 342,
            "currencies": "GBP",
            "total": 9999
        }
    ],
    "psp": "1",
    "expiry_month": "05",
    "expiry_year": 2028,
    "payee_name": "John",
    "payee_surname": "Smith",
    "payee_email": "john.smith@example.org",
    "address_street": "23 Long Street",
    "address_street2": "Small Suburb",
    "address_city": "Big City",
    "address_postcode": "1234",
    "countries": "GB",
}
var myHeaders = new Headers();
myHeaders.append("Content-Type", "application/json");
myHeaders.append("Authorization", "Bearer {{token}}");


var raw = JSON.stringify({
    "language": "enGB",
    "channels": 10165,
    "currencies": "GBP",
    "total": 9999,
    "transaction_types": "purchase",
    "allocations": [
        {
            "title": "Sundowner Game Ride",
            "reference": "SG-GR-02349",
            "description": "Tour of the game park at sundown complete with drinks and snacks.",
            "channels": 10342,
            "currencies": "GBP",
            "total": 1000,
            "operator": "flat"
        }
    ],
    "bookings": [
        {
            "id": 342,
            "currencies": "GBP",
            "total": 9999
        }
    ],
    "psp": "1",
    "expiry_month": "05",
    "expiry_year": 2028,
    "payee_name": "John",
    "payee_surname": "Smith",
    "payee_email": "john.smith@example.org",
    "address_street": "23 Long Street",
    "address_street2": "Small Suburb",
    "address_city": "Big City",
    "address_postcode": "1234",
    "countries": "GB",
});


var requestOptions = {
    'method: 'POST',
    headers: myHeaders,
    body: raw,
    redirect: 'follow'
};


fetch("https://tmtprotects.com/{{path}}/wp-json/tmt/v2/transactions", requestOptions)
    .then(response => response.text())
    .then(result => console.log(result))
    .catch(error => console.log('error', error));

The above command returns JSON structured like this:

{
    "id": 66,
    "uuid": "d66c45bf-e877-4229-ac9e-8f5025a0f0fd",
    "trust_id": "9-66",
    "created": "2023-01-26 14:43:22",
    "modified": "2023-01-26 14:43:22",
    "author": null,
    "status": "complete",
    "adjustments": [],
    "auth_code": null,
    "author_id": 69,
    "authorname": "elvissauer",
    "allocations": {
        "id": 33,
        "value": 1000,
        "total": 1000,
        "channels": 10342,
        "currencies": "GBP",
        "operator": "flat",
        "reversed": false,
        "debit": {
            "currencies": "GBP",
            "total": 1000
        },
        "credit": {
            "currencies": "GBP",
            "total": 1000
        }
    },
    "bookings": {
        "id": 342,
        "total": 9999,
        "reference": "VENICE-12345",
        "country": "IT",
        "channels": "3434",
        "currencies": "GBP"
    },
    "channels": 10165,
    "content": "",
    "countries": "GB",
    "issuer_countries": "GB",
    "currencies": "GBP",
    "forex_id": null,
    "forex_rate": null,
    "forex": null,
    "hash": "87a702db6531d1fd38cfba49032de5aab7ac67684aae955f11a32f39956abbc2",
    "language": "enGB",
    "last_four_digits": null,
    "linked_id": 351,
    "payee_email": "john.smith@example.org",
    "payee_name": "John",
    "payee_surname": "Smith",
    "payment_ids": [
        179,
        180,
        181
    ],
    "psp": 1,
    "statement_date": "2023-01-26 00:00:00",
    "title": "John Smith | john.smith@example.org | purchase",
    "total_remaining": 9999,
    "total": 9999,
    "transaction_type": "purchase",
    "transaction_types": "purchase",
    "_links": {
        "self": [
            {
                "href": "https://tmtprotects.com/protection-only-site/wp-json/tmt/v2/transactions/66"
            }
        ],
        "collection": [
            {
                "href": "https://tmtprotects.com/protection-only-site/wp-json/tmt/v2/transactions"
            }
        ]
    }
}

HTTP Request

POST https://tmtprotects.com/{{path}}/wp-json/tmt/v2/transactions

Schema

Parameter Type Description
language string Mail receipt language.
Enum: deDE, enGB, esES, frFR, itIT, jaJA, kkKK, koKO, lvLV, ptBR, roRO, ruRU, ukUK, uzUZ, zhZH
Default: enGB
channels^ integer Unique identifier for the channel the transaction is for.
currencies^ string The ISO 4217 value of the currency of the transaction.
Enum: valid currencies
total^ integer The transaction total in cents.
transaction_types^ string purchase
allocations array Allocate part of the transaction to another channel.
bookings^ array Funds allocation for the booking(s) the transaction is for.
psp string The payment service provider for the transaction. Must be a valid psp ID if channel is protection only
expiry_month^ string Expiry month for credit card.
expiry_year^ integer Expiry year for credit card.
payee_name^ string The first name of the payer as registered to their payment method (e.g. cardholder name).
payee_surname^ string The surname of the payer as registered to their payment method (e.g. cardholder name).
payee_email^ string The email address of the payer.
address_street string Address street of the payer. Required by some payment processors.
address_street2 string Address street2 of the payer. Required by some payment processors.
address_city string Address city of the payer. Required by some payment processors.
address_postcode string Address postcode of the payer. Required by some payment processors.
countries^ string The ISO 3166-1 alpha-2 value of the country the payment method is registered in.
Enum: valid countries

^Required

Update A Transaction

Make sure to replace {{path}} with your site path, {{id}} with a valid transaction ID and {{token}} with a valid API token.

$curl = curl_init();
curl_setopt_array($curl, array(
    CURLOPT_URL => 'https://tmtprotects.com/{{path}}/wp-json/tmt/v2/transactions/{{id}}',
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_ENCODING => '',
    CURLOPT_MAXREDIRS => 10,
    CURLOPT_TIMEOUT => 0,
    CURLOPT_FOLLOWLOCATION => true,
    CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
    CURLOPT_CUSTOMREQUEST => 'PUT',
    CURLOPT_POSTFIELDS => {
        "allocations": [
            {
                "title": "Sundowner Game Ride",
                "reference": "SG-GR-02349",
                "description": "Tour of the game park at sundown complete with drinks and snacks.",
                "channels": 10342,
                "currencies": "GBP",
                "total": 1000,
                "operator": "flat"
            }
        ],
    },
    CURLOPT_HTTPHEADER => array(
        'Content-Type: application/json',
        'Authorization: Bearer {{token}}'
    ),
));
$response = curl_exec($curl);
curl_close($curl);
echo $response;
import http.client
import json
conn = http.client.HTTPSConnection("tmtprotects.com")
payload = json.dumps({
    "allocations": [
        {
            "title": "Sundowner Game Ride",
            "reference": "SG-GR-02349",
            "description": "Tour of the game park at sundown complete with drinks and snacks.",
            "channels": 10342,
            "currencies": "GBP",
            "total": 1000,
            "operator": "flat"
        }
    ],
})
headers = {
    'Content-Type': 'application/json',
    'Authorization': 'Bearer {{token}}}}'
}
conn.request("PUT", "/{{path}}/wp-json/tmt/v2/transactions/{{id}}", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
 curl --location --request PUT 'https://tmtprotects.com/{{path}}/wp-json/tmt/v2/transactions/{{id}}' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer {{token}}' \
--data-raw '{
    "allocations": [
        {
            "title": "Sundowner Game Ride",
            "reference": "SG-GR-02349",
            "description": "Tour of the game park at sundown complete with drinks and snacks.",
            "channels": 10342,
            "currencies": "GBP",
            "total": 1000,
            "operator": "flat"
        }
    ],
}
var myHeaders = new Headers();
myHeaders.append("Content-Type", "application/json");
myHeaders.append("Authorization", "Bearer {{token}}");


var raw = JSON.stringify({
    "allocations": [
        {
            "title": "Sundowner Game Ride",
            "reference": "SG-GR-02349",
            "description": "Tour of the game park at sundown complete with drinks and snacks.",
            "channels": 10342,
            "currencies": "GBP",
            "total": 1000,
            "operator": "flat"
        }
    ],
});


var requestOptions = {
    'method: 'PUT',
    headers: myHeaders,
    body: raw,
    redirect: 'follow'
};


fetch("https://tmtprotects.com/{{path}}/wp-json/tmt/v2/transactions/{{id}}", requestOptions)
    .then(response => response.text())
    .then(result => console.log(result))
    .catch(error => console.log('error', error));

The above command returns JSON structured like this:

{
    "id": 66,
    "uuid": "d66c45bf-e877-4229-ac9e-8f5025a0f0fd",
    "trust_id": "9-66",
    "created": "2023-01-26 14:43:22",
    "modified": "2023-01-26 14:43:22",
    "author": null,
    "status": "complete",
    "adjustments": [],
    "auth_code": null,
    "author_id": 69,
    "authorname": "elvissauer",
    "allocations": {
        "id": 33,
        "value": 1000,
        "total": 1000,
        "channels": 10342,
        "currencies": "GBP",
        "operator": "flat",
        "reversed": false,
        "debit": {
            "currencies": "GBP",
            "total": 1000
        },
        "credit": {
            "currencies": "GBP",
            "total": 1000
        }
    },
    "bookings": {
        "id": 342,
        "total": 9999,
        "reference": "VENICE-12345",
        "country": "IT",
        "channels": "3434",
        "currencies": "GBP"
    },
    "channels": 10165,
    "content": "",
    "countries": "GB",
    "issuer_countries": "GB",
    "currencies": "GBP",
    "forex_id": null,
    "forex_rate": null,
    "forex": null,
    "hash": "87a702db6531d1fd38cfba49032de5aab7ac67684aae955f11a32f39956abbc2",
    "language": "enGB",
    "last_four_digits": null,
    "linked_id": 351,
    "payee_email": "john.smith@example.org",
    "payee_name": "John",
    "payee_surname": "Smith",
    "payment_ids": [
        179,
        180,
        181
    ],
    "psp": 1,
    "statement_date": "2023-01-26 00:00:00",
    "title": "John Smith | john.smith@example.org | purchase",
    "total_remaining": 9999,
    "total": 9999,
    "transaction_type": "purchase",
    "transaction_types": "purchase",
    "_links": {
        "self": [
            {
                "href": "https://tmtprotects.com/protection-only-site/wp-json/tmt/v2/transactions/66"
            }
        ],
        "collection": [
            {
                "href": "https://tmtprotects.com/protection-only-site/wp-json/tmt/v2/transactions"
            }
        ]
    }
}

HTTP Request

PUT https://tmtprotects.com/{{path}}/wp-json/tmt/v2/transactions/{{id}}

Schema

Parameter Type Description
allocations array Allocate part of the transaction to another channel.

^Required

Allocations Schema

Parameter Type Description
title string Optional title for the allocation
reference string Optional reference for the allocation
description string Optional description for the allocation
channels integer Unique identifier for the channel the allocation is for.
currencies string The ISO 4217 value of the currency the amount is in. Only required if operator is flat. Must match currency of allocation channel.
Enum: valid currencies
total integer Amount to allocate.
operator string Whether to allocate a percentage or flat amount.
Enum: percent, flat

^Required

Refund A Transaction

Make sure to replace {{path}} with your site path and {{token}} with a valid API token.

$curl = curl_init();
curl_setopt_array($curl, array(
    CURLOPT_URL => 'https://tmtprotects.com/{{path}}/wp-json/tmt/v2/transactions',
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_ENCODING => '',
    CURLOPT_MAXREDIRS => 10,
    CURLOPT_TIMEOUT => 0,
    CURLOPT_FOLLOWLOCATION => true,
    CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
    CURLOPT_CUSTOMREQUEST => 'POST',
    CURLOPT_POSTFIELDS => {
        "channels": 10165,
        "currencies": "GBP",
        "total": 9999,
        "transaction_types": "refund",
        "allocations": [
            {
                "title": "Sundowner Game Ride",
                "reference": "SG-GR-02349",
                "description": "Tour of the game park at sundown complete with drinks and snacks.",
                "channels": 10342,
                "currencies": "GBP",
                "total": 1000,
                "operator": "flat"
            }
        ],
        "bookings": [
            {
                "id": 342,
                "currencies": "GBP",
                "total": 9999
            }
        ],
        "linked_id": 351,
    },
    CURLOPT_HTTPHEADER => array(
        'Content-Type: application/json',
        'Authorization: Bearer {{token}}'
    ),
));
$response = curl_exec($curl);
curl_close($curl);
echo $response;
import http.client
import json
conn = http.client.HTTPSConnection("tmtprotects.com")
payload = json.dumps({
    "channels": 10165,
    "currencies": "GBP",
    "total": 9999,
    "transaction_types": "refund",
    "allocations": [
        {
            "title": "Sundowner Game Ride",
            "reference": "SG-GR-02349",
            "description": "Tour of the game park at sundown complete with drinks and snacks.",
            "channels": 10342,
            "currencies": "GBP",
            "total": 1000,
            "operator": "flat"
        }
    ],
    "bookings": [
        {
            "id": 342,
            "currencies": "GBP",
            "total": 9999
        }
    ],
    "linked_id": 351,
})
headers = {
    'Content-Type': 'application/json',
    'Authorization': 'Bearer {{token}}}}'
}
conn.request("POST", "/{{path}}/wp-json/tmt/v2/transactions", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
 curl --location --request POST 'https://tmtprotects.com/{{path}}/wp-json/tmt/v2/transactions' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer {{token}}' \
--data-raw '{
    "channels": 10165,
    "currencies": "GBP",
    "total": 9999,
    "transaction_types": "refund",
    "allocations": [
        {
            "title": "Sundowner Game Ride",
            "reference": "SG-GR-02349",
            "description": "Tour of the game park at sundown complete with drinks and snacks.",
            "channels": 10342,
            "currencies": "GBP",
            "total": 1000,
            "operator": "flat"
        }
    ],
    "bookings": [
        {
            "id": 342,
            "currencies": "GBP",
            "total": 9999
        }
    ],
    "linked_id": 351,
}
var myHeaders = new Headers();
myHeaders.append("Content-Type", "application/json");
myHeaders.append("Authorization", "Bearer {{token}}");


var raw = JSON.stringify({
    "channels": 10165,
    "currencies": "GBP",
    "total": 9999,
    "transaction_types": "refund",
    "allocations": [
        {
            "title": "Sundowner Game Ride",
            "reference": "SG-GR-02349",
            "description": "Tour of the game park at sundown complete with drinks and snacks.",
            "channels": 10342,
            "currencies": "GBP",
            "total": 1000,
            "operator": "flat"
        }
    ],
    "bookings": [
        {
            "id": 342,
            "currencies": "GBP",
            "total": 9999
        }
    ],
    "linked_id": 351,
});


var requestOptions = {
    'method: 'POST',
    headers: myHeaders,
    body: raw,
    redirect: 'follow'
};


fetch("https://tmtprotects.com/{{path}}/wp-json/tmt/v2/transactions", requestOptions)
    .then(response => response.text())
    .then(result => console.log(result))
    .catch(error => console.log('error', error));

The above command returns JSON structured like this:

{
    "id": 70,
    "uuid": "83241f3a-27dc-4053-ba1b-05a2a000f70d",
    "trust_id": "9-70",
    "created": "2023-01-26 14:43:23",
    "modified": "2023-01-26 14:43:23",
    "author": null,
    "status": "complete",
    "adjustments": [],
    "auth_code": null,
    "author_id": null,
    "authorname": "",
    "allocations": [
        {
            "title": "Sundowner Game Ride",
            "reference": "SG-GR-02349",
            "description": "Tour of the game park at sundown complete with drinks and snacks.",
            "channels": 10342,
            "currencies": "GBP",
            "total": 1000,
            "operator": "flat"
        }
    ],
    "bookings": {
        "id": 342,
        "total": 9999,
        "reference": "VENICE-12345",
        "country": "IT",
        "channels": "3434",
        "currencies": "GBP"
    },
    "channels": 10165,
    "content": "",
    "countries": "GB",
    "issuer_countries": "GB",
    "currencies": "GBP",
    "forex_id": null,
    "forex_rate": null,
    "forex": null,
    "hash": "62dbdc79c392d042ad6511227d583be5d82e14acd82738a4e96f52f4221d9dc6",
    "language": "enGB",
    "last_four_digits": null,
    "linked_id": 351,
    "payee_email": "john.smith@example.org",
    "payee_name": "John",
    "payee_surname": "Smith",
    "payment_ids": [],
    "psp": 1,
    "statement_date": "2023-01-26 00:00:00",
    "title": "John Smith | john.smith@example.org | refund",
    "total_remaining": 0,
    "total": 9999,
    "transaction_type": "refund",
    "transaction_types": "refund",
    "_links": {
        "self": [
            {
                "href": "https://tmtprotects.com/protection-only-site/wp-json/tmt/v2/transactions/70"
            }
        ],
        "collection": [
            {
                "href": "https://tmtprotects.com/protection-only-site/wp-json/tmt/v2/transactions"
            }
        ]
    }
}

To refund a transaction, you make a POST request to the transactions endpoint and include a reference to the ID of the transaction being refunded in the linked_id field.

HTTP Request

POST https://tmtprotects.com/{{path}}/wp-json/tmt/v2/transactions

Schema

Parameter Type Description
channels^ integer Unique identifier for the channel the transaction is for.
currencies^ string The ISO 4217 value of the currency of the transaction.
Enum: valid currencies
total^ integer The transaction total in cents.
transaction_types^ string refund
allocations array Reverse an allocation made in the transaction being refunded. NB: Only applicable if the transaction being refunded involves allocations
bookings^ array Funds allocation for the booking(s) the transaction is for.
linked_id^ integer Unique identifier for the transaction that we are applying the transaction_type to.

^Required

Bulk Import

As well as providing endpoints for creating individual bookings and transactions, we also provide an endpoint for uploading protection only bookings and transactions in bulk via CSV.

An example CSV can be downloaded from https://assets.tmtprotects.com/tmg-protection-only-import-template.csv

This endpoint will always return a status code of 202 along with a payload to indicate the ID of the upload. This can be used to poll for the outcome of the upload.

There is a limit of 1000 lines per CSV upload (excl headers)

Upload

Make sure to replace {{path}} with your site path, {{token}} with a valid API token and "YOUR-UPLOAD-FILE.csv" with a valid CSV.

<?php

$curl = curl_init();

curl_setopt_array($curl, array(
  CURLOPT_URL => 'https://tmtprotects.com/{{path}}/wp-json/tmt/v2/transactions/import',
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => '',
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 0,
  CURLOPT_FOLLOWLOCATION => true,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => 'POST',
  CURLOPT_POSTFIELDS => array('csv'=> new CURLFILE('/Path/To/YOUR-UPLOAD-FILE.csv')),
  CURLOPT_HTTPHEADER => array(
    'Authorization: Bearer {{token}}'
  ),
));

$response = curl_exec($curl);

curl_close($curl);
echo $response;
import http.client
import mimetypes
from codecs import encode

conn = http.client.HTTPSConnection("tmtprotects.com")
dataList = []
boundary = 'wL36Yn8afVp8Ag7AmP8qZ0SA4n1v9T'
dataList.append(encode('--' + boundary))
dataList.append(encode('Content-Disposition: form-data; name=csv; filename={0}'.format('YOUR-UPLOAD-FILE.csv')))

fileType = mimetypes.guess_type('/Path/To/YOUR-UPLOAD-FILE.csv')[0] or 'application/octet-stream'
dataList.append(encode('Content-Type: {}'.format(fileType)))
dataList.append(encode(''))

with open('/Path/To/YOUR-UPLOAD-FILE.csv', 'rb') as f:
  dataList.append(f.read())
dataList.append(encode('--'+boundary+'--'))
dataList.append(encode(''))
body = b'\r\n'.join(dataList)
payload = body
headers = {
  'Authorization': 'Bearer {{token}}',
  'Content-type': 'multipart/form-data; boundary={}'.format(boundary)
}
conn.request("POST", "/{{path}}/wp-json/tmt/v2/transactions/import", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
curl --location --request POST 'https://tmtprotects.com/{{path}}/wp-json/tmt/v2/transactions/import' \
--header 'Authorization: Bearer {{token}}' \
--form 'csv=@"/Path/To/YOUR-UPLOAD-FILE.csv"'
var myHeaders = new Headers();
myHeaders.append("Authorization", "Bearer {{token}}");

var formdata = new FormData();
formdata.append("csv", fileInput.files[0], "YOUR-UPLOAD-FILE.csv");

var requestOptions = {
  method: 'POST',
  headers: myHeaders,
  body: formdata,
  redirect: 'follow'
};

fetch("https://tmtprotects.com/{{{path}}}/wp-json/tmt/v2/transactions/import", requestOptions)
  .then(response => response.text())
  .then(result => console.log(result))
  .catch(error => console.log('error', error));

The above command returns JSON structured like this:

{
    "site": "tmt-test",
    "type": "transaction",
    "author_id": 1746,
    "updated_at": "2021-08-03T14:31:45.000000Z",
    "created_at": "2021-08-03T14:31:45.000000Z",
    "id": 3
}

HTTP Request

POST https://tmtprotects.com/{{path}}/wp-json/tmt/v2/transactions/import

Schema

Field Type Notes
channels^ integer ID of the channel in use
booking_firstname^^ string Firstname of customer the booking is for
booking_surname^^ string Surname of customer the booking is for
booking_email^^ string Valid email address of customer the booking is for
booking_date_start string Date booking starts. Only necessary if the booking is longer than a day. Format: Y-m-d
booking_date^^ string Date booking ends, and therefore is protected until. Format: Y-m-d E.g. 2021-01-01
booking_description^^ string Description of what the booking consists of, and therefore what is being protected
booking_total^^ integer Booking total in currency of channel in cents
booking_countries^^ string ISO 3166-1 alpha-2 country code for country the booking takes place in. NB a comma separated string of country codes should be used if booking takes place in multiple countries
transaction_currencies^ string ISO 4217 currency code that payment was made in. This must be the same currency as the booking
transaction_total^ integer Transaction total in cents
transaction_psp^ integer ID of the PSP used to process the transaction
transaction_payee_name^ string First name of the customer who made payment
transaction_payee_surname^ string Surname of the customer who made payment
transaction_payee_email^ string Valid email address of the customer who made payment
transaction_payee_countries^ string ISO 3166-1 alpha-2 country code for country of the customer who made payment
booking_pax integer Number of people the booking is for
booking_reference string Your reference for the booking
transaction_last_four integer Last four digits of credit card used for payment
transaction_bin_number integer BIN number of credit card used for payment
transaction_card_types string Card type of credit card used for payment. Enum: visa,master,amex,discover,other
booking_id string Trust ID of a booking that is having an additional transaction added (e.g. 3-3772430)

^Required

^^Required if no booking_id provided

Review

Make sure to replace {{upload_id}} with a valid upload ID, {{path}} with your site path and {{token}} with a valid API token.

$curl = curl_init();

curl_setopt_array($curl, array(
    CURLOPT_URL => 'https://tmtprotects.com/{{path}}/wp-json/tmt/v2/uploads/{{upload_id}}',
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_ENCODING => '',
    CURLOPT_MAXREDIRS => 10,
    CURLOPT_TIMEOUT => 0,
    CURLOPT_FOLLOWLOCATION => true,
    CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
    CURLOPT_CUSTOMREQUEST => 'GET',
    CURLOPT_HTTPHEADER => array(
        'Authorization: Bearer {{token}}'
    ),
));

$response = curl_exec($curl);

curl_close($curl);
echo $response;
import http.client

conn = http.client.HTTPSConnection("tmtprotects.com")
payload = ''
headers = {
    'Authorization': 'Bearer {{token}}'
}
conn.request("GET", "/{{path}}/wp-json/tmt/v2/uploads/{{upload_id}}", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
curl --location --request GET 'https://tmtprotects.com/{{path}}/wp-json/tmt/v2/uploads/{{upload_id}}' \
--header 'Authorization: Bearer {{token}}'
var myHeaders = new Headers();
myHeaders.append("Authorization", "Bearer {{token}}");

var requestOptions = {
    method: 'GET',
    headers: myHeaders,
    redirect: 'follow'
};

fetch("https://tmtprotects.com/{{path}}/wp-json/tmt/v2/uploads/{{upload_id}}", requestOptions)
    .then(response => response.text())
    .then(result => console.log(result))
    .catch(error => console.log('error', error));

The above command returns JSON structured like this:

{
    "id": 3,
    "site": "tmt-test",
    "type": "transaction",
    "started_at": "2021-08-03 14:31:46",
    "completed_at": "2021-08-03 14:31:47",
    "processed": {
        "1": {
            "booking": "3-2724237",
            "transaction": "3-2944156"
        }
    },
    "errors": [],
    "author_id": 1746,
    "created_at": "2021-08-03T14:31:45.000000Z",
    "updated_at": "2021-08-03T14:31:47.000000Z"
}

HTTP Request

GET https://tmtprotects.com/{{path}}/wp-json/tmt/v2/imports/{import_id}

Schema

Parameter Type Description
id^ integer The ID of the upload. Corresponds with the id returned by the import endpoint
site^ string Your site path
type^ string The upload type, in this case transaction
started_at^ string Timestamp of import start time
completed_at^ string Timestamp of import complete time. Will be null if import not complete
processed^ object Objects keyed with the number of each successful import row displaying relevant success data
errors^ object Objects keyed with the number of each failed import row displaying relevant error data, in this case the Trust IDs of the booking and transaction uploaded
author_id^ integer ID of the user who uploaded the upload CSV
created_at^ string Timestamp of the import
updated_at^ string Timestamp of last update to import

Payments

The payments endpoint returns all internal payments made against a transaction. These payments include processing fees, reserves, forex credits and allocations.

Get All Payments

Make sure to replace {{path}} with your site path and {{token}} with a valid API token.

$curl = curl_init();

curl_setopt_array($curl, array(
    CURLOPT_URL => 'https://tmtprotects.com/{{path}}/wp-json/tmt/v2/payments',
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_ENCODING => '',
    CURLOPT_MAXREDIRS => 10,
    CURLOPT_TIMEOUT => 0,
    CURLOPT_FOLLOWLOCATION => true,
    CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
    CURLOPT_CUSTOMREQUEST => 'GET',
    CURLOPT_HTTPHEADER => array(
        'Authorization: Bearer {{token}}'
    ),
));

$response = curl_exec($curl);

curl_close($curl);
echo $response;
import http.client

conn = http.client.HTTPSConnection("tmtprotects.com")
payload = ''
headers = {
    'Authorization': 'Bearer {{token}}'
}
conn.request("GET", "/{{path}}/wp-json/tmt/v2/payments", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
curl --location --request GET 'https://tmtprotects.com/{{path}}/wp-json/tmt/v2/payments' \
--header 'Authorization: Bearer {{token}}'
var myHeaders = new Headers();
myHeaders.append("Authorization", "Bearer {{token}}");

var requestOptions = {
    method: 'GET',
    headers: myHeaders,
    redirect: 'follow'
};

fetch("https://tmtprotects.com/{{path}}/wp-json/tmt/v2/payments", requestOptions)
    .then(response => response.text())
    .then(result => console.log(result))
    .catch(error => console.log('error', error));

The above command returns JSON structured like this:

[
    {
        "id": 179,
        "trust_id": "9-179",
        "created": "2023-01-26 14:43:22",
        "modified": "2023-01-26 14:43:22",
        "member_id": 9,
        "currencies": "GBP",
        "payment_types": "debit",
        "total": 100,
        "channels": 3434,
        "transaction_id": 66,
        "payment_classifications": "tmt",
        "content": "3434-66: Protection Only Fee",
        "title": "3434-66: Protection Only Fee",
        "statement_date": "2023-01-26 14:43:22",
        "reversed": false
    }
    ...
]

HTTP Request

GET https://tmtprotects.com/{{path}}/wp-json/tmt/v2/payments

Query Parameters

Parameter Default Description
include all Limit result set to comma separated list of IDs.
page 1 Page of the collection to view.
per_page 10 Maximum number of items to be returned per page.
order asc Enum: asc, desc
orderby id Sort collection by defined attribute.
after all Limit response to posts published after a given ISO8601 compliant date.
before all Limit response to posts published before a given ISO8601 compliant date.
exclude all Ensure result set excludes specific IDs.
status all Limit result set to posts assigned one or more statuses.
channels all Limit result set to all payments that have the specified terms assigned in the channels taxonomy.
channels_exclude all Limit result set to all payments except those that have the specified terms assigned in the channels taxonomy.
payment_classifications all Limit result set to all payments that have the specified terms assigned in the payment_classifications taxonomy.
payment_classifications_exclude all Limit result set to all payments except those that have the specified terms assigned in the payment_classifications taxonomy.
payment_types all Limit result set to all payments that have the specified terms assigned in the payment_types taxonomy.
payment_types_exclude all Limit result set to all payments except those that have the specified terms assigned in the payment_types taxonomy.

Get A Payment

Make sure to replace {{payment_id}} with a valid payment ID, {{path}} with your site path and {{token}} with a valid API token.

$curl = curl_init();

curl_setopt_array($curl, array(
    CURLOPT_URL => 'https://tmtprotects.com/{{path}}/wp-json/tmt/v2/payments/{{payment_id}}',
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_ENCODING => '',
    CURLOPT_MAXREDIRS => 10,
    CURLOPT_TIMEOUT => 0,
    CURLOPT_FOLLOWLOCATION => true,
    CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
    CURLOPT_CUSTOMREQUEST => 'GET',
    CURLOPT_HTTPHEADER => array(
        'Authorization: Bearer {{token}}'
    ),
));

$response = curl_exec($curl);

curl_close($curl);
echo $response;
import http.client

conn = http.client.HTTPSConnection("tmtprotects.com")
payload = ''
headers = {
    'Authorization': 'Bearer {{token}}'
}
conn.request("GET", "/{{path}}/wp-json/tmt/v2/payments/{{payment_id}}", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
curl --location --request GET 'https://tmtprotects.com/{{path}}/wp-json/tmt/v2/payments/{{payment_id}}' \
--header 'Authorization: Bearer {{token}}'
var myHeaders = new Headers();
myHeaders.append("Authorization", "Bearer {{token}}");

var requestOptions = {
    method: 'GET',
    headers: myHeaders,
    redirect: 'follow'
};

fetch("https://tmtprotects.com/{{path}}/wp-json/tmt/v2/payments/{{payment_id}}", requestOptions)
    .then(response => response.text())
    .then(result => console.log(result))
    .catch(error => console.log('error', error));

The above command returns JSON structured like this:

{
    "id": 179,
    "trust_id": "9-179",
    "created": "2023-01-26 14:43:22",
    "modified": "2023-01-26 14:43:22",
    "member_id": 9,
    "currencies": "GBP",
    "payment_types": "debit",
    "total": 100,
    "channels": 3434,
    "transaction_id": 66,
    "payment_classifications": "tmt",
    "content": "3434-66: Protection Only Fee",
    "title": "3434-66: Protection Only Fee",
    "statement_date": "2023-01-26 14:43:22",
    "reversed": false
}

HTTP Request

GET https://tmtprotects.com/{{path}}/wp-json/tmt/v2/payments/{{payment_id}}

Schema

Parameter Type Description
id^ integer Unique identifier for the payment.
trust_id^ string Identifier for the payment prefixed with Site ID.
member_id^ integer Member ID.
created^ string The date the payment was created, in GMT.
modified^ string The date the payment was modified, in GMT.
title^ string The title of the payment.
content^ string Description of the payment.
currencies^ string The ISO 4217 value of the currency of the payment.
Enum: valid currencies
payment_types^ string The type of payment.
Enum: credit, debit
total^ integer The payment total in cents.
channels^ integer Unique identifier for the channel the payment belongs too.
transaction_id^ integer Unique identifier for the transaction that triggered the payment.
payment_classifications^ string The classification of the payment.
Enum: allocation, chargeback-fee, forex, reserve, statement, tmt
statement_date^ string The date that the payent is available for statements.
reversed^ boolean Whether the payment has been subsequently reversed.

^Readonly

Errors

The API uses the following error codes:

Error Code Meaning
400 Bad Request -- Your request is invalid.
401 Unauthorized -- Your API key is wrong.
403 Forbidden -- You do not have permissions to view this resource or perform this action.
404 Not Found -- The item could not be found.
500 Internal Server Error -- We had a problem with our server. Try again later.
504 Server Timeout -- Our server timed out performing the request. Try again later.