Authorization
TravelPerk
Prerequisites
TravelPerk supports two authentication methods: API Key and OAuth 2.0. The method you choose depends on how your integration is structured.
- API Key is the simpler option and is recommended for internal integrations, server-to-server data pipelines, and environments where a single TravelPerk account is used. API keys are scoped to the account that generates them and do not require an OAuth consent flow.
- OAuth 2.0 is required for multi-tenant integrations, marketplace apps, or any scenario where end users authorize your application to access their TravelPerk data. This method follows the standard authorization code flow and requires you to register a developer application in TravelPerk.
Obtain a TravelPerk API Key
API keys can only be created by TravelPerk administrators. If you are not an administrator, request that your TravelPerk admin generate an API key for use with Nexla.
-
Sign in to your TravelPerk account at app.travelperk.com.
-
Navigate to Account Settings in the top-right menu, then select the Developers section.
-
Under API Keys, click New API Key to generate a new key.
-
Provide a descriptive name for the key (for example, "Nexla Integration") so that you can identify its purpose later.
-
Copy the generated API key immediately and store it securely — TravelPerk will not show the full key again after you leave this page.
TravelPerk API keys are long-lived credentials tied to the administrator account that created them. Treat your API key like a password: do not share it publicly or commit it to source control. For additional reference, see the TravelPerk Developer Features documentation.
Register an OAuth 2.0 Application
OAuth 2.0 credentials are required for applications that act on behalf of multiple TravelPerk users or that are distributed as marketplace integrations.
-
Sign in to your TravelPerk account and navigate to Account Settings > Developers.
-
Under OAuth Applications, click Register Application.
-
Provide the following information for your application:
- Application Name: A descriptive name that users will see during the OAuth consent screen (for example, "Nexla Data Integration").
- Redirect URI: The callback URL where TravelPerk will send the authorization code after user consent. For Nexla, use the redirect URI provided in your Nexla credential configuration.
- Scopes: Select the scopes that correspond to the TravelPerk data your integration needs to access. Common scopes include:
trips:read— Read trip and booking datainvoices:read— Read invoice and expense datausers:read— Read user profilesusers:write— Create and update user profilestravel_policies:read— Read travel policy definitionsexpenses:read— Read expense reportswebhooks:read— List webhook subscriptionswebhooks:write— Create and manage webhooks
-
After saving the application, copy the Client ID and Client Secret — you will enter these values in the Nexla credential configuration.
Request only the scopes that your integration requires. Over-privileged credentials increase security risk. The TravelPerk sandbox environment is available at app.sandbox-travelperk.com and uses the same credential structure, allowing you to develop and test integrations without affecting live data. Additional guidance is available in the TravelPerk Develop an Integration guide.
Create a TravelPerk Credential
- To create a new TravelPerk credential, after selecting the data source/destination type, click the Add Credential tile to open the Add New Credential overlay.
Credential Name & Description
-
Enter a name for the credential in the Credential Name field and a short, meaningful description in the Credential Description field.
Resource descriptions are recommended but are not required. They should be used to provide information about the resource purpose, data freshness, etc. that can help the owner and other users efficiently understand and utilize the resource.
Authentication Method
TravelPerk credentials support two authentication methods. Select the tab below that matches the method you are configuring.
TravelPerk Authentication Methods
- API Key
- OAuth 2.0
Authenticate using a TravelPerk API key. This method is recommended for internal integrations and server-to-server data pipelines. The API key is created by a TravelPerk administrator under Account Settings > Developers > API Keys.
- Enter your TravelPerk API key in the **API Key** field. This key is used to authenticate all API requests made by Nexla on behalf of your TravelPerk account. It should be kept secure and not shared.
- Select the **Environment** from the pulldown menu. Choose **Production** to connect to your live TravelPerk data at `app.travelperk.com`. Choose **Sandbox** to connect to the TravelPerk sandbox environment at `app.sandbox.travelperk.com` for testing and development purposes without affecting live data.
Authenticate via the OAuth 2.0 authorization code flow. This method is required for marketplace integrations, multi-tenant applications, and scenarios where end users authorize your application to access their TravelPerk data. You must first register an OAuth application in TravelPerk to obtain a Client ID and Client Secret.
- Enter the **Client ID** from your registered TravelPerk OAuth application in the **Client ID** field. The Client ID is a public identifier for your application and is obtained from Account Settings > Developers > OAuth Applications in TravelPerk.
- Enter the **Client Secret** from your registered TravelPerk OAuth application in the **Client Secret** field. The Client Secret is a confidential value that authenticates your application to TravelPerk — keep it secure and do not share it.
- Enter the OAuth scopes your integration requires in the **OAuth Scopes** field as a space-separated list. The default value includes the most commonly needed scopes: `trips:read invoices:read users:read users:write travel_policies:read expenses:read webhooks:read webhooks:write`. Remove any scopes your integration does not need to follow the principle of least privilege. After entering credentials, you will be redirected to TravelPerk to complete the OAuth authorization flow and grant consent.
Save the Credential
-
Once all of the relevant steps in the above sections have been completed, click the Save button at the bottom of the overlay to save the configured credential.
-
The newly added credential will now appear in a tile on the Authenticate screen during data source/destination creation and can be selected for use with a new data source or destination.