Wanderquote
Back to site
API reference

Extension API reference

The browser extension talks to two endpoints. First it exchanges your web session for a short-lived token, then it sends captured holidays to create draft quotes.

Base URL

All endpoints are served from your Wanderquote app origin (for local development, http://localhost:3000).

http://localhost:3000

Authentication

The token endpoint uses your logged-in web session cookie. The quotes endpoint requires the resulting JWT as a Bearer token in the Authorization header. Tokens are short-lived and scoped to your user.

Get an extension token

GET/api/extension/token

Get an extension token

Exchanges the current web session for a signed JWT the extension stores and sends as a Bearer token. Returns 401 if no valid session is present.

Request

GET /api/extension/token
Cookie: <web session cookie>   // credentials: 'include'

Response

200 OK
{
  "token": "eyJhbGciOiJIUzI1Ni, ... (signed JWT)",
  "email": "agent@example.com"
}

token is a signed JWT (valid 7 days); email is the signed-in user's address.

Create a draft quote

POST/api/extension/quotes

Create a draft quote

Validates the Bearer token, resolves your active organization, generates a localized quote from the supplied HolidayData and stores it as a draft. Returns the new quote's id and hosted URL.

Requires Authorization: Bearer [token] from the token endpoint.

Request · Request body

POST /api/extension/quotes
Authorization: Bearer <token>
Content-Type: application/json

{
  "locale": "en",
  "holiday": {
    "supplier": "tui",
    "destination": { "name": "Cancún", "country": "Mexico" },
    "hotel": { "name": "Riu Palace Resort & Spa", "starRating": 5, "board": "all_inclusive" },
    "dates": { "departure": "2026-08-14", "nights": 7 },
    "party": { "adults": 2, "children": 0 },
    "price": { "totalMinor": 249900, "currency": "GBP", "perPerson": false },
    "inclusions": ["Flights", "Transfers", "All inclusive"]
  }
}

locale is one of en, fr or es (defaults to en). holiday is the HolidayData shape below.

Response

200 OK
{
  "quoteId": "clx0a1b2c3d4e5f6g7h8",
  "url": "http://localhost:3000/en/quotes/clx0a1b2c3d4e5f6g7h8"
}

Error responses

401 Unauthorized
Missing, malformed or expired token.
402 Payment Required
Monthly quote allowance exceeded; includes limit and used.
403 Forbidden
The user has no organization to quote under.
400 Bad Request
The payload failed validation; includes Zod issues.

HolidayData shape

The normalized holiday object both the extension adapters and the manual form produce. Prices are integer minor units (e.g. pence) plus an ISO-4217 currency.

supplier
One of tui, jet2, easyjet, onthebeach, classic, olympic, manual, other. Defaults to manual.
destination
name (required), country?, region?, lat?, lng?
hotel?
Optional name, starRating? (0–5), address?, board
hotel.board
room_only, bed_breakfast, half_board, full_board, all_inclusive, self_catering or unknown.
dates
departure (YYYY-MM-DD), nights (positive integer)
party
adults (≥1, default 2), children (≥0, default 0)
price
totalMinor (integer minor units), currency (GBP|EUR|USD), perPerson (default false)
inclusions
Array of strings, e.g. ['Flights', 'Transfers'].
flightInfo?
Optional free-text flight summary.
notes?
Optional free-text notes.