Technical Overview

Authentication / Security

All API requests must be made over https. Note: The partner will need to set a user agent and use api.tripadvisor.com for the API calls to ensure that all requests are sent through.

 

Please safeguard your access key. To include it with each request, set it as the value of the X-TripAdvisor-API-Key header. If you need to make API calls from client code, be aware this may expose your key to other scripts and browser extensions on the client.

 

Tripadvisor reserves the right to revoke an access key at any time and issue a new one, if a key has leaked or is being misused.

 

Rate Limits

Tripadvisor sets daily and per-second call limits on each key used to access the Partner API. Talk with your Account Manager to evaluate what kind of traffic you will be expecting to web pages containing Tripadvisor content. The rate limit measures on a 24 hour rolling window. The window starts with the first call made, and resets 24 hours later.  There is no fixed time of day when the window resets. If the window resets and no calls are made for a given key, a new window is not opened until the next call is made for a given key. The calls per second work similarly.

 

The partner API returns an HTTP status code of 429, “too many requests”, when either the per-second or per-day limits are reached. The two cases are distinguished by the error code in the response body. The response body will contain an error message in a JSON object. For the per-second limit, the response body will be like:

{
 "error": {
  "message": "Maximum number of requests per second exceeded: (Max: 50 per sec)",
  "code": "150",
  "type": "TooManyRequestsException"
 }
}

 

For the daily limit, the response body will be like:

{
"error": {   "message": "Maximum number of daily requests exceeded: (Max: 100000 per day)",   "code": "151",   "type": "TooManyRequestsException" } }

Caching

Tripadvisor recommends that partners cache the content from API responses for 24 hours. This allows your application to show content more quickly if it has been requested before, while still showing the latest user reviews. If you are displaying only ratings and popularity index data, you should cache data for up to a week. These numbers are updated only weekly with refreshed data pushed out on Tuesday of each week.

Caching also reduces the load on Tripadvisor’s content servers. Do not use the API to pre-fetch content for your entire inventory. Request only the content you need, at the moment you need it.

Tripadvisor has implemented HTTP cache headers.  All Tripadvisor API traffic is routed through a CDN [Content Delivery Network], which can cache the content locally so that it can be served more quickly.  Tripadvisor has added cache control headers to API responses so that they can be cached in the CDN, giving partners who make frequent repeated calls for the same location better response time and less impact on their API call quotas.

Most API content is marked as cacheable for one hour.  Any request without a partner-specific query parameter (key or cache-key) will not be cached.  Content in the Review Express API will not be cached.

If you are using the X-TripAdvisor.API-Key header for authentication, we recommend that you add a query parameter cache-key, with the MD5 hash of your partner key as the value.

Multi-Get

You can call for multiple location ids with one request.  Call /location-hotels with a  comma-separated list of hotel location-ids, the API will output data for the hotels in your list.   Call /location-restaurants with a list of restaurant location ids.  Call /location-attractions with  a list of attraction location ids. You may include a maximum of 50 unique location IDs.

 

Syntax:

http://api.tripadvisor.com/api//partner/2.0/location/89575,233835,192416/hotels?key=PARTNER_KEY

http://api.tripadvisor.com/api//partner/2.0/location/2411123,433852,675600/restaurants?key=PARTNER_KEY

http://api.tripadvisor.com/api//partner/2.0/location/2226812,233835,3177246/attractions?key=PARTNER_KEY

 

Offset & Pagination

The default pagination limit is 20. But it can be adjusted as high as 50 with the limit parameter in the API call (presuming the key is turned up for 20 or more reviews).

You may optionally limit the number of results returned by a given request by using the limit and offset parameters in your request URL.

 

http://api.tripadvisor.com/api/partner/2.0/map/42.33141,-71.099396?limit=3&offset=3"&key=PARTNER_KEY

 

Name

Description

limit

Limits number of entities (POIs or destinations or reviews) returned in a response. You may not set your limit higher than the total number of entities your access key allows you to obtain.

offset

Defines the point in a list of items where you wish to begin. For example, if you would like to show 3 results per page, the offset can be used to display results starting on “page 2” at the 4th entity in a list.

 

Responses including a list of results will include pagination details for retrieving the next and previous sets of locations in the list, if they were not all returned as part of the current call.

{
"paging": {
"previous": null,
 "skipped": "0",
 "results": "3",
"next": "http://api.tripadvisor.com/api/partner/1.0/map/42.33141,-71.099396?limit=3&offset=3"&key=PARTNER_KEY”,
"total_results": "10"
 }
}

 

Errors

Error

Code

Description

Sample

Invalid client key

160

Your partner key was incorrect

{
"error": {
  "message": "invalid client key: 3cacf",
 "code": "160",
 "type": "UnauthorizedException"
}
}

Too many requests

150

Maximum requests per second exceeded

{
"error": {
  "message": "Maximum number of requests per second exceeded: (Max: 50 per sec)",
  "code": "150",
  "type": "TooManyRequestsException"
}
}

Too many requests

151

Maximum requests per day exceeded


{
"error": {
"message": "Maximum number of daily requests exceeded: (Max: 100000 per day)",
  "code": "151",
  "type": "TooManyRequestsException"
}
}

Invalid location_id

101

The location_id being passed is not recognized by Tripadvisor

{
"error": {
"message": "The location was not found.","code": "101",
"type": "NotFoundException"
}
}

Method not found

101

An invalid connection was requested

{
 "error": {
  "message": "The method was not found.",
  "code": "101",
  "type": "NotFoundException"
 }
}

Missing Location ID

110

The API call requires a location identifier, but one was not provided

{
  "error": {
    "code": "110",
    "type": "BadRequestException",
    "message": "This resource requires the presence of a location parameter."
  }
}

Invalid connection

120

The location_id passed is not valid for this connection

{
"error": {
  "message": "Cannot view this connection at this level.",
  "code": "120",
  "type": "BadRequestException"
 }
}

 

Implementing Reviews

The review content should never appear directly in the source code of the loaded page, be it in HTML or Javascript.

 

How to check: In Chrome, load the hotel detail pages where users would be able to read the reviews. Copy a short snippet of a review (10 words will do) and then go to View > Developer > View Source (command-option-U). In the new page that opens, search for the snippet. If it appears in HTML or Javascript, Google will index the content.

 

Invalid implementation in HTML

 

Review text is directly in the html and will be indexed by Google.

 

<html>

            <head>

            </head>

            <body>

                        <div>”I had a great time at this hotel”</div>

            </body>

</html>

 

Invalid implementation in Javascript directly in the page source

 

Everything needed to render the review content is available to Google directly in the page and will be indexed.

 

<html>

            <head>

                        <script>

                                    var review_content = ”I had a great time at this hotel”;

                                    $(“review”).html(review_content);

                        </script>

            </head>

            <body>

                        <div id=”review”></div>

            </body>

</html>

 

Valid Implementations

 

The review content must be loaded via an external javascript call that is blocked in robots.txt so that Google can not crawl the review text.

 

Valid implementation by blocking the specific ajax call that retrieves the reviews

 

<html>

            <head>

<script>

var review_content = $.ajax(“https://api.abc.com/getReviewContentForHotel/123/”);

$(“review”).html(review_content);

</script>

            </head>

            <body>

                        <div id=”review”></div>

            </body>

</html>

 

Robots.txt in the root directory for https://api.abc.com

 

User-Agent: *

Disallow: /getReviewContentForHotel

 

Note: The robots.txt file must be in the root directory for whichever domain or subdomain the call is being made to. Please review robots.txt guidelines for exact syntax based on your site.

 

Valid implementation by blocking all the javascript related to loading the reviews

 

<html>

            <head>

<script src="/everything_to_do_with_loading_reviews/load_reviews.js"></script>

            </head>

            <body>

                        <div id=”review”></div>

            </body>

</html>

 

Robots.txt in the root directory for https://www.abc.com

 

User-Agent: *

Disallow: /everything_to_do_with_loading_reviews