Travelfusion Direct Connect XML API > Guidelines  >  

Login Handling Guide

Login Id

All XML requests to the Travelfusion service require a LoginID and an XmlLoginId (except the Login request). The LoginId represents the end user's Travelfusion account. The XmlLoginId represents the account of the XML client (you). In most cases these will both have the same value, as the end user does not normally have their own Travelfusion account. 

Each of these ids can be obtained by submitting a Login request (see Connection Guide). The id returned will be valid indefinitely by default. However Travelfusion supports various security enhancements such that the LoginId can be set to be valid either:

Please contact Travelfusion to discuss these options if you wish to activate either of these raised security levels. 

The LoginId and XmlLoginId must be submitted as child elements of the command name element in every XML request to Travelfusion (except the Login request) - even if they do not appear in the specification for that request. They must also be submitted for non-XML requests such as map generation, and the format will be described in the specification for these requests. Since the map server is a separate server, it must be logged into independently to obtain a separate LoginId for use in map generation requests. A separate username and password will also be needed. 

Security Rules

The security rules currently in place, offered separately or in combination designed for the purpose of only to reduce/prevent fraud. We strongly recommend making use of both features to maximise security. Please note, both features are optional. However, should you decide to not make use of any of the new features, Travelfusion will not take any responsibility for the consequences of any account breaches or fraudulent use of accounts.

IP Whitelisting

Travelfusion will whitelist the IP address(es) you use to connect to our API so your credentials cannot be used from other IPs. If you wish to whitelist your IP address(es) please send a request via email to our Operations team at

Password Expiry

Users with the password expiry feature enabled should change their password before it expires (password expires every 90 days). This can be done either using the reports portal ([USERNAME]) or by sending the NewPassword command directly:














If you have any specific requirements not covered by the above, please contact Travelfusion.