Bluecrest DMS/Developer Portal
View API Docs

API Reference

Integrate flight disruption handling — rerouting, compensation, and a care agent — into your kiosk or airline system. All endpoints live under https://api.bluecrestlab.com and require an X-API-Key header.

Overview

The Bluecrest DMS Partner API lets you detect disruptions, serve rebooking options, file compensation claims, and receive webhook callbacks — all in a few API calls.

Base URL

https://api.bluecrestlab.com

Authentication

Pass your API key in every request as an X-API-Key header. Sandbox keys are prefixed wp_sandbox_. Live keys use wp_live_.

1

Check disruption

Submit PNR + flight → get passenger_id + disruption status

2

Get services

Fetch available flights, hotel, transport, compensation

3

Book or claim

Book a service or submit a compensation claim

# Include this header on every request
X-API-Key: wp_sandbox_xxxxxxxxxxxxxxxxxxxxxxxx

# Example authenticated request
curl https://api.bluecrestlab.com/v1/partner/passengers/check \
  -H "X-API-Key: wp_sandbox_xxxx…"

Check disruption

POST/v1/partner/passengers/check
Submit a PNR (booking reference), last name, flight number, and flight date to check whether the passenger is disrupted. Returns a passenger_id used in all subsequent calls.

Parameters

ParameterTypeRequiredDescription
pnrstringrequiredBooking reference (e.g. SBTEST1)
last_namestringrequiredPassenger last name, uppercase
flight_numberstringrequiredIATA flight code (e.g. BA123)
flight_datestringrequiredISO date YYYY-MM-DD
curl -X POST https://api.bluecrestlab.com/v1/partner/passengers/check \
  -H "X-API-Key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "pnr": "SBTEST1",
    "last_name": "SMITH",
    "flight_number": "BA123",
    "flight_date": "2026-04-16"
  }'
Response200 OK
{
  "passenger_id": "a1b2c3d4-…",
  "disrupted": true,
  "disruption_type": "DELAYED",
  "delay_minutes": 120,
  "state": "DISRUPTION_CONFIRMED"
}

Get services

GET/v1/partner/passengers/{id}/services
Returns available rerouting options for the disrupted passenger: alternative flights, hotel, ground transport, and compensation eligibility. Call this after check returns disrupted: true.

Parameters

ParameterTypeRequiredDescription
idstring (path)requiredpassenger_id returned by /check
curl "https://api.bluecrestlab.com/v1/partner/passengers/{passenger_id}/services" \
  -H "X-API-Key: YOUR_API_KEY"
Response200 OK
{
  "flights": [
    {
      "offer_id": "off_sandbox_001",
      "origin": "LHR",
      "destination": "JFK",
      "departs_at": "2026-04-16T14:00:00Z",
      "arrives_at": "2026-04-16T22:00:00Z",
      "cabin_class": "ECONOMY",
      "price_gbp": 0
    }
  ],
  "hotel": { "name": "Novotel Heathrow", "nights": 1, "price_gbp": 0 },
  "transport": null,
  "compensation": { "amount_gbp": 350, "eu_regulation": "EC 261/2004", "eligible": true }
}

Book service

POST/v1/partner/passengers/{id}/book
Book a flight, hotel, or ground transport for the passenger. The offer_id comes from the /services response. In sandbox mode, card number 4111111111111111 always succeeds.

Parameters

ParameterTypeRequiredDescription
service_typestringrequired"flight" | "hotel" | "transport"
offer_idstringrequiredoffer_id from /services
payment_methodstringrequired"card" | "voucher"
card_numberstringoptionalRequired when payment_method=card
card_expirystringoptionalMM/YY format
card_cvvstringoptional3-digit CVV
curl -X POST https://api.bluecrestlab.com/v1/partner/passengers/{passenger_id}/book \
  -H "X-API-Key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "service_type": "flight",
    "offer_id": "off_sandbox_001",
    "payment_method": "card",
    "card_number": "4111111111111111",
    "card_expiry": "12/28",
    "card_cvv": "123"
  }'
Response200 OK
{
  "booking_id": "bk_sandbox_001",
  "state": "BOOKED",
  "service_type": "flight",
  "confirmation_code": "XK9TY2",
  "created_at": "2026-04-16T09:00:00Z"
}

Submit claim

POST/v1/partner/passengers/{id}/claim
File a compensation claim under EC 261/2004. The passenger must have compensation.eligible: true in their services response. Payouts are processed within 7 business days in production.

Parameters

ParameterTypeRequiredDescription
payment_methodstringrequired"bank_transfer" | "revolut"
account_numberstringoptionalRequired for bank_transfer
sort_codestringoptionalUK sort code (00-00-00 format)
curl -X POST https://api.bluecrestlab.com/v1/partner/passengers/{passenger_id}/claim \
  -H "X-API-Key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "payment_method": "bank_transfer",
    "account_number": "12345678",
    "sort_code": "00-00-00"
  }'
Response200 OK
{
  "claim_id": "cl_sandbox_001",
  "amount_gbp": 350,
  "state": "CLAIM_SUBMITTED",
  "payout_eta_days": 7,
  "created_at": "2026-04-16T09:15:00Z"
}

Webhooks

POST/v1/partner/webhooks
Register a callback URL to receive real-time events as passengers move through the disruption flow. Every delivery is signed with HMAC-SHA256 so you can verify authenticity. The secret in the response is shown once — store it securely.

Parameters

ParameterTypeRequiredDescription
urlstringrequiredHTTPS URL to receive events
descriptionstringoptionalHuman-readable label
curl -X POST https://api.bluecrestlab.com/v1/partner/webhooks \
  -H "X-API-Key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://yourdomain.com/bluecrest/events",
    "description": "Production webhook"
  }'
Response200 OK
{
  "id": "wh_abc123",
  "url": "https://yourdomain.com/bluecrest/events",
  "secret": "whsec_xxxxxxxxxxxxxxxxxx",
  "created_at": "2026-04-16T09:00:00Z"
}

Event types

passenger.disruption_confirmedDisruption verified — services available to fetch
passenger.evidence_submittedEvidence step completed
passenger.bookedFlight / hotel / transport booking confirmed
passenger.completedFull passenger journey resolved
passenger.claim_submittedCompensation claim filed
passenger.escalatedIssue escalated to airline staff

Verifying signatures

Each delivery includes an X-Bluecrest-Signature header containing the HMAC-SHA256 hex digest of the raw request body, signed with your webhook secret.

Bluecrest DMS retries failed deliveries up to 3 times with exponential backoff: 5s → 25s → 125s. A delivery is considered failed if your endpoint returns a non-2xx status or times out after 10s.

import hmac, hashlib

def verify_bluecrest_signature(
    payload_bytes: bytes,
    signature_header: str,
    secret: str
) -> bool:
    expected = hmac.new(
        secret.encode(), payload_bytes, hashlib.sha256
    ).hexdigest()
    return hmac.compare_digest(expected, signature_header)

# FastAPI example:
# sig = request.headers.get("X-Bluecrest-Signature")
# body = await request.body()
# if not verify_bluecrest_signature(body, sig, WEBHOOK_SECRET):
#     raise HTTPException(status_code=401)

Sandbox

POST/v1/dev/sandbox/seed/{scenario_id}
Your sandbox key (wp_sandbox_…) runs against an isolated airline with pre-built test scenarios. No real bookings or payments are made. Seed a scenario to populate test passengers, then call /check with the credentials below.

Parameters

ParameterTypeRequiredDescription
scenario_idstring (path)requiredscenario_delay_2h | scenario_cancelled | scenario_claim_eligible
# Seed a test scenario
curl -X POST https://api.bluecrestlab.com/v1/dev/sandbox/seed/scenario_delay_2h \
  -H "X-API-Key: YOUR_API_KEY"

# Check sandbox state
curl https://api.bluecrestlab.com/v1/dev/sandbox/state \
  -H "X-API-Key: YOUR_API_KEY"

# Reset all sandbox data
curl -X POST https://api.bluecrestlab.com/v1/dev/sandbox/reset \
  -H "X-API-Key: YOUR_API_KEY"
Response200 OK
{
  "active_scenarios": ["scenario_delay_2h"],
  "disruption_events": 3,
  "passengers": 3,
  "cases": 0,
  "last_reset": "2026-04-16T08:00:00Z"
}

2-hour delay — BA123

scenario_delay_2h

PNR: SBTEST1 / SBTEST2 / SBTEST3 · Last name: SMITH / JONES / PATEL

Tests compensation eligibility (≥2hr delay on EC261 route)

Cancellation — BA456

scenario_cancelled

PNR: SBCANC1–5 · Last name: ANDERSON / BROWN / CLARK / DAVIS / EVANS

Tests rerouting across all cabin classes

Claim eligible — EK202

scenario_claim_eligible

PNR: SBCLAIM1 · Last name: ANDERSON

Passenger pre-confirmed disrupted — skip straight to /services

Errors

All errors return JSON with a detail field describing the problem. Use the HTTP status code to determine the error class.

CodeNameDescription
400Bad requestValidation error — check the detail field
401UnauthorisedMissing or invalid X-API-Key header
404Not foundPassenger ID doesn't exist or belongs to another account
409ConflictDuplicate action (e.g. re-registering an existing email)
422UnprocessableRequest body failed schema validation
429Rate limitedToo many requests — back off and retry
500Server errorInternal error — contact support if it persists