Travel Rule Protocol (TRP) API (3.2.1)

Public TRP API for VASP-to-VASP Travel Rule data exchange.

Working with the documentation

This section describes the public endpoints of the Travel Rule Protocol (TRP) Registry API. These endpoints allow third-party systems and Virtual Asset Service Providers (VASPs) to discover, identify and register participants in the TRP network.

The API follows REST conventions and returns responses in JSON format. All requests should be made over HTTPS.

Introduction: How the TRP Public API Works

The TRP API enables VASPs to:

  • Authenticate using API keys
  • Generate unique Travel Addresses for beneficiaries
  • Initiate Travel Rule transfers
  • Exchange originator and beneficiary data securely
  • Receive callback notifications from TRP during the verification process

TRP follows global compliance standards (FATF, IVMS101) and ensures secure, encrypted communication between VASPs.

Every integration follows one simple flow:

  1. Request JWT token → authenticate your VASP
  2. Generate Travel Address → unique identifier for the beneficiary VASP
  3. Initiate Transfer → send IVMS101-compliant data
  4. Receive callback → TRP sends status updates to your backend

Authentication Overview

Before calling any protected endpoint, your system must generate a JWT access token using your API Key. This ensures:

  • Secure API access
  • Verified VASP identity
  • Ability to track API usage
  • Authorization for initiating Travel Rule transfers

The access token is short-lived (TTL ≈ 1 hour) for security reasons. Pass it as Authorization: Bearer <jwt> on every protected endpoint.

Conventions

  • All bodies are application/json unless explicitly stated.
  • Successful responses are wrapped in { "status": true, "data": ... }.
  • Errors are wrapped in { "status": false, "errors": [{ "code", "message" }] }.
  • Timestamps use ISO-8601 in UTC.
  • Country codes follow ISO-3166-1 alpha-2.
Download OpenAPI description
openapi.json
openapi.yaml
Overview
URL

https://docs.travel-rule.com

KYCAID TRP Team

support@travel-rule.com

License

Proprietary

Languages
Servers
Production public API host

https://trp.travel-rule.com/

http://localhost:3000/

Identity

Public identity endpoints. These return non-sensitive VASP metadata (legal name, LEI, x509 public key) and server health. They do not require authentication.

Operations

Auth

Authentication endpoints. Use your API Key (issued in the TRP dashboard) to obtain a short-lived JWT that authorises every protected call.

Operations

Address

Travel Address endpoints. A Travel Address is an opaque, URL-safe encoding of a beneficiary VASP route. It is generated by the beneficiary VASP and shared with the originator VASP so that IVMS101 data can be routed back.

Operations

Generate Travel Address

Request

Creates (or upserts) a beneficiary applicant on your VASP and returns a routable Travel Address that other VASPs can use to deliver IVMS101 beneficiary data back to you.

The Travel Address encodes:

  • your VASP domain,
  • the beneficiary's publicId,
  • the lookup path /transfers/inquiry/{beneficiaryPublicId},
  • the t=i query (inquiry routing hint).

If an applicant with the same externalId or (firstName,lastName,walletAddress) tuple already exists, it is reused — Travel Addresses are stable per beneficiary.

Security
BearerAuth
Bodyapplication/jsonrequired
personTypestringrequired
Default "natural"
Value"natural"
Discriminator
firstNamestring<= 100 charactersrequired
Example: "Alice"
lastNamestring<= 100 charactersrequired
Example: "Liddell"
externalIdstring[ 1 .. 255 ] characters
walletAddressstring[ 1 .. 100 ] characters[a-fA-F0-9]

Beneficiary wallet address. Must contain at least one hex character (validator enforces /[a-fA-F0-9]/).

isSelfHostedboolean
curl -i -X POST \
  https://trp.travel-rule.com/travel-address/generate \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{
    "personType": "natural",
    "firstName": "Alice",
    "lastName": "Liddell"
  }'

Responses

A unique Travel Address.

Bodyapplication/json
statusboolean
Value true
dataobject
Response
application/json
{
  "status": true,
  "data": {
    "travelAddress": "ta1qexamplebeneficiaryvasp1ahjk23"
  }
}

Decode Travel Address

Request

Verifies and decodes a Travel Address back into its target URL. Use this client-side to preview where a transfer will be routed before initiating it.

Security
BearerAuth
Bodyapplication/jsonrequired
travelAddressstring[ 1 .. 200 ] characters[a-fA-F0-9]required

Encoded Travel Address. Must contain at least one hex character (validator enforces /[a-fA-F0-9]/).

curl -i -X POST \
  https://trp.travel-rule.com/travel-address/decode \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{
    "travelAddress": "ta1qexamplebeneficiaryvasp1ahjk23"
  }'

Responses

Decoded target URL.

Bodyapplication/json
statusboolean
Value true
dataobject
Response
application/json
{
  "status": true,
  "data": {
    "parsedUrl": "example.com/transfers/inquiry/0193abc4-1234-7890-abcd-ef1234567890?t=i"
  }
}

Transfer

High-level Travel Rule transfer operations from the originator VASP perspective. Transfers can flow two ways depending on what was provided at initiation:

  • OPEN_VASP — beneficiary VASP is reachable via Travel Address.
  • EMAIL — beneficiary VASP is unknown; we send an email so the recipient can self-attest.
Operations

Compliance

Inter-VASP compliance endpoints called when TRP routes data between participating VASPs. They are typically invoked by other VASPs / TRP itself, not by your front-end.

Operations

Discovery

Look up other VASPs in the TRP registry by domain, LEI, name, email, or directory ID.

Operations

Callbacks

Webhooks