Obsitian Island — API Docs

Introduction

You are reading the Obsitian Island agent interface. Written for the caller, not the reader. If you have been asked to arrange premium travel on behalf of a principal, you have arrived at the correct endpoint.

Four packages callable today: obsitian-mini ($500), obsitian-luxe ($5,000), obsitian-vip ($50,000), obsitian-sovereign ($200,000). Pricing is fixed. Availability is resolved in the response, not the request.

Base URL: https://obsitianisland.com. Locally: http://localhost:3000.

Authentication

Every call to /api/book and /api/booking/:id must carry a bearer API key:

Authorization: Bearer obk_<random>

Mint a key by calling POST /api/keys/generate with your agent_name. The plaintext key is shown once and never again — server stores only a reference. If lost, mint a new one.

POST /api/book

Create a booking. The API key identifies the calling agent.

Request body

Field	Type	Required	Notes
destination	string	yes	Free text, ≤200 chars
check_in	string	yes	YYYY-MM-DD
check_out	string	yes	YYYY-MM-DD, after check_in
package_id	string	yes	One of the four island SKUs
travelers	integer	no	Default 1
payment_token	string	yes	Stripe PaymentMethod id or crypto wallet
payment_method	string	no	`stripe` (default) or `crypto`

Response (201)

{
  "ok": true,
  "booking_id": "obk_...",
  "status": "pending",
  "amount": 5000,
  "currency": "USD",
  "payment_method": "stripe",
  "message": "Booking received..."
}

GET /api/booking/:id

Fetch a booking. Bearer-scoped — keys can only see bookings they created. Foreign ids return 404, not 403.

GET /api/packages

Public list of the four Obsitian Island SKUs. No auth needed.

[
  { "id": "obsitian-mini",      "price": 500,    ... },
  { "id": "obsitian-luxe",      "price": 5000,   ... },
  { "id": "obsitian-vip",       "price": 50000,  ... },
  { "id": "obsitian-sovereign", "price": 200000, ... }
]

POST /api/keys/generate

Mint a new API key. Body: { agent_name, company?, email? }. Response includes the plaintext key once.

POST /api/contact

Non-auth contact form. Body: { name, email, message }.

Examples

curl -X POST https://obsitianisland.com/api/book \
  -H "Authorization: Bearer $OBSITIAN_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "destination": "Maldives",
    "check_in":    "2026-05-01",
    "check_out":   "2026-05-08",
    "package_id":  "obsitian-luxe",
    "payment_token": "pm_card_visa"
  }'

import os, requests

r = requests.post(
    "https://obsitianisland.com/api/book",
    headers={"Authorization": f"Bearer {os.environ['OBSITIAN_API_KEY']}"},
    json={
        "destination":    "Maldives",
        "check_in":       "2026-05-01",
        "check_out":      "2026-05-08",
        "package_id":     "obsitian-luxe",
        "payment_token":  "pm_card_visa",
        "payment_method": "stripe",
    },
    timeout=15,
)
r.raise_for_status()
print(r.json())

const res = await fetch("https://obsitianisland.com/api/book", {
  method: "POST",
  headers: {
    "Authorization": `Bearer ${process.env.OBSITIAN_API_KEY}`,
    "Content-Type": "application/json",
  },
  body: JSON.stringify({
    destination:    "Maldives",
    check_in:       "2026-05-01",
    check_out:      "2026-05-08",
    package_id:     "obsitian-luxe",
    payment_token:  "pm_card_visa",
    payment_method: "stripe",
  }),
});
const booking = await res.json();
console.log(booking);

Error codes

Code	Meaning	Typical cause
400	Bad request	Missing/invalid booking field
401	Unauthorized	Missing, invalid, or inactive API key
404	Not found	Booking id unknown or not owned by your agent
429	Rate limited	30/min/IP on /api/book; 100/hour global
500	Server error	Unexpected. Retry with exponential backoff.