Navigation Data API Overview
The Navigraph Navigation Data API provides access to Jeppessen Navdata in external client applications. The navigation data comes in packages which is a JSON structure referencing one or more files containing navigation data. Before calling endpoints in the API, you need to be authorized and have a valid access token.
The packages endpointRead the “The packages endpoint” section
Packages are fetched from https://api.navigraph.com/v1/navdata/packages.
GET /v1/navdata/packages?format=example-format&package_status=current HTTP/1.1
Host: api.navigraph.com
Authorization: Bearer <access-token>
| Query parameter | Possible values | Description |
|---|---|---|
| format | String with the format-identifier | Makes the endpoint only return a specific format from the packages your client has access to. |
| package_status | outdated | current | future | Filter packages based on status of the package. |
Packages responseRead the “Packages response” section
The response will be different depending on the subscription status of the user that has authorized your application. If the user does not have a subscription the endpoint will return a default outdated package constructed with an old AIRAC source. If your user has a running Navigraph Navigation Data or Ultimate subscription a package created from the current cycle will be returned. The package response looks like this:
[
{
"package_id": "e3a9fb5c-19cc-4723-8e2d-0d251fa04ca4",
"cycle": "2102",
"revision": "1",
"description": "This is a textual description of this package.",
"format": "example-format",
"package_status": "current",
"format_type": "fmsdata_api_package"
"files": [
{
"file_id": "14aeccbf-69aa-4d1f-9884-79573846b1a7",
"key": "navdata.zip",
"hash": "bf76d901d86e1d70b5de53c688222a96f98b241636dd55edbb23affb4532e183",
"signed_url": "https://packages.fmsdata.api.navigraph.com/e3a9fb5c-19cc-4723-8e2d-0d251fa04ca4/navdata.zip?Expires=1614952314&Key-Pair-Id=APKAJO4CE5J24DMH7HHA&Signature=KFaxDfkwFmFc0qL5vbKerQY3XqPE638wozDmnSwl1CysMTy6M8t1ZLlvpv4kBhRYB95Rusc6aoM1h2RlgILr5AFakvOsHhlYEpHMHquz5-2qYeTGzzMMdhKrv6FbI2flooRYTPb6eLGFjKqCMqWkyferLNpGhyduJR2e94HmciKalzu27ipFULgbN-Kr5ehWF1IaPQAcjwNTrTkEcG5qJ~WgQjWo49Tm-dQn9mSPbKlahunazBfMQz8YNAnwZFg4w5rQvHr9e3l77sB3-d3mOavI3LJmhHzJHxgOEbjoh7VVy9~8QwsV2OhzA0aswidiGpnPCDY4c92RIqlop3H2aw__"
}
],
"addons": [
{
"addon_id": "b5773412-5eb8-452b-9077-ea921f3417af"
}
]
}
]
The package objectRead the “The package object” section
| Key | Datatype | Description |
|---|---|---|
| "package_id" | UUID | UUID identifiying this unique package. |
| "cycle" | String | AIRAC Cycle |
| "description" | String | Textual description of the package. |
| "format" | String | The format of the package. |
| "package_status" | "outdated" | "current" | "future" | The package status can be one of the three values. Only backend-clients has access to future cycles. |
| "format_type" | String | Currently there is only "fmsdata_api_package" for public use. |
| "files" | Array | Aray containing File-objects belonging to the package. |
| "addons" | Array | List of UUID:s for add-ons that are using this package. |
The file objectRead the “The file object” section
| Key | Datatype | Description |
|---|---|---|
| "file_id" | UUID | UUID identifying this unique file. |
| "key" | String | The target filename/path. |
| "hash" | String | SHA256 hash of the file. |
| "signed_url" | URL | Signed cloudfront URL. This is what you use to actually download the file. The URL is short-lived and unique for every response. |
Standard application flowRead the “Standard application flow” section
The typical flow for a front-end client (basically any application except websites) is to make a request to the packages endpoint on the start of the application, check if the cycle, revision or package_status is differing from the locally held package and in such case update by downloading the new package. There is no need to check the subscription status for the user as the packages-endpoint will handle this and return the type of package that corresponds to the users subscription state.
Website FlowRead the “Website Flow” section
Some websites such as SimBrief use the navdata-packages for calculations and services in the back-end and cannot depend on users downloading packages independently. This flow enables the back-end of a website to download packages for this purpose. A back-end client has access to outdated and current packages and also has the benefit of being able to download a future cycle some days before the AIRAC cycle switches to allow for precalculations, caching of data etc. The website is using the default outdated cycle for users that does not have a Navigraph subscription and the current cycle for users with subscription. This flow shifts responsibility of data access from the Navigraph API to the implementor and therefore requires a closer partnership with Navigraph than the other available flows.
Getting packagesRead the “Getting packages” section
A back-end client calls the packages endpoint just like a front-end client but should use the Client Credentials flow to retrieve an Access Token.
Back-end clients are recommended to poll the package endpoint once per day to always be in sync in case new revisions of the packages are issued. Be aware that the default package can be updated to a newer revision as well so be sure to not just update the packages with current or future status.
Verifying user subscriptionRead the “Verifying user subscription” section
To enable current data for a user you need to verify the users subscription. The requirements on verifying the subscription are stricter in the Web Flow compared to the other flow as the data is provided to the end-user by your service and not fetched from the Navigraph API. The back-end client itself cannot retrieve subscription status or any other user info. You instead need to use Authorization Code Flow With PKCE to retrieve a user token and perform the subscription check in your back-end to mitigate front-end attack vectors. How to perform this depends a little bit on how you design your application:
- The call to the
/connect/tokenendpoint is performed in the back-end. The subscription status can then safely be read from the tokenssubscriptionclaim which should include "fmsdata". - The front-end calls the
/connect/tokenendpoint and pass the token to the back-end which calls the subscriptions-endpoint using the token. This option is provided for developers that prefer to perform the full Authorization Code Flow With PKCE flow in the front-end.
Typical flow for websites with backend packagesRead the “Typical flow for websites with backend packages” section
-
Check if the user's refresh token is still usable, use it to obtain a new token. Otherwise perform Authorization Code Flow With PKCE and save the refresh token for next time.
-
Use the token to determine subscription status using suitable method described above.
-
If the user has a subscription enable the
currentdataset for that user, otherwise enable theoutdateddataset. Also make sure that you don't enablefuturedata before the AIRAC release date. -
This routine should be performed daily for long-lived sessions and otherwise when the user logs into your service.