Fits your setup

Compliance API

The compliance layer slots in behind the booking system you already run.

Already have a booking system you trust? Keep it. MyATOL issues and reconciles through its API, so the compliance layer slots in behind what you already run, and nothing else has to change.

Arrange a demonstration All capabilities

POST /v1/certificates
{ "kind": "single",
  "passengers": 3,
  "protectedCost": 482000 }

201 · certificate issued
    · counted against licence
    · reconciled into Q3 return

Reconciled into Q3 return

Day one

API available from launch
Same loop

Issued, counted, reconciled
One return

Interface, API or consultancy

The reconciliation loop

Feeds every beat

The same loop, by API

A certificate issued over the API is the same certificate issued in the interface: ORS3 format, server-stamped, counted against your licence, and reconciled into the period's return as it is created. The API is the product, available from day one.

Q1 2026 return

Apr – Jun · departure basis

As issued	500 · £1.46m
After errors	494 · £1.44m
After changes	489 · £1.43m
APC payable	£1,222.50

Lock in: confirm filed

Reconciled live as certificates are issued

One return, however you issue

Some certificates by interface, some by API, some through a consultancy. The figures all land in the same return. One reconciled position for the period, whatever the mix. Build once against the API, and your compliance reporting takes care of itself.

Worklist · your clients

Q1 2026

Sunseeker TravelLocked · 2 discrepancies

Coastline HolidaysOpen · due in 9 days

Apex ToursLocked · clean

Built in

What's included.

Issue all certificate types over the API
API-key access for every issuer
Server-stamped and ORS3, same as the interface
Counted against your licence automatically
Reconciled into the period's return on issue
One return across interface, API and consultancy

Questions

Straight answers.

Is the API a bolt-on, or the product?

The product, available from launch, not a later add-on bolted onto a screen-first system. Anything you can issue in the interface you can issue by API, and it is governed by exactly the same rules.

Do we have to replace our booking system?

No. The compliance layer slots in behind what you already run. Issue and reconcile by API; nothing else has to change.

Some certificates by interface, some by API: does the return fragment?

No. The figures are not kept per channel. Every booking feeds one period position, whether it came from the interface, the API, or a consultancy. You build against the API once and the reconciliation is already shared.

Who gets API access?

API keys are ownership-native: a manager provisions keys for the users it manages, each scoped to exactly what that user could do in a session. Every issuer can be given key access.

Certificates in the CAA's ORS3 format. Licence usage, returns and APC on the regulator's own basis.

MyATOL

See it on your own ATOL.

Issue and reconcile through the MyATOL API. Keep your existing booking system; the compliance layer slots in, and the figures land in the same return.

Arrange a demonstration All capabilities