navan-incident-runbook

Navan Incident Runbook

Overview

Structured incident response for Navan travel platform disruptions. Navan uses raw REST APIs with OAuth 2.0 — there is no SDK and no sandbox. All diagnostic commands run against production.

Prerequisites

• Access to Navan admin console (Admin > Travel admin)
• OAuth credentials (client_id, client_secret) stored in your secret manager
• Familiarity with Navan's Ava AI assistant (in-app chat, first-line support)
• curl and jq for API health probing

Instructions

Step 1 — Classify Severity

Severity	Condition	Response Time	Escalation
P1 — Critical	API fully down, all bookings failing	Immediate	Navan support + Ava AI + internal exec
P2 — High	Degraded performance, partial failures	15 minutes	Navan support + internal travel admin
P3 — Medium	Intermittent errors, expense sync delays	1 hour	Internal triage, monitor
P4 — Low	Cosmetic issues, non-blocking warnings	Next business day	Internal backlog

Step 2 — Triage with Ava AI

Before manual debugging, use Navan's built-in AI assistant:

1. Open the Navan app or visit app.navan.com
2. Click the Ava chat icon (bottom-right)
3. Describe the issue — Ava can check booking status, rebook flights, and surface known outages
4. If Ava cannot resolve, proceed to API health checks

Step 3 — API Health Check

# Test OAuth authentication
AUTH_RESPONSE=$(curl -s -w "\n%{http_code}" \
  -X POST "https://api.navan.com/ta-auth/oauth/token" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=client_credentials&client_id=$NAVAN_CLIENT_ID&client_secret=$NAVAN_CLIENT_SECRET")

HTTP_CODE=$(echo "$AUTH_RESPONSE" | tail -1)
BODY=$(echo "$AUTH_RESPONSE" | sed '$d')

echo "Auth endpoint: HTTP $HTTP_CODE"
echo "$BODY" | jq '{token_present: (.access_token != null), error: .error}' 2>/dev/null

# Test booking retrieval (requires valid token)
TOKEN=$(echo "$BODY" | jq -r '.access_token')
curl -s -w "\nHTTP %{http_code}" \
  -H "Authorization: Bearer $TOKEN" \
  "https://api.navan.com/v1/bookings?page=0&size=50" | tail -1

Step 4 — Incident-Specific Playbooks

Booking API Failure (P1/P2):

1. Confirm via API health check above — look for HTTP 500/503
2. Check if the issue is flight-specific or hotel-specific by testing both trip types
3. Direct travelers to Navan mobile app or phone support as fallback
4. Queue failed booking requests for retry with exponential backoff

OAuth Token Failure (P1):

1. Test with curl against /ta-auth/oauth/token — expect HTTP 200 with access_token field
2. If HTTP 401: credentials may be rotated; check Admin > Integrations
3. If HTTP 403: API access may be revoked; contact Navan admin
4. Re-request a token via POST /ta-auth/oauth/token with grant_type=client_credentials

Expense Sync Failure (P2/P3):

1. Check the Expense Transaction API status — this endpoint requires separate enablement
2. Verify your Fivetran/Airbyte connector status if using a data pipeline
3. Check TRANSACTION table freshness — incremental sync may be lagging
4. Validate that expense categories map correctly to your ERP

Flight Cancellation / Disruption (P2):

1. Use Ava AI to check rebooking options — Ava handles most rebookings automatically
2. Verify traveler's profile has correct loyalty program numbers
3. Check /v1/bookings for the affected booking UUID
4. Coordinate with travel admin for policy exception approvals if rebooking exceeds budget

Step 5 — Escalation Path

Level	Contact	When
L1	Ava AI assistant	Always start here
L2	Navan Help Center	Ava cannot resolve; app.navan.com/app/helpcenter
L3	Navan account manager	P1/P2 unresolved after 30 minutes
L4	Internal executive sponsor	Business-critical travel disruption

Step 6 — Post-Incident Review

After resolution, create a post-incident record:

cat > "incident-$(date +%Y%m%d-%H%M%S).md" <<'INCEOF'
## Incident Report
- **Severity**: P?
- **Duration**: Start — End
- **Impact**: Number of affected travelers/bookings
- **Root Cause**: (API outage / credential issue / sync failure / ...)
- **Resolution**: Steps taken
- **Prevention**: Changes to avoid recurrence
INCEOF

Output

• Severity classification for the incident
• API health check results confirming platform vs local issue
• Executed playbook steps with outcomes
• Escalation actions taken with timestamps
• Post-incident report document

Error Handling

HTTP Code	Meaning	Runbook Action
401	Authentication failed	Check credential rotation; re-authenticate
403	Access denied	Verify API integration is enabled in admin
429	Rate limited	Back off; check Retry-After header value
500	Server error	Navan-side issue; escalate to L2/L3
502/503	Service unavailable	Platform outage; escalate immediately

Examples

Quick API status check during an incident:

# One-liner health probe
curl -s -o /dev/null -w "Auth: %{http_code} (%{time_total}s)\n" \
  -X POST "https://api.navan.com/ta-auth/oauth/token" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=client_credentials&client_id=$NAVAN_CLIENT_ID&client_secret=$NAVAN_CLIENT_SECRET"

Resources

• Navan Help Center — Support portal and known issues
• Navan Security — Infrastructure and compliance details
• Navan Integrations — Connector status and documentation

Next Steps

• Use navan-debug-bundle to collect full diagnostic data for support tickets
• Use navan-prod-checklist to harden your integration against future incidents
• Use navan-common-errors for detailed error code interpretation