Authentication methods
For every request a third party software client send, an authentication will take place. The authentication is made up out of an USERNAME and a PASSWORD. Different solutions are available for this.
Do not mix
In order to avoid any problems, a third party software client should only use one single authentication method.
1. Using HTTP Basic authentication
When opting for this authentication method, a third party software client must transfer an additional HTTP header besides the mandatory headers described in the chapter Transmission. The value to transmit ("QWxhZGRpbjpvcGVuIHNlc2FtZQ==" in our example) is obtained in 3 steps.
- USERNAME and PASSWORD are combined into a string "USERNAME:PASSWORD"
- The resulting string is then encoded using the RFC2045-MIME variant of Base64, except not limited to 76 char/line
- The authorization method and a space i.e. "Basic" is then put before the encoded string.
User-Agent: MyApplicationName Content-Type: text/xml; charset=utf-8 Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
2. Using the POS element in the XML body
When opting for this authentication method, a third party software client must include the POS element within the OTA message that is being transmitted to the Hotel-Spider servers.
<?xml version="1.0" encoding="utf-8"?> <OTA_HotelAvailNotifRQ ........> <POS> <Source> <RequestorID Type="5" ID="USERNAME" MessagePassword="PASSWORD"></RequestorID> </Source> </POS> ........ </OTA_HotelAvailNotifRQ>
3. Using the WSSE header (only when using SOAP)
When transmitting requests via SOAP, the authentication is done via WS-Security (Web Services Security)
<?xml version="1.0" encoding="utf-8"?> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Header> <wsse:Security soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <wsse:UsernameToken> <wsse:Username>USERNAME</wsse:Username> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">PASSWORD</wsse:Password> </wsse:UsernameToken> </wsse:Security> </soap:Header> <soap:Body> <OTA_HotelAvailNotifRQ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://www.opentravel.org/OTA/2003/05" xsi:schemaLocation="http://www.opentravel.org/OTA/2003/05 OTA_HotelAvailNotifRQ.xsd" TimeStamp="2012-10-05T14:20:50" Target="Test" Version="1.005"> <AvailStatusMessages> <AvailStatusMessage BookingLimit="25" LocatorID="1"> <StatusApplicationControl Start="2015-09-24" End="2015-09-24" InvTypeCode="*************"/> </AvailStatusMessage> </AvailStatusMessages> </OTA_HotelAvailNotifRQ> </soap:Body> </soap:Envelope>