Overview
By default, all the API requests are authorized before they are served by the particular service. Therefore, all the requests should be submitted with a valid authorization token.
Clients need to login-in into the system before being able to use the services. A session id is provided on successful login in. This id needs to be passed along with every request then on. A session is valid only for a fixed duration of time(6h). Post which re-signing is required.
Authentication flow
- Client need to sign-in into the system before being able to use the services.
- A session id is provided on successful signing in.
- This id needs to be passed along with every request then on.
- A session is valid only for a fixed duration of time, and it is 6 hour(Duration is configurable). Post which re-logging is required(Creating new session). However, supplier(Amadeus,Saber etc...) time out will be depend on the supplier.
API services to be exposed
| API Call | API end point(POST) | Request message | Response message |
|---|---|---|---|
| Log-In | /api/v1/auth/login | loginRequest |
loginResponse |
| Log-Out | /api/v1/auth/logout | logoutRequest |
logoutResponse |