...
Mandatory Surname Check for Order Retrieval using NDC 17.2 OrderRetrieve Service | ||||||
---|---|---|---|---|---|---|
Effective Patch | ||||||
| ||||||
APIs Affected | ||||||
Problem/ Issue | ||||||
Initially, we were able to retrieve the Order details using the NDC 17.2 OrderRetrieve service with OrderID alone. This was found as a security flaw since Order modification like cancellation, segment deletion can be done by anyone who can use a random OrderID. | ||||||
Solution | ||||||
From now onward, Surname will be a mandatory data for a Order retrieval along with OrderID using NDC 17.2 OrderRetrieve service.More Information | ||||||
Critical ImpactBackward Compatibility | ||||||
LOW- This will not impact any breaking change to the consumption of iFlyRes 17.2 NDC APIs. This change will be enabled only up on request. | ||||||
Remarks | ||||||
This change will be access controlled one. Will be enabled for the channels upon request. |
...