Mandatory Surname Check for Order Retrieval using NDC 17.2 OrderRetrieve Service |
|---|
Effective Patch |
JANUARY PATCH |
APIs Affected |
Problem/ Issue |
Initially, we were able to retrieve the Order details using the NDC 17.2 OrderRetrieve service with OrderID alone. This was found as a security flaw since Order modification like cancellation, segment deletion can be done by anyone who can use a random OrderID. |
Solution |
From now onward, Surname will be a mandatory data for a Order retrieval along with OrderID using NDC 17.2 OrderRetrieve service |
Critical Impact |
LOW- This will not impact any breaking change to the consumption of iFlyRes 17.2 NDC APIs. This change will be enabled only up on request. |
Remarks |
This change will be access controlled one. Will be enabled for the channels upon request. |
Add Comment