Authentication Mechanism in iFlyRES

Owned by Sreejith S R (Unlicensed)
Jan 15, 2020
2 min read

Guideline for implementing Authentication

1   Introduction

The scope of this document is to highlight the authentication mechanism to be implemented by the API consumers when interfacing with iFly Res API. This document does not detail the use of iFly Res API features, but is made to assist API consumers in implementing the authentication. For details of the API schemas refer the following documents:

  • iFly Res_SAD_BookingAPI_Design.pdf

This document details the following:

  1. User credentials to be provided as part of each service request.

  1. Authentication mechanism and credentials hand over.

  1. Sample code to demonstrate the invocation of iFly Res API with credentials

2   User Credentials

iFlyRes API service layer authenticates each service request with a unique API_ACCESS_KEY(case-insensitive). This is to ensure that only trusted API consumers are invoking the services. This field is expected as HTTP header field or Soap Header Field in the service request. The field is as follows:

  • API_ACCESS_KEY: provided by IBS(iFlyRes) to the API consumers for both staging/production services

The API_ACCESS_KEY should be provided for each service invocation. This field is expected on the HTTP or Soap header of every service request.

Service requests invoked without the API_ACCESS_KEY will not be processed and such incidents will be tracked and recorded to prevent unauthorized access.

API consumers are expected not to exchange the API_ACCESS_KEY to any third party without communication and approval from IBS. 

3   Authentication mechanism and credentials hand over

IFly Res API maintains API_ACCESS_KEY for all trusted users in the user store. From the HTTP header of the service request, API layer validates the exact match of API_ACCESS_KEY with the one in the User store.

API consumers will be provided with the API_ACCESS_KEY for both staging and production services. The API_ACCESS_KEY will be provided in a separate mail/phone after the API specification is provided. 

4     Sample Code to demonstrate the invocation of iFlyRes API with credentials in HTTP Header

The sample code below demonstrates how API_ACCESS_KEY can be passed along with the service request. (The example is based on java and CXF library) 

#Invocation Class...

.....

// Creating HTTP headers

Map<String, List<String>> headers = new HashMap<String, List<String>>();

headers.put("API_ACCESS_KEY", Collections.singletonList("<apiaccesskey provided by IBS>"));

// Add HTTP headers to the web service request  

               bindingPort.getRequestContext().put(MessageContext.HTTP_REQUEST_HEADERS,     headers);......

 

5     Sample Code snippet to demonstrate the invocation of iFlyRes API with credentials in SOAP Header

iFlyRes API service layer authenticates each service request with API_ACCESS_KEY. This is to ensure that only trusted API consumers are invoking the services. These fields are expected as Soap header fields in the service request as shown below:

 

Â