/
NDC OrderRetrieve service mandatory Surname check
NDC OrderRetrieve service mandatory Surname check
Initially, we were able to retrieve the Order details using the NDC 17.2 OrderRetrieve service with OrderID alone. This was found as a security flaw since Order modification like cancellation, segment deletion can be done by anyone who can use a random OrderID.
Now as part of security check, we have introduced Surname as a mandatory field for OrderRetrieve along with OderID.
OrderRetrieve Request filter criteria will be as follows,
For a security check enabled channel, if any one tries to retrieve the Order using OrderID alone, we will be give an error message as follows,
This feature will be a access controlled and will be enabling based on the customer requirement.
Release Version : JANUARY21 patch IFLYRESPM-9828
, multiple selections available,
Related content
NDC Field Mapping Document
NDC Field Mapping Document
More like this
OrderCancelRQ
OrderCancelRQ
More like this
OrderReshopRQ-Reshop
OrderReshopRQ-Reshop
More like this
OrderListRQ
OrderListRQ
More like this
21.3 IATA_OrderViewRS (Order Cancel Flow)
21.3 IATA_OrderViewRS (Order Cancel Flow)
More like this
OrderCancelRS
OrderCancelRS
More like this