iFlyRes NDC API Authentication Mechanism
- Sreejith S R (Unlicensed)
- Abdul Rehuman M P (Unlicensed)
Guideline for implementing Authentication
1 Introduction
To assist API consumers in implementing the authentication.
This document details the following:
User credentials to be provided as part of each service request.
Authentication mechanism and credentials hand over.
Sample code to demonstrate the invocation of iFly Res API with credentials
2 User Credentials
iFlyRes API service layer authenticates each service request with a unique API_ACCESS_KEY(case-insensitive). This is to ensure that only trusted API consumers are invoking the services. This field is expected as HTTP header field or Soap Header Field in the service request. The field is as follows:
API_ACCESS_KEY : provided by IBS(iFlyRes) / Airline to the API consumers for both staging/production services.
The API_ACCESS_KEY should be provided for each service invocation. This field is expected on the HTTP or Soap header of every service request.
Service requests invoked without the API_ACCESS_KEY will not be processed and such incidents will be tracked and recorded to prevent unauthorized access.
API consumers are expected not to exchange the API_ACCESS_KEY to any third party without communication and approval from IBS.
3 Authentication mechanism and credentials hand over
iFlyRes API maintains API_ACCESS_KEY for all trusted users in the user store. From the HTTP header of the service request, API layer validates the exact match of API_ACCESS_KEY with the one in the User store.
API consumers will be provided with the API_ACCESS_KEY for both staging and production services. The API_ACCESS_KEY will be provided in a separate mail/phone after the API specification is provided.
4 Sample Code to demonstrate the invocation of iFlyRes API with credentials in HTTP Header
The sample code below demonstrates how API_ACCESS_KEY can be passed along with the service request. (The example is based on java and CXF library)
#Invocation Class... ..... // Creating HTTP headers Map<String, List<String>> headers = new HashMap<String, List<String>>(); headers.put("API_ACCESS_KEY", Collections.singletonList("<apiaccesskey provided by IBS>")); // Add HTTP headers to the web service request bindingPort.getRequestContext().put(MessageContext.HTTP_REQUEST_HEADERS, headers);...... |
5 Sample Code snippet to demonstrate the invocation of iFlyRes API with credentials in SOAP Header
iFlyRes API service layer authenticates each service request with API_ACCESS_KEY. This is to ensure that only trusted API consumers are invoking the services. These fields are expected as Soap header fields in the service request as shown below:
