What is it?
This API is a utility service exposing an authentication endpoint which generates an ATK access token, which enables access to other Sabre APIs. It follows the OAuth2 specification to delegate access to Sabre's resources.
Why use it?
Access token gets you connected to Sabre APIs. Once created, the session less token may be used with multiple calls as long as it is valid and not expired. Using access tokens is a more secure way to authenticate and authorize users, which is why Sabre restricts access using this approach.
How it works
Version v3 introduces the trusted developer application ClientID as an addition to user credentials (EPR and password) and new grant_type 'password'.
Accessing Sabre APIs works as follows:
- If you do not have user credentials (EPR - user-group-domain triplet) or a clientID contact your account manager for provisioning.
- Call the /v3/auth/token API. In response you will get an access token.
- Use the access token in Sabre APIs business calls:
- REST API: Authorization http header with Bearer prefix, eg:
Authorization: Bearer T1RLAQKvhOegyUujiZpE+uDAjHHmRfRmxRDDuJCPlszyUSmyhKGXWR0JAACgeveXEFWUPWzsmw9+Ihd9BSDYEtpikXHi8yJ9iW7vXgJpDNqnktLD4W8P7UP3zdra5szeuNXQB3yNbkjcK+3Vl1Gr/f8g00qU8ZhtzIBVz/PoD48GuaxNH7/Uq7ZztI1bXu7ve9NEW6tVsp6qxbt9Jatn/B5IXf2t+T7S2l5QJU46kNg3r1H0ndhCp/pDwVT3FIo8sVSnWNZbIvUhrH6gQg**
- SOAP API: <wsse:BinarySecurityToken> element in <wsse:Security> eg.:
... <wsse:Security xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/12/secext"> <wsse:BinarySecurityToken valueType="String" EncodingType="wsse:Base64Binary">T1RLAQKvhOegyUujiZpE+uDAjHHmRfRmxRDDuJCPlszyUSmyhKGXWR0JAACgeveXEFWUPWzsmw9+Ihd9BSDYEtpikXHi8yJ9iW7vXgJpDNqnktLD4W8P7UP3zdra5szeuNXQB3yNbkjcK+3Vl1Gr/f8g00qU8ZhtzIBVz/PoD48GuaxNH7/Uq7ZztI1bXu7ve9NEW6tVsp6qxbt9Jatn/B5IXf2t+T7S2l5QJU46kNg3r1H0ndhCp/pDwVT3FIo8sVSnWNZbIvUhrH6gQg**</wsse:BinarySecurityToken> </wsse:Security> ...
- REST API: Authorization http header with Bearer prefix, eg:
How to use
Send the request for acquiring an authentication ATK session token.
Endpoints information
Authentication
-
Authentication without two factor authentication
The request requires the following:
- application/x-www-form-urlencoded as
Content-Type
header - clientId credentials encoded with base64 algorithm passed as Authorization header (
Authorization: Basic base64(cliendId:clientSecret)
) - user credentials(EPR) in form user-group-domain as
username
body parameter - EPR password as
password
body parameter - password as a
grant_type
body parametercurl --request POST \ --header "Content-Type: application/x-www-form-urlencoded" \ --header "Authorization: Basic [Base64(clientId:clientSecret)]" \ -d "grant_type=password&username=ugt4binobrc3kyy8-DEVCENTER-EXT&password=abcd1234" \ https://api.platform.sabre.com/v3/auth/token
In a successful response, you will get the following:
{
"access_token": "T1RLAQJnxo/ptzEjQc75wV+AiaBCXAyHkRBxph6xNhkZvUzxPom2MKACAACQnl4vSYlcOYQnv6xf4Eytihqxn0mWTDEG1vT6BxlKbRTQSc3WnU51/BFL8ifFEngT3Zr4jqpc7ATARVOHnKLGMra9KR6a9SiM8Qtv+Ct/kDg7qFRnoUWBkDjb43QimidHmE1bHyNsrlp2Fdpjw+1jSPRfsk/HTZZQjEzMIh1yakmj0prNYWvFnPhmfkkhRvQ6",
"expires_in": 604800,
"token_type": "bearer"
}where
access_token
is atk session token,expires_in
is a TTL for this token given in seconds. - application/x-www-form-urlencoded as
-
Errors:
-
Missing
grant_type
parameter in the body.{
"error":"invalid_request",
"error_description":"Invalid payload: grant_type must be specified"
}status code 401
-
Not supported grant type was send.
{
"error":"invalid_request",
"error_description":"Invalid grant type. The only supported type is 'password'"
}status code 401
-
Invalid HTTP method. Only POST supported.
{
"error":"invalid_request",
"error_description":"HTTP method not allowed"
}status code 401
-
Invalid
Content-Type
. Only application/x-www-form-urlencoded.{
"error":"invalid_request",
"error_description":"Incorrect Content-Type. Only application/x-www-form-urlencoded is allowed"
}status code 401
-
Either clienId or user EPR authentication failed.
{
"error":"invalid_client",
"error_description":"Wrong clientID or clientSecret"
}status code 401
-
Security data was not present in request or are invalid e.g. credentials are encoded wrong.
{
"error":"invalid_client",
"error_description":"Credentials are missing or the syntax is not correct"
}status code 401
-