How to get a token

Learn how to get a token to call Sabre APIs.

Basic Steps

Prerequisites

You have spoken to a Sabre account manager and/or signed a contract with Sabre. You know to which environments you have access. You know to which Sabre APIs you have access.


Step 1 — Get your Sabre credentials

Your Sabre credentials get you access to the Sabre GDS.

Topics

Where to get your Sabre credentials

Get your Sabre credentials from your Sabre account manager.

How your credentials determine your access

  1. Access to get/use a token
  2. Access to Sabre APIs environments
  3. Access to your agency's subset of Sabre APIs
  4. Access to your agency's subset of Sabre APIs documentation on Dev Studio

What credentials you'll need

Identifier Description
Internet Pseudo City Code (iPCC) or Pseudo City Code (PCC) A PCC/iPCC are alphanumeric identifiers used to identify a travel agency of a Global Distribution System (GDS), such as Sabre. These control which functions your travel agency can perform in the Sabre system.
Employee Profile Record (EPR) An EPR is an individual profile of an employee within your travel agency. Your EPR controls which functions you (an employee of a travel agency) can perform in the Sabre GDS. Each EPR is linked to a PCC/iPCC.

No Sabre credentials?

If you want to take some of our REST APIs for a spin, register for a Dev Studio account and try them out in API Explorer, which contains a subset of our REST APIs, including utility APIs, Travel Insight Engine APIs, as well as the Bargain Finder Max API. This lets you take a subset of our REST APIs for a spin in the certification (a.k.a. test) environment.

If you want to take our SOAP APIs for a spin, contact us. We can put you in touch with a Sabre account manager and the credentials to test a subset of our APIs.

If you are ready to step up to the production level service, request a production key.


Step 2 — Construct your token credentials

Your token credentials are your signature to Sabre APIs.

Topics

Where to get your token credentials

You should receive your token credentials via email after your Sabre APIs order is created by your Sabre account manager.

What token credentials you'll receive

Domain
  • Your domain
  • Used to specify your application's Sabre audience
Password
  • Your Sabre APIs password

How to determine the token type

  1. Go to the list of Sabre APIs.
  2. Find the respective API using the in-page filters.
  3. On the documentation page, look under Authentication in the API Information box.
  4. "Sessionless" means the API accepts a sessionless token.
  5. "Session" means the API accepts a session token.
  6. NOTE some APIs accept both token types.

How to format your credentials

REST APIs

REST API customers must first construct a single base64-encoded string. Use one of two recommended options to construct your REST API sessionless token credentials in REST APIs: token credentials

SOAP APIs

SOAP API customers must format their request with their token credentials in the security node of the request header.

<wsse:Security xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/12/secext" xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/12/utility">
<wsse:UsernameToken>
 <wsse:Username>YOUR EPR</wsse:Username>
 <wsse:Password>YOUR PASSWORD</wsse:Password>
  <Organization>YOUR PCC</Organization>
  <Domain>YOUR DOMAIN</Domain>
</wsse:UsernameToken>
</wsse:Security>

No token credentials?

Still mulling things over? If you are not a current customer, register for a Dev Studio account and take a subset of our REST APIs for a spin in API Explorer.

Prospective customers can use their Dev Studio credentials to get a token and call any of the REST APIs available in API Explorer. To get your credentials: sign-in to Dev Studio, click My Account at the top right, then use your Client ID and Client Secret to create your single base64-encoded string. Use one of two recommended options to construct your REST API sessionless token credentials in REST APIs: token credentials, then follow the #get a token instructions.


Step 3 — Get a token

Your security token gets you connected to Sabre APIs.

Topics

Prerequisites

You must know the type of token supported by the API, have received your Sabre credentials, and constructed your token credentials. You must also know the environment you wish to call.

Introduction

Sabre APIs support two authentication mechanisms: sessionless tokens and session tokens. These security tokens are mapped to your Sabre credentials, are constructed of your token credentials and determine your authorization to call your agency's subset of Sabre APIs.

Tip: to call Sabre APIs in the certification environment, you must obtain a token from the certification environment (and vice versa for the production environment).

REST APIs sessionless authentication steps

Get a sessionless token to call a given REST API.

Step 1: call the method/endpoint

Field Description
URL
  • Required URL
  • Must be <environment>/v2/auth/token
Authorization
  • Required authorization header
  • Must be Authorization: Basic <string>
  • Must include your single base64-encoded string
Content-Type
  • Required content type header
  • Must be Content-Type: application/x-www-form-urlencoded
grant_type
  • Required grant type body
  • Must be grant_type: client_credentials
source_ip
  • Optional client source IP payload

An example sessionless token request body is shown below:

POST https://api.havail.sabre.com/v2/auth/token HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
Origin: chrome-extension://hgmloofddffdnphfgcellkdfbfbjeloo
Authorization: Basic VmpFNmRYTmxjbWxrT21keWIzVndPbVJ2YldGcGJnPT06TVRJek5EVT0=
Content-Type: application/x-www-form-urlencoded
Accept: */*
grant_type: client_credentials

Step 2: get the token from the response

VALID

If the request is valid, the body contains the token, token type and token expiration.

    {access_token: "T1RLAQLGvbv8bgEDtkUluJb1dBDQ1WJTfBB0OC9XwItgref4u2AKisF4AACQbcNl4UPCzFwNMMXq8VKPTNgXra2nTzlC6Ys45kuwac6d7noUiUb1X+v7rRO5XcNiSUxyie/gPYlPsoZHOWjaQ1pUjDQHJuBZAJ0swMAm2oDiER5HRgCac57GommwHaQNqzTlr4mUgbY6PwQNllIeluAOtKi+42yP+4h7oaWrN/ibm5OWae7dNxDrcwZquGDM",
    token_type: "bearer",
    expires_in: 604800}

NOT VALID

If the request is not valid, the server returns the following error message.

    {error : "invalid_client", error_description: "Credentials are missing or the syntax is not correct"}

UNAUTHORIZED

If the request is unauthorized, the server returns the following error message.

    {"error":"invalid_client","error_description":"Wrong clientID or clientSecret"}

See also: Sabre APIs: common errors.

Step 3: use the token in the request to call a given REST API

Send the sessionless token to the environment and API endpoint in the header when you call a given REST API.

Field Description
access_token
  • The sessionless token
token_type
  • The type of token returned
  • "Bearer"
expires_in
  • The time-to-live of the sessionless token in seconds
  • "604800"
Field Description
URL
  • The method, environment and endpoint for the REST API
  • Method must be UPPER CASE
  • Example: GET https://api.havail.sabre.com/v1/lists/supported/shop/themes
Authorization
  • The header with Authorization: Bearer your token

An example request to the Travel Theme Lookup API is shown below:

GET https://api.havail.sabre.com/v1/lists/supported/shop/themes HTTP 1.1
Authorization: Bearer T1RLAQLGvbv8bgEDtkUluJb1dBDQ1WJTfBB0OC9XwItgref4u2AKisF4AACQbcNl4UPCzFwNMMXq8VKPTNgXra2nTzlC6Ys46kuwac6d7noUiUb1X+v7rRO5XcNiSUxyie/gPYlPsoZHOWjaQ1pUjDQHJuCZAJ0swMAm2oDiER5HRgCac57GommwHaQNqzTlr4mUgbY6PwQNllIeluAOtKi+42yP+4h7oaWrN/ibm5OWae7dNxDrcwZquGDM

Step 4: test before you build

Use a client such as PostMan to begin sending requests, verify you have the appropriate access to your agency's subset of Sabre APIs before you start building. See also: REST APIs: PostMan requests.

Tip: a sessionless token obtained via REST APIs can also be used to call SOAP APIs (and vice versa).


SOAP APIs sessionless authentication steps

Get a sessionless token to call a given SOAP API.

Step 1: call the service action code

Call the Create Access Token API with your token credentials to get a sessionless token. NOTE the below steps include required parameters only. See also: the Create Access Token API for more information on optional parameters.

Field Description
eb:Action
  • Required service action code
  • Must be TokenCreateRQ
- See also:

An example of a sessionless token request is shown below:

    <?xml version="1.0" encoding="UTF-8"?>
    <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:eb="http://www.ebxml.org/namespaces/messageHeader" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xsd="http://www.w3.org/1999/XMLSchema">

    <SOAP-ENV:Header>
        <eb:MessageHeader SOAP-ENV:mustUnderstand="1" eb:version="1.0">
            <eb:ConversationId/>
            <eb:From>
                <eb:PartyId type="urn:x12.org:IO5:01">999999</eb:PartyId>
            </eb:From>
            <eb:To>
                <eb:PartyId type="urn:x12.org:IO5:01">123123</eb:PartyId>
            </eb:To>
            <eb:CPAId>IPCC</eb:CPAId>
            <eb:Service eb:type="OTA">TokenCreateRQ</eb:Service>
                <eb:Action>TokenCreateRQ</eb:Action>
                <eb:MessageData>
                <eb:MessageId>1000</eb:MessageId>
                <eb:Timestamp>2001-02-15T11:15:12Z</eb:Timestamp>
                <eb:TimeToLive>2001-02-15T11:15:12Z</eb:TimeToLive>
            </eb:MessageData>
        </eb:MessageHeader>
            <wsse:Security xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/12/secext">
                <wsse:UsernameToken>
                    <wsse:Username>USERNAME</wsse:Username>
                    <wsse:Password>PASSWORD</wsse:Password>
                    <Organization>IPCC</Organization>
                    <Domain>DEFAULT</Domain>
                </wsse:UsernameToken>
            </wsse:Security>
        </SOAP-ENV:Header>
        <SOAP-ENV:Body>
        <eb:Manifest SOAP-ENV:mustUnderstand="1" eb:version="1.0">
            <eb:Reference xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="cid:rootelement" xlink:type="simple"/>
        </eb:Manifest>
    </SOAP-ENV:Body>
    </SOAP-ENV:Envelope>

Step 2: get the token from the response

If the request is valid, the API will return a sessionless token.

Field Description
wsse:BinarySecurityToken
  • The sessionless token
eb:ConversationId
  • An optional field/ID you can create in-house to carry a token throughout the traveler's workflow to track search-to-book conversions
  • See also: Best practices: Conversation ID

An example of a sessionless token response is shown below:

  <?xml version="1.0" encoding="UTF-8"?>
    <soap-env:Envelope xmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/">
        <soap-env:Header>
            <eb:MessageHeader xmlns:eb="http://www.ebxml.org/namespaces/messageHeader" eb:version="1.0" soap-env:mustUnderstand="1">
                <eb:From>
                    <eb:PartyId eb:type="URI">123123</eb:PartyId>
                </eb:From>
                <eb:To>
                    <eb:PartyId eb:type="URI">999999</eb:PartyId>
                </eb:To>
                <eb:CPAId>IPCC</eb:CPAId>
                <eb:ConversationId>YourConversationId</eb:ConversationId>
                <eb:Service eb:type="sabreXML">TokenCreateRS</eb:Service>
                <eb:Action>TokenCreateRS</eb:Action>
                <eb:MessageData>
                    <eb:MessageId>be5031b4-f539-47e0-8a34-8db0e7b8c7bb@19</eb:MessageId>
                    <eb:Timestamp>2015-09-30T15:22:20</eb:Timestamp>
                    <eb:RefToMessageId>1000</eb:RefToMessageId>
                </eb:MessageData>
            </eb:MessageHeader>
            <wsse:Security xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/12/secext">
                <wsse:BinarySecurityToken valueType="String" EncodingType="wsse:Base64Binary">T1RLAQKvhOegyUujiZpE+uDAjHHmRfRmxRDDuJCPlszyUSmyhKGXWR0JAACgeveXEFWUPWzsmw9+Ihd9BSDYEtpikXHi8yJ9iW7vXgJpDNqnktLD4W8P7UP3zdra5szeuNXQB3yNbkjcK+3Vl1Gr/f8g00qU8ZhtzIBVz/PoD48GuaxNH7/Uq7ZztI1bXu7ve9NEW6tVsp6qxbt9Jatn/B5IXf2t+T7S2l5QJU46kNg3r1H0ndhCp/pDwVT3FIo8sVSnWNZbIvUhrH6gQg**</wsse:BinarySecurityToken>
            </wsse:Security>
        </soap-env:Header>
        <soap-env:Body>
            <eb:Manifest xmlns:eb="http://www.ebxml.org/namespaces/messageHeader" eb:id="Manifest" eb:version="1.0">
                <eb:Reference eb:id="TokenCreateRS" xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="cid:TokenCreateRS">
                    <eb:Description xml:lang="en-US">Token Create Response Message</eb:Description>
                </eb:Reference>
            </eb:Manifest>
        </soap-env:Body>
    </soap-env:Envelope>

Store the session token in <eb:BinarySecurityToken> for step 3.

Step 3: use the token in the request to call a given SOAP API

Include the sessionless token in the header when you call a given SOAP API.

Field Description
wsse:BinarySecurityToken
  • The sessionless token obtained from step 2
eb:Action
  • The service action code
  • Sample value: BargainFinderMaxRQ

Part of an example of a subsequent request to the Bargain Finder Max API is shown below:

  <?xml version='1.0' encoding='UTF-8'?>
    <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
        <SOAP-ENV:Header>
            <eb:MessageHeader xmlns:eb="http://www.ebxml.org/namespaces/messageHeader" SOAP-ENV:mustUnderstand="0">
                <eb:From>
                    <eb:PartyId eb:type="urn:x12.org:IO5:01">from</eb:PartyId>
                </eb:From>
                <eb:To>
                    <eb:PartyId eb:type="urn:x12.org:IO5:01">ws</eb:PartyId>
                </eb:To>
                <eb:CPAId>YOURPCC</eb:CPAId>
                <eb:ConversationId>YourConversationId</eb:ConversationId>
                <eb:Service eb:type="sabreXML"></eb:Service>
                <eb:Action>BargainFinderMaxRQ</eb:Action>
                </eb:MessageData>
            </eb:MessageHeader>
            <eb:Security xmlns:eb="http://schemas.xmlsoap.org/ws/2002/12/secext" SOAP-ENV:mustUnderstand="0">
                <eb:BinarySecurityToken> T1RLAQKvhOegyUujiZpE+uDAjHHmRfRmxRDDuJCPlszyUSmyhKGXWR0JAACgeveXEFWUPWzsmw9+Ihd9BSDYEtpikXHi8yJ9iW7vXgJpDNqnktLD4W8P7UP3zdra5szeuNXQB3yNbkjcK+3Vl1Gr/f8g00qU8ZhtzIBVz/PoD48GuaxNH7/Uq7ZztI1bXu7ve9NEW6tVsp6qxbt9Jatn/B5IXf2t+T7S2l5QJU46kNg3r1H0ndhCp/pDwVT3FIo8sVSnWNZbIvUhrH6gQg**</eb:BinarySecurityToken>
            </eb:Security>
        </SOAP-ENV:Header>
        <SOAP-ENV:Body>
            <eb:OTA_AirLowFareSearchRQ...
              ...
                    ...
                       [NOTE: see Bargain Finder Max API
                       documentation for a sample request.]
                    ...
              ...
            </eb:OTA_AirLowFareSearchRQ>
        </SOAP-ENV:Body>
    </SOAP-ENV:Envelope>

Step 4: test before you build

Use a client such as SoapUI and our plug-and-play project file on GitHub to get a session token and call the Bargain Finder Max API. (Access to Bargain Finder Max is required.)

SOAP APIs session authentication steps

Get a session token to call a given SOAP API.

Step 1: call the service action code

Call the Create Session API with your token credentials to get a session token. NOTE the below steps include required parameters only. See also: the Create Session API for more information on optional parameters.

Field Description
eb:Action
  • The service action code
  • Must be SessionCreateRQ
See also:

An example of a session token request is shown below:

<?xml version="1.0" encoding="UTF-8"?>
  <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:eb="http://www.ebxml.org/namespaces/messageHeader" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xsd="http://www.w3.org/1999/XMLSchema">
    <SOAP-ENV:Header>
        <eb:MessageHeader SOAP-ENV:mustUnderstand="1" eb:version="1.0">
            <eb:ConversationId/>
            <eb:From>
                <eb:PartyId type="urn:x12.org:IO5:01">999999</eb:PartyId>
            </eb:From>
            <eb:To>
                <eb:PartyId type="urn:x12.org:IO5:01">123123</eb:PartyId>
            </eb:To>
            <eb:CPAId>IPCC</eb:CPAId>
            <eb:Service eb:type="OTA">SessionCreateRQ</eb:Service>
            <eb:Action>SessionCreateRQ</eb:Action>
            <eb:MessageData>
                <eb:MessageId>1000</eb:MessageId>
                <eb:Timestamp>2001-02-15T11:15:12Z</eb:Timestamp>
                <eb:TimeToLive>2001-02-15T11:15:12Z</eb:TimeToLive>
            </eb:MessageData>
        </eb:MessageHeader>
        <wsse:Security xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/12/secext" xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/12/utility">
            <wsse:UsernameToken>
                <wsse:Username>USERNAME</wsse:Username>
                <wsse:Password>PASSWORD</wsse:Password>
                <Organization>IPCC</Organization>
                <Domain>DEFAULT</Domain>
            </wsse:UsernameToken>
        </wsse:Security>
    </SOAP-ENV:Header>
    <SOAP-ENV:Body>
        <eb:Manifest SOAP-ENV:mustUnderstand="1" eb:version="1.0">
            <eb:Reference xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="cid:rootelement" xlink:type="simple"/>
        </eb:Manifest>
    </SOAP-ENV:Body>
  </SOAP-ENV:Envelope>

Step 2: get the token from the response

If the request is valid, the API will return a session token (and conversation ID, if applicable).

Field Description
wsse:BinarySecurityToken
  • The session token
eb:ConversationId
  • An optional field/ID you can create in-house to carry a token throughout the traveler's workflow to track search-to-book conversions
  • See also: Best practices: Conversation ID

VALID

An example of a session token response is shown below:

  <?xml version="1.0" encoding="UTF-8"?>
  <soap-env:Envelope xmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/">
  <soap-env:Header>
    <eb:MessageHeader xmlns:eb="http://www.ebxml.org/namespaces/messageHeader" eb:version="1.0" soap-env:mustUnderstand="1">
        <eb:From>
            <eb:PartyId eb:type="URI">123123</eb:PartyId>
        </eb:From>
        <eb:To>
            <eb:PartyId eb:type="URI">999999</eb:PartyId>
        </eb:To>
        <eb:CPAId>IPCC</eb:CPAId>
        <eb:ConversationId>YourConversationId</eb:ConversationId>
        <eb:Service eb:type="sabreXML">SessionCreateRS</eb:Service>
        <eb:Action>SessionCreateRS</eb:Action>
        <eb:MessageData>
            <eb:MessageId>be5031b4-f539-47e0-8a34-8db0e7b8c7bb@19</eb:MessageId>
            <eb:Timestamp>2015-09-30T15:22:20</eb:Timestamp>
            <eb:RefToMessageId>1000</eb:RefToMessageId>
        </eb:MessageData>
    </eb:MessageHeader>
    <wsse:Security xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/12/secext">
        <wsse:BinarySecurityToken valueType="String" EncodingType="wsse:Base64Binary">Shared/IDL:IceSess\/SessMgr:1\.0.IDL/Common/!ICESMS\/RESH!ICESMSLB\/RES.LB!-3485631637434281295!472007!0</wsse:BinarySecurityToken>
    </wsse:Security>
  </soap-env:Header>
  <soap-env:Body>
    <eb:Manifest xmlns:eb="http://www.ebxml.org/namespaces/messageHeader" eb:id="Manifest" eb:version="1.0">
        <eb:Reference eb:id="SessionCreateRS" xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="cid:SessionCreateRS">
            <eb:Description xml:lang="en-US">Session Create Response Message</eb:Description>
        </eb:Reference>
    </eb:Manifest>
  </soap-env:Body>
  </soap-env:Envelope>

Store the session token in <eb:BinarySecurityToken> for step 3.

NOT VALID

If the request is not valid, the server returns the following error message:

  <soap-env:Body>
    <soap-env:Fault>
      <faultcode>soap-env:Client.InvalidSecurityToken</faultcode>
      <faultstring>Invalid or Expired binary security token: Shared/IDL:IceSess\/SessMgr:1\.0.IDL/Common/!ICESMS\/RESB!ICESMSLB\/RES.LB!-4766997140656846583!105529!0</faultstring>
      <detail>
          <StackTrace>com.sabre.universalservices.base.session.SessionException: errors.session.USG_INVALID_SECURITY_TOKEN</StackTrace>
      </detail>
    </soap-env:Fault>
  </soap-env:Body>

Step 3: use the token in the request to call a given SOAP API

Use the session token in <eb:BinarySecurityToken> from the SessionCreateRS response (above).

Field Description
wsse:BinarySecurityToken The session token obtained in step 2

An example of a subsequent request (with token credentials in the header) to the Hotel Availability API (OTA_HotelAvailRQ) is shown below:

  <?xml version='1.0' encoding='UTF-8'?>
    <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
        <SOAP-ENV:Header>
            <eb:MessageHeader xmlns:eb="http://www.ebxml.org/namespaces/messageHeader" SOAP-ENV:mustUnderstand="0">
                <eb:From>
                    <eb:PartyId eb:type="urn:x12.org:IO5:01">from</eb:PartyId>
                </eb:From>
                <eb:To>
                    <eb:PartyId eb:type="urn:x12.org:IO5:01">ws</eb:PartyId>
                </eb:To>
                <eb:CPAId>YOURPCC</eb:CPAId>
                <eb:ConversationId>YourConversationId</eb:ConversationId>
                <eb:Service eb:type="sabreXML"></eb:Service>
                <eb:Action>OTA_HotelAvailLLSRQ</eb:Action>
            </eb:MessageHeader> <eb:Security xmlns:eb="http://schemas.xmlsoap.org/ws/2002/12/secext" SOAP-ENV:mustUnderstand="0">
                <eb:BinarySecurityToken>Shared/IDL:IceSess\/SessMgr:1\.0.IDL/Common/!ICESMS\/CERTG!ICESMSLB\/CRT.LB!-3488060046525942493!102430!0</eb:BinarySecurityToken>
            </eb:Security>
        </SOAP-ENV:Header>
        <SOAP-ENV:Body>
            <eb:OTA_HotelAvailRQ xmlns:eb="http://webservices.sabre.com/sabreXML/2003/07" TimeStamp="2011-01-26T12:30:00-06:00" Version="1.10.1">
                <eb:POS>
                    <eb:Source PseudoCityCode="YOURPCC" /></eb:POS>
                <eb:AvailRequestSegments>
                    <eb:AvailRequestSegment>
                        <eb:StayDateRange Start="11-10" End="11-15" />
                        <eb:RoomStayCandidates>
                            <eb:RoomStayCandidate>
                                <eb:GuestCounts>
                                    <eb:GuestCount Count="1" /></eb:GuestCounts>
                            </eb:RoomStayCandidate>
                        </eb:RoomStayCandidates>
                        <eb:HotelSearchCriteria xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="eb:HotelSearchCriteria_type0">
                            <eb:Criterion>
                                <eb:HotelRef HotelCityCode="DFW" /></eb:Criterion>
                        </eb:HotelSearchCriteria>
                    </eb:AvailRequestSegment>
                </eb:AvailRequestSegments>
            </eb:OTA_HotelAvailRQ>
        </SOAP-ENV:Body>
    </SOAP-ENV:Envelope>

Step 4: test before you build

Use a client such as SoapUI and our plug-and-play project file on GitHub to get a session token and call the Bargain Finder Max API. (Access to Bargain Finder Max is required.)

Step 5: terminate the session token/session

Call the Close Session API to render the session token invalid and release the allocated session token/session resources back to you. (Include the values for eb:ConversationId, eb:CPAId and wsse:BinarySecurityToken). Important! if you do not make use of Close Session API, you risk running out of session tokens/session resources.

An example request is shown below:

  <SOAP-ENV:Header>
    <eb:MessageHeader xmlns:eb=" http://www.ebxml.org/namespaces/messageHeader " eb:version="1.0 " soap-env:mustUnderstand="1 ">
        <eb:From>
            <eb:PartyId eb:type="URI ">123123</eb:PartyId>
        </eb:From>
        <eb:To>
            <eb:PartyId eb:type="URI ">999999</eb:PartyId>
        </eb:To>
        <eb:CPAId>IPCC</eb:CPAId>
        <eb:ConversationId>YourConversationId</eb:ConversationId>
        <eb:Service eb:type="sabreXML ">SessionCloseRQ</eb:Service>
        <eb:Action>SessionCloseRQ</eb:Action>
        <eb:MessageData>
            <eb:MessageId>ba8a19cc-7fdc-443c-bc97-b86100b4c332@33</eb:MessageId>
            <eb:RefToMessageId>1000</eb:RefToMessageId>
            <eb:Timestamp>2005-10-31T21:13:02</eb:Timestamp>
        </eb:MessageData>
    </eb:MessageHeader>
    <wsse:Security xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/12/secext ">
        <wsse:BinarySecurityToken valueType="String " EncodingType="wsse:Base64Binary "> Shared/IDL:IceSess\/SessMgr:1\.0.IDL/Common/!ICESMS\/RESB!ICESMSLB\/RES.LB!-4766997140656846583!105529!0
        </wsse:BinarySecurityToken>
    </wsse:Security>
  </SOAP-ENV:Header>
  <SOAP-ENV:Body>
    <eb:SessionCloseRQ xmlns:eb="http://webservices.sabre.com/sabreXML/2003/07 " TimeStamp="2011-01-26T12:30:00-06:00 " Version="1.0.1 ">
        <eb:POS>
            <eb:Source PseudoCityCode="IPCC " />
            </eb:POS>
            </eb:SessionCloseRQ>
  </SOAP-ENV:Body>

What's next?

How to manage a token

Learn how to manage a security token.


Related tasks


Frequently asked questions (FAQs)

Does it matter which credentials I use to access Sabre APIs?
Yes. You must use the Sabre credentials issued by your Sabre account manager. Whether or not you are issued a PCC or iPCC depends on your type of travel agency.

I'm just trying things out and am not a customer yet. Can I use my API Explorer client ID and client secret to create my token credentials?
Yes. Sign-in to Dev Studio, click My Account at the top right, then use your Client ID and Client Secret to create your single base64-encoded string according to REST APIs: token credentials then get a sessionless token (using the steps on this page)—you can use this token to call any of the REST APIs available in API Explorer.

I'm a current customer. Can I use my API Explorer client ID and client secret to create my token credentials?
Not recommended. Keep in mind that these are test credentials, are not permanent, and only allow you to access the publicly-available REST APIs in our certification environment. If you are a current customer, you must use the Sabre credentials provided by your Sabre account manager.

Do I use the same credentials for REST and SOAP APIs?
Yes. You should use the same token credentials (PCC, EPR, etc.) for both REST and SOAP APIs. The only difference is the domain and in the way you construct your token credentials. Use the steps on this page.

My agency was issued more than one EPR or PCC, can I use any of those?
Check with your Sabre account manager. An agency may be issued one or more PCCs/iPCCs or EPRs. These credentials are often granted unique permissions. Access may vary.

How do I know which kind of token is supported for an API?
Check the API's documentation page under "Authentication Type." Browse from our list of all APIs.

How do I get 50 tokens?
Calling one of our authentication APIs 1 time gets you 1 token. Calling it 50 times gets you 50 tokens.

Can I get a token from the certification environment to call an API in the production environment?
No. You can only use a token in the same environment where you obtained it. In other words, if you get a token from the certification environment, you can only call an API in the certification environment.

Why don't I have access to an API that is part of my contract?
Verify you are using the correct PCC and EPR in your token credentials. If you are not using the correct PCC in your token credentials to a given API, you won't have access to your agency's specific subset of Sabre APIs. If you know you are using the correct credentials, contact your Sabre account manager.

Why can't I access the Bargain Finder Max API?
The Bargain Finder Max API requires customers to sign a special amendment. Contact your Sabre account manager for details.

Are sessionless tokens available for all APIs?
No, but we're working to enable sessionless token authentication for more Sabre APIs. Stay tuned! Ask your Sabre account manager to add you to our email distribution list.

What's wrong with my request?
Check documentation for the Sabre APIs you wish to call to be sure the request is valid and you have provided the required data elements. See also: Sabre APIs: errors.

Do I always have to close a session (token)?
Always. If you let session tokens time out instead of closing them properly with the Close Session API, it is possible that all session tokens/sessions in your pool will be in use and unavailable.

Are all time-out values for session tokens the same?
No. The default is 15 minutes and is set when your Sabre and token credentials are created. Contact your Sabre account manager for details.

How can I prevent a session token from expiring?
To prevent a Sabre session from timing out, you can send a request to any Sabre API. We recommend calling the Refresh Session API, which is a simple ping and easily integrated into your workflow.


Stack Overflow

Ask a question with the Stack Overflow community.
Ask Questions