Security
Security Policy
Security policy intended for the Digital Connect Check-In API leverages public Sabre API gateway for security and throttling by:
- Accepting only TLS 1.2 connections
- Handling authentication, authorization and session management
- Providing support for Cross-Origin Resource Sharing (CORS).
Accessing Digital Connect Check-In API
The communication with Digital Connect Check-In API is done through a standard HTTP messages exchange. The requests need to contain the following HTML headers:
- Authorization
- Accept
- Content-Type
Obtaining an Authorization Token from 2SG
To use the Authorization header, an authorization token (ATK or ATH) needs to be acquired from the gateway. The procedure for this is outlined on the following page in Sabre Dev Studio:
https://developer.sabre.com/guides/travel-agency/how-to/get-token
Digital Connect Check-In uses OAuth 2.0 token protocol for authentication and authorization. Before any service is invoked, an access token must be obtained and passed as a HTTP header. Token can be created by calling a 2SG endpoint containing unique Client ID.
``` POST /v2/auth/token Host: api.havail.sabre.com Authorization: Basic c2VjcmV0LXNhYnJlLWV4YW1wbGU= Content-Type: application/x-www-form-urlencoded grant_type=client_credentials ```
The response contains an access token (ATK) with expiry information.
``` { "access_token": "authentication_token>", "token_type": "bearer", "expires_in": 604800 } ```
Header Requirements for Digital Connect Check-In Services
The header requirements are different for GET and POST HTTP methods.
HTTP GET
The following headers must be passed for GET method:
Header name |
Header Value |
---|---|
Accept |
application/json |
Authorization |
Bearer <authentication_token> |
HTTP POST
The following headers must be passed for POST method:
Header name |
Header Value |
---|---|
Accept |
application/json |
Content-Type |
application/json |
Authorization |
Bearer <authentication_token> |
Digital Connect Check-In Service URLs
Individual Digital Connect Check-In service URL combines the Sabre API gateway URL with a service path. For example, the /passenger/details service is invoked by combining the URL as follows:
https://gateway/version/provider/service_path
Additionally, the point-of-sale/storefront code needs to be provided as a query parameter under jipcc
key.
Currently all Digital Connect Check-In services are available under version v2
and provider dcci
. Therefore the services' URLs follow a pattern:
https://gateway/v2/dcci/service_path
For example, for the production Sabre API gateway it is:
https://api.havail.sabre.com/v2/dcci/passenger/details?jipcc=X0C0
Other examples of the Digital Connect Check-In service URLs are given in the following table:
Service Name |
Service URL |
Supported HTTP Methods |
---|---|---|
Passenger details |
/passenger/details?jipcc=<storefront> |
GET, POST |
Check in baggage |
/baggage/checkin?jipcc=<storefront> |
POST |
Check in passenger |
/passenger/checkin?jipcc=<storefront> |
POST |
Parameter Types
Many services take one or more parameters, either as query parameters, URL path elements or in the request body. The parameters reference the standard JavaScript types as follow:
Parameter Type |
Meaning |
---|---|
String |
Any String (string literal with optional validation) |
Boolean |
A logical |
Number |
A value that is numeric - either integer or decimal |
String ENUM(values) |
A predefined list of string values. For example, |
JSON Data
The responses of the Digital Connect Check-In services are of JSON type. More information about this data format can be found at https://www.w3schools.com/whatis/whatis_json.asp