Authentication
NDC (New Distribution Capability) APIs often use authentication mechanisms to ensure secure access. NDC APIs require an Authorization header in the HTTP request. This header typically contains a Base64- encoded string of user credentials (username and password).
NDC (New Distribution Capability) APIs often use authentication mechanisms to ensure secure access.
POST: v1/ndc-booking
| Header Type | Header | Value |
|---|---|---|
| Sample RQ Header | HTTP Method | POST |
| URL | v21.3/Authentication | |
| Headers | Ocp-Apim-Subscription-Key Authorization | |
| HTTP Version | HTTP/1.1 | |
| Content Type | Application/Xml; Charset=Utf-8 | |
| Host | client.ndc.navitaire.com | |
| Content Length | 2101 | |
| Expect | 100-continue | |
| Accept-Encoding | gzip, deflate | |
| Connection | Keep Alive | |
| Sample RS Header | HTTP Version & Status Code | HTTP/1.1 200 OK |
| Content-Type | Application/Xml; Charset=Utf-8 | |
| Cache-Control | Private | |
| Content-Encoding | gzip | |
| Vary | Accept Encoding | |
| Accept | application/JSON |
Below is an example of an XML snippet
Auth Request
Below is a sample XML request of the Aviation APIs:
{
"grant_type":"client_credentials"
}
Auth Response
Below is a sample XML response of the Aviation APIs:
{ "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuc2stc2lnbmF0dXJlIjoiZXlKaGJHY2lPaUpTVXpJMU5pSXNJblI1Y0NJNklrcFhWQ0o5LmV5SnFkR2tpT2lJek9HVmhOakkwWXkweFptUTVMVFF4WVdFdFlqY3lOQzFqTXpSaU1tUXdObVJoT0RjaUxDSnpaWE56YVc5dVNVUWlPaUk1TmpRMU5EWTBOU0lzSW1GblpXNTBTVVFpT2lJeE9ETTVPVGt5TUNJc0ltUnZiV0ZwYmtOdlpHVWlPaUpYVjFjaUxDSmhaMlZ1ZEU1aGJXVWlPaUpRVTFOQlVFa2lMQ0p2Y21kaGJtbDZZWFJwYjI1RGIyUmxJam9pVkVWVFZFRlFTU0lzSW5KdmJHVkRiMlJsSWpvaVVrTlVWQ0lzSW1Ob1lXNXVaV3hVZVhCbElqb2lRVkJKSWl3aWMzbHpkR1Z0Vkhsd1pTSTZJbGRsWWxObGNuWnBZMlZ6UVZCSklpd2lZMnhwWlc1MFRtRnRaU0k2SWxkbFlsTmxjblpwWTJWelFWQkpJaXdpWTNWc2RIVnlaVU52WkdVaU9pSmxiaTFWVXlJc0ltTjFjbkpsYm1ONVEyOWtaU0k2SWxWVFJDSXNJbXh2WTJGMGFXOXVRMjlrWlNJNklsZFhWeUlzSW5CbGNuTnZia2xFSWpvaU1UZzBNelk0TWpZaUxDSndaWEp6YjI1VWVYQmxJam9pTWlJc0ltRm5aVzUwVVhWbGRXVkRiMlJsSWpvaUlpd2liM0puWVc1cGVtRjBhVzl1VVhWbGRXVkRiMlJsSWpvaUlpd2laWGh3SWpveE56YzFOakl4TXpNemZRLmliOXZ6a0p1clpDV0RCVW0xTmhzd1FjcUZTdjVfVkVOckp5RlFUSl9td21hUFVSb3R6dFR5S1pIbThKaXdUQ2VCbHBiLW1ENEJWR0NxSGY3UUloVDZENDZwMlVoMXhYRVFtMEx3dlNmbFVDa092OFR6eWZ5NzlYczNvbkdKZkRsRkprLTFFTGdDS0Z1dkpQazRMVUdMajNXZzNYUFgzMXRwX1UyWllReV9VQjRUR1R3NS14dEhndS04YlA2SVI4TTBEblNqTE5sdDBtWjdEYUNIUzRJekpHR0RIM1RXbjN3ZHk4LTVtNEtadlZ0bGxud1R0WTVVZXkzUFVGNjMzREtBR0pKUUdKQXVmRXVxUTZ2bmpTdHhMV3BZZ2w1NEw2SDA4QnN6OWx0S082MGw1cldiYVl2OTVEQVhnZUxkVDVZeWRrek5PT0dtU0dya2dGMVhLb3BnUU16aGZOOHBrcGk3dUNocTV3MGQ2N1ZwdWFNMl9JY3VRWjFUNUJ1UWtNX0JHQzhCRjZoVFNYdm1nV1NESmNYel9wa3YzMkNIZXFSSVVwY2VRczM3dTJjYU5pOHo3UVlyTGdXeXhqM3JOc1RMY2J1QVRZSUFBem1wdEJHb2QzQXhObGZ5SDBKRFFoOGVuZjlqUFlneXprRFpzdFhSa3ZwRFFYWWFyUU14aWVRIiwidXNlcm5hbWUiOiJXV1dcXFBTU0FQSSIsInJvbGVjb2RlIjoiUkNUVCIsImF1ZCI6WyJzaG9wcGluZyIsInNlbGxpbmciLCJzZXJ2aWNpbmciLCJvcmRlcmNoYW5nZW5vdGlmaWNhdGlvbiJdLCJleHAiOjE3NDQwODcxMzMsImlzcyI6Im5kY2dhdGV3YXkubmF2aXRhaXJlLmNvbSJ9.9yYVJmttSnEDJRigts6ojKbEmKBmdYOAyKgtkAf7McY",
"token_type": "Bearer",
"expires_in": "00:30:00"
}
| Error | Description | Resolution | |
|---|---|---|---|
| 401 | Access denied due to invalid subscription key. | Make sure to provide a valid key for an active subscription. | |
| 403 | Access denied. You are not authorized to perform this action. | Please connect with admin. | |
| 300 | The security token is invalid or expired. | Token has expired or is malformed. | |
Flow of Authentication
Below is the Authentication flow diagram.
Need help? Check FAQs
How to generate token?
For NDC (New Distribution Capability) you need to pass Subscription and Authorization key to generate NDC token.
I need to pass subscription key?
Yes! you need to pass subscription key to generate NDC token.
Is NDC authentication API is secure?
Yes! NDC API authentication typically involves secure methods to ensure authorized access.