Content API
Hotel Trader uses Basic authentication for the Content API (Metadata Push and Metadata Audit).
Basic authentication is a simple scheme built into the HTTP protocol. When making requests, the client includes an Authorization header that contains the word Basic followed by a space and a Base64-encoded username:password string.
For example, to authorize a user "demo" with password "p@55w0rd", the client sends:
Authorization: Basic ZGVtbzpwQDU1dzByZA==
Here, ZGVtbzpwQDU1dzByZA== is the Base64-encoded version of demo:p@55w0rd.
Push API
Applicable for the SOAP XML-based ARI Management and Reservation Management APIs.
The client must provide their username and password in the Security header of the SOAP message. For example, to authorize a user HT_CLIENT with a password Pa55w0rdT0ken the user must send it as below.
<?xml version="1.0"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soap:Header>
<wsse:Security soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken>
<wsse:Username>HT_CLIENT</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">Pa55w0rdT0ken</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
<soap:Body>
</soap:Body>
</soap:Envelope>