How to Get a Token for REST APIs
Learn how to get a token to call Sabre Hospitality APIs.
Prerequisites
1. Contact Sabre Hospitality to request your credentials:
- You must be either a Sabre Hospitality customer or are working with a Sabre Hospitality customer.
- Or you have either contacted a Sabre Hospitality account manager and/or have a signed contract with Sabre.
2. Know which environments and Sabre Hospitality APIs you can access.
Get Your Sabre Hospitality Credentials
You will receive your token credentials via email after your Sabre Hospitality APIs order is created by your Sabre account manager.
These credentials provide access to the Sabre Hospitality APIs. (They do not provide access to the Sabre GDS.)
Your Credentials Provide Access To:
- Get/use a token
- Sabre Hospitality API environments
- Your subset of Sabre Hospitality APIs
- Your subset of Sabre Hospitality API documentation on SynXis Developer Portal
Construct Your Token Credentials
Your token credentials are your signature for Sabre Hospitality APIs.
| Credential | Description |
|---|---|
| User Name | Your Sabre Hospitality API user name |
| Password | Your Sabre Hospitality API password |
Use a base64-encoding tool to complete the following steps:
| Steps | Description | Example | Base64 Encoded Value |
|---|---|---|---|
| 1: Encode your User Name | Base64 encode your User Name. | SHSTestUserName | U0hTVGVzdFVzZXJOYW1l |
| 2: Encode your Password | Base64 encode your Sabre Hospitality API password. | ClientPassword12345 | Q2xpZW50UGFzc3dvcmQxMjM0NQ== |
| 3: Encode a concatenated format or your User Name and Password to obtain your authorization string | Concatenate your base64 encoded User Name and Password with a colon (:) separating the two. Base64 encode the concatenated string to create your authorization string. Note: Remember to add the colon between the User ID and Password. | U0hTVGVzdFVzZXJOYW1l:Q2xpZW50UGFzc3dvcmQxMjM0NQ== | VTBoVFZHVnpkRlZ6WlhKT1lXMWw6UTJ4cFpXNTBVR0Z6YzNkdmNtUXhNak0wTlE9PQ== |
Get a Token
Your security token gets you connected to Sabre Hospitality REST APIs.
Prerequisites
- Know your Sabre Hospitality credentials.
- Construct your token credentials.
- Determine the environment to call.
Step 1: Call the method/endpoint
Obtain the token from the environment that you want to use to call Sabre Hospitality APIs:
- For the certification environment, obtain a token from the certification environment.
- For the production environment, obtain the token from that environment.
| Field | Description |
|---|---|
| URL |
|
| Authorization |
|
| Content-Type |
|
| ApplicationUserMetaData |
|
| GrantType |
|
| UserIPAddress |
|
| UserType |
|
| BusinessContext |
|
Example of a sessionless token request body
POST https://services-c1.synxis.com/v1/auth/token HTTP/1.1 Content-Type: application/json Authorization: Basic VTBoVFZHVnpkRlZ6WlhKT1lXMWw6UTJ4cFpXNTBVR0Z6YzNkdmNtUXhNak0wTlE9PQ==
ApplicationUserMetaData: UsernameWithinExternalSystem User-Agent: PostmanRuntime/7.15.0 Accept: */* { "GrantType": "CLIENT_CREDENTIALS", "UserIPAddress": "127.0.0.1", "UserType": "Hotel", "BusinessContext": "WBSVC" }
Step 2: Get token from the response
Examples of parameters:
| Field | Description |
|---|---|
| access_token |
|
| token_type |
|
| expires_in |
|
success response
If the request is valid, the body contains the token, token type and token expiration.
{
"access_token":"T1RLAQJ4QjOhTYPWoqIhCk0bClC7HelowVT/eS6+aLLvmHhAD7AscBw/kpl/mbA9UuawTAAEQHakd1L9ySOnoMpYggQtn+um5+T/u7WPrwKbPKbgZF5x3vp5U8Hqed4Qk+qZlZMXfJRBO2rFutI+r7F6Wng1TwBfWh+WUb8RudoxbK2D2mGal6FXdjqvz5fcAGRxictMqcdTM7a/ykRx6vkCiCFuS/lmXl1PlK63r0QrCpUTT+47fBTQDlApTjpqtvujnuZBS7rpfmcvVcJBvFFc7J7AkcMAWfBMwHOuhVByPc9Z+GrpLw0vgS80UptGQbN2ZAg0zvRDBmWi0AWx2fPEesJzc6nQZhlSrtLYPQZACLdVGhFBFyrRs1uMtmiUBXaiqZk1HsHc8tGLhqyhS/0QNle8jx2EDU4SLQ2+8pXnho*",
"token_type":"bearer",
"expires_in":720
}
failure response
If the request is unauthorized, the server returns the following error message.
{
"error": "ERR.SHS-SECUTIL.TOKEN.CREATE.INVALID_USERNAME_OR_PASSWORD",
"error_description": "user does not exist or password is invalid",
"Result": {
"ResultCode": "ERROR",
"Description": "user does not exist or password is invalid"
},
"Errors": [
{
"Status": "NotProcessed",
"ReportingSystem": "SHS-security-utility",
"Type": "Validation",
"ErrorCode": "ERR.SHS-SECUTIL.TOKEN.CREATE.INVALID_USERNAME_OR_PASSWORD",
"Instance": "shs-secutil-shutltxshsec01.shslab.local-default",
"Message": "user does not exist or password is invalid"
}
]
}
Step 3: Use the token in the request to call a given REST API
Send the sessionless token to the environment and API endpoint in the header when you call a given REST API.
| Field | Description |
|---|---|
| URL |
|
| Authorization |
|
Example request to the Hotel Cancel Reasons API
GET https://gw-cert.synxis.com/v1/api/reservation/lists/cancelreasons?hotelId=11113 HTTP 1.1 Authorization: Bearer T1RLAQJ4QjOhTYPWoqIhCk0bClC7HelowVT/eS6+aLLvmHhAD7AscBw/kpl/mbA9UuawTAAEQHakd1L9ySOnoMpYggQtn+um5+T/u7WPrwKbPKbgZF5x3vp5U8Hqed4Qk+qZlZMXfJRBO2rFutI+r7F6Wng1TwBfWh+WUb8RudoxbK2D2mGal6FXdjqvz5fcAGRxictMqcdTM7a/ykRx6vkCiCFuS/lmXl1PlK63r0QrCpUTT+47fBTQDlApTjpqtvujnuZBS7rpfmcvVcJBvFFc7J7AkcMAWfBMwHOuhVByPc9Z+GrpLw0vgS80UptGQbN2ZAg0zvRDBmWi0AWx2fPEesJzc6nQZhlSrtLYPQZACLdVGhFBFyrRs1uMtmiUBXaiqZk1HsHc8tGLhqyhS/0QNle8jx2EDU4SLQ2+8pXnho*