Get a Token for REST APIs
The following sections explain how to get an authentication token that enables you to call Hospitality Solutions APIs.
Prerequisites
1. Contact Hospitality Solutions to request your credentials. Ensure that you meet one or more of the following requirements:
- You must be a Hospitality Solutions customer or be working with a Hospitality Solutions customer.
- You must have contacted a Hospitality Solutions account manager.
- You must have a signed contract with Hospitality Solutions.
2. Know which environments and Hospitality Solutions APIs you can access.
Get Your Credentials
You will receive your token credentials via email after your Hospitality Solutions APIs order is created by your Hospitality Solutions account manager.
These credentials provide access to the Hospitality Solutions APIs. (They do not provide access to the Sabre GDS.)
Your credentials provide access to:
- Get and use a token.
- Use Hospitality Solutions API environments.
- Use your subset of Hospitality Solutions APIs.
- Use your subset of Hospitality Solutions API documentation on SynXis Developer Portal.
Construct Your Token Credentials
Your token credentials are your authentication signature for Hospitality Solutions APIs.
| Credential | Description |
|---|---|
| User Name | Your Hospitality Solutions API user name |
| Password | Your Hospitality Solutions API password |
Use a base64-encoding tool to complete the following steps:
| Steps | Description | Example | Base64 Encoded Value |
|---|---|---|---|
| 1: Encode your User Name | Base64 encode your User Name. | SHSTestUserName | U0hTVGVzdFVzZXJOYW1l |
| 2: Encode your Password | Base64 encode your Hospitality Solutions API password. | ClientPassword12345 | Q2xpZW50UGFzc3dvcmQxMjM0NQ== |
| 3: Encode a concatenated format or your User Name and Password to obtain your authorization string | Concatenate your base64 encoded User Name and Password with a colon (:) separating the two. Base64 encode the concatenated string to create your authorization string. Note: Remember to add the colon between the User ID and Password. | U0hTVGVzdFVzZXJOYW1l:Q2xpZW50UGFzc3dvcmQxMjM0NQ== | VTBoVFZHVnpkRlZ6WlhKT1lXMWw6UTJ4cFpXNTBVR0Z6YzNkdmNtUXhNak0wTlE9PQ== |
Get a Token
Your security token gets you connected to Hospitality Solutions REST APIs.
Prerequisites
- Know your Hospitality Solutions credentials.
- Construct your token credentials.
- Determine the environment to call.
Step 1: Call the method/endpoint
Obtain the token from the environment that you want to use to call Hospitality Solutions APIs:
- For the certification environment, obtain a token from the certification environment.
- For the production environment, obtain the token from that environment.
| Field | Description |
|---|---|
| URL |
|
| Authorization |
|
| Content-Type |
|
| ApplicationUserMetaData |
|
| GrantType |
|
| UserIPAddress |
|
| UserType |
|
| BusinessContext |
|
Example of a sessionless token request body:
POST https://services-c1.synxis.com/v1/auth/token HTTP/1.1
Content-Type: application/json
Authorization: Basic VTBoVFZHVnpkRlZ6WlhKT1lXMWw6UTJ4cFpXNTBVR0Z6YzNkdmNtUXhNak0wTlE9PQ==
ApplicationUserMetaData: UsernameWithinExternalSystem
User-Agent: PostmanRuntime/7.15.0
Accept: */*
{
"GrantType": "CLIENT_CREDENTIALS",
"UserIPAddress": "127.0.0.1",
"UserType": "Hotel",
"BusinessContext": "WBSVC"
}Step 2: Get token from the response
Examples of parameters:
| Field | Description |
|---|---|
| access_token |
|
| token_type |
|
| expires_in |
|
Success Response
If the request is valid, the body contains the token, token type, and token expiration.
{
"access_token":"T1RLAQJ4QjOhTYPWoqIhCk0bClC7HelowVT/eS6+aLLvmHhAD7AscBw/kpl/mbA9UuawTAAEQHakd1L9ySOnoMpYggQtn+um5+T/u7WPrwKbPKbgZF5x3vp5U8Hqed4Qk+qZlZMXfJRBO2rFutI+r7F6Wng1TwBfWh+WUb8RudoxbK2D2mGal6FXdjqvz5fcAGRxictMqcdTM7a/ykRx6vkCiCFuS/lmXl1PlK63r0QrCpUTT+47fBTQDlApTjpqtvujnuZBS7rpfmcvVcJBvFFc7J7AkcMAWfBMwHOuhVByPc9Z+GrpLw0vgS80UptGQbN2ZAg0zvRDBmWi0AWx2fPEesJzc6nQZhlSrtLYPQZACLdVGhFBFyrRs1uMtmiUBXaiqZk1HsHc8tGLhqyhS/0QNle8jx2EDU4SLQ2+8pXnho*",
"token_type":"bearer",
"expires_in":720
}Failure Response
If the request is unauthorized, the server returns the following error message.
{
"error": "ERR.SHS-SECUTIL.TOKEN.CREATE.INVALID_USERNAME_OR_PASSWORD",
"error_description": "user does not exist or password is invalid",
"Result": {
"ResultCode": "ERROR",
"Description": "user does not exist or password is invalid"
},
"Errors": [
{
"Status": "NotProcessed",
"ReportingSystem": "SHS-security-utility",
"Type": "Validation",
"ErrorCode": "ERR.SHS-SECUTIL.TOKEN.CREATE.INVALID_USERNAME_OR_PASSWORD",
"Instance": "shs-secutil-shutltxshsec01.shslab.local-default",
"Message": "user does not exist or password is invalid"
}
]
}Step 3: Use the token in the request to call a REST API
Send the sessionless token to the environment and API endpoint in the header when you call a given REST API.
| Field | Description |
|---|---|
| URL |
|
| Authorization |
|
Example request to the Hotel Cancel Reasons API:
GET https://gw-cert.synxis.com/v1/api/reservation/lists/cancelreasons?hotelId=11113 HTTP 1.1
Authorization: Bearer T1RLAQJ4QjOhTYPWoqIhCk0bClC7HelowVT/eS6+aLLvmHhAD7AscBw/kpl/mbA9UuawTAAEQHakd1L9ySOnoMpYggQtn+um5+T/u7WPrwKbPKbgZF5x3vp5U8Hqed4Qk+qZlZMXfJRBO2rFutI+r7F6Wng1TwBfWh+WUb8RudoxbK2D2mGal6FXdjqvz5fcAGRxictMqcdTM7a/ykRx6vkCiCFuS/lmXl1PlK63r0QrCpUTT+47fBTQDlApTjpqtvujnuZBS7rpfmcvVcJBvFFc7J7AkcMAWfBMwHOuhVByPc9Z+GrpLw0vgS80UptGQbN2ZAg0zvRDBmWi0AWx2fPEesJzc6nQZhlSrtLYPQZACLdVGhFBFyrRs1uMtmiUBXaiqZk1HsHc8tGLhqyhS/0QNle8jx2EDU4SLQ2+8pXnho*