...
For Iberia to send you the OCN messages, you must publish an endpoint, with the necessary security, to which we can send the messages. Presently Iberia has implemented the “Basic AUTH” and “OAUTH” “OAUTH 2.0” security methods to connect to third parties.
...
An HTTPS URL for a SOAP or REST endpoint, to which we can send the OCN messages.
Please ensure you tell us which protocol the endpoint uses.
The security method used to connect to your endpoint together with the credentials. We support two security methods: BASIC and OAUTH 2.0.
For Basic authentication we need to be able to send the credentials in the “Authorization” header, with the values separated with “:” in Base64 format.
For OAUTH 2.0 authentication we require the following:
The client_id, client_secret and grant_type. (Today we only use the OAUTH implementation where the parameters are sent in the body of the message.)
The HTTPS URL from where to obtain the token.
Whether you require the “scope” in the call to this URL, and if so then the value you require in the “scope”
The client_id, client_secret and grant_type. We support the two ways of sending the credentials in OAUTH 2.0 to obtain the token:
Sent in the header (recommended by https://datatracker.ietf.org/doc/html/rfc6749#section-2.3.1 ) or
Sent in the body of the message
An example using CURL of your authentication service, and OCN reception service.
Example OAUTH of a BASIC request to send the OCN:
| Code Block |
|---|
curl --location --request POST 'https://miurl.com/v1/booking/travel-orders/ib-order-change-events' \ --header 'Content-Type: application/xml' \ --header 'Authorization: Bearer xxxxxxxxxxxxxxxxxx' \ |
...