Authentication

This page explains how to authenticate for the Booking.com Connectivity APIs.

Machine account

You need a machine account to use the Booking.com Connectivity APIs. You can create machine accounts using the Connectivity Portal.

If you don't have access to the Connectivity Portal, your colleague with an existing account can create an account for you. Booking.com typically shares access to the Connectivity Portal during the onboarding process.

Basic authentication scheme

The Booking.com Connectivity APIs use the HTTP basic authentication scheme to authenticate an incoming request. To get a successful response from Booking.com Connectivity APIs, you must provide your credentials as an Authorization header in each request.

For example:

Authorization: Basic {username:password}

{username:password} represents the Base64-encoded (RFC2045-MIME) credentials for your machine account.

Enhanced authentication rules

Booking.com enforces the following authentication and authorisation rules for enhanced protection and security:

  • Specify the authentication details such as username and password only using the request Header. Credentials provided in the request body are ignored.
  • Make sure the username is case-sensitive and doesn't contain leading white space.
  • We have revised our password policy and no longer support the + character in the password. If your existing password contains + character, make sure to create a new password using the Connectivity Portal.

Authentication failure

The API returns HTTP 401 for failed authentication attempts. The response body will be different for OTA and B.XML endpoints.

B.XML example

<?xml version='1.0' standalone='yes'?>
<reservations>
    <fault code="401"
         string="Authorization Required" />
</reservations>

OTA example

<OTA_HotelResModifyNotifRS xmlns="http://www.opentravel.org/OTA/2003/05" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.opentravel.org/OTA/2003/05 OTA_HotelResModifyNotifRS.xsd" TimeStamp="2018-06-22T14:56:37+00:00" Target="Production" Version="2.001">
  <Errors>
    <Error ShortText="Authorization Required"/>
  </Errors>
</OTA_HotelResModifyNotifRS>

Troubleshooting

If your requests repeatedly fail authentication, check that:

  • your request includes the Authorization header;
  • your machine account credentials are correct;
  • the IP whitelist for your machine account is up-to-date;
  • you have access to the endpoint you're calling (contact us if you're not sure).