SwOTA Session Support
As was mentioned earlier there is a way to establish and work within a session context, i.e. corresponding "login" request should be made before all other calls and a "session token" should be passed with each call within the session.
Note
Currently only supported for REST interface (not for SOAP).
Login Request
Below is an example of REST login request:
POST /ota/oauth/token?username=JAMES&password=secret007&client_id=ota&client_secret=ota&grant_type=password&scope=travelagent
In this example we logged in as a Seaware client who, for example, is going to create reservation by himself/herself from web application. Of course, sessions of other types (agents, etc.) can be created instead.
Login Response
An example response should have HTTP status 200 with a body containing session token and expiration information:
{
"access_token": "89A67471-074A-48BF-9AC0-FE6F96EE6BAD",
"token_type": "bearer",
"refresh_token": "89A67471-074A-48BF-9AC0-FE6F96EE6BAD",
"expires_in": 900,
"scope": "travelagent"
}
Using the Session Token
After login, include the session token in subsequent requests using the Authorization header:
Authorization: Bearer 89A67471-074A-48BF-9AC0-FE6F96EE6BAD
Logout Request
In the end logout message should be sent:
POST /ota/oauth/logout
Authorization: Bearer 89A67471-074A-48BF-9AC0-FE6F96EE6BAD
Logout Response
An example response should have HTTP status 200 with a body:
{
"status": "success"
}
Session Usage
It is not required to create user session before each Versonix OTA call. The usual practice is to create user session at the time when user logs into third-party application that utilizes Seaware services through this API and to destroy user session when user logs out (or by timeout). If third-party application is a web application (Web UI) than Versonix OTA session could be synchronized with HTTP session (and essentially has similar meaning).
Session Requirement
Depending on your account configuration, sessions may be optional or required:
- Optional (default): You can make API calls with or without establishing a session
- Required: All API calls must include a valid session token
Your integration documentation will specify whether sessions are required for your account.
Benefits of Session Mode
Except for additional security layer session support also modifies behavior of some elements of the functionality.
Simplified POS
The Source\POS element does not require to define agency in case OTA request is run under session: agency and agent will be automatically determined by the logged in user (travel agent or seaware user or consumer).
User Tracking
The logged in user also will be reflected in the history of the booking made or changed under that session (unless overridden by Source/POS element in corresponding OTA_CruiseBookRQ request).