SwOTA SOAP Testing Guide
Quick Setup for SOAP Testing with Auth0 Authentication
SOAP uses the same Auth0 token-based authentication as REST. The only differences from REST are the endpoint path (/ota/ws), the SOAP envelope wrapper, and the text/xml content type.
1. Obtain Auth0 Credentials
Before testing, you need Auth0 credentials from your integration manager:
Client ID: Your application's Auth0 client identifier
Client Secret: Your application's Auth0 client secret
Audience: The API audience value for the environment
2. Import Environment
Create a Postman environment with these variables:
{
"name": "SwOTA Development - SOAP",
"values": [
{
"key": "soap_url",
"value": "https://bookings-dev.sw.travelhx.com/ota/ws",
"enabled": true
},
{
"key": "auth0_url",
"value": "https://travelhx-backend-stage.eu.auth0.com/oauth/token",
"enabled": true
},
{
"key": "auth0_client_id",
"value": "YOUR_CLIENT_ID",
"enabled": true
},
{
"key": "auth0_client_secret",
"value": "YOUR_CLIENT_SECRET",
"enabled": true
},
{
"key": "auth0_audience",
"value": "https://partner.dev.travelhx.dev/api",
"enabled": true
},
{
"key": "access_token",
"value": "",
"enabled": true
},
{
"key": "agency_id",
"value": "YOUR_AGENCY_ID",
"enabled": true
},
{
"key": "booking_source",
"value": "OPENTRAVEL",
"enabled": true
}
]
}
3. Get Access Token
Before making SwOTA SOAP API requests, you need to obtain an Auth0 access token.
Create a Token Request in Postman
POST {{auth0_url}}
Content-Type: application/json
{
"client_id": "{{auth0_client_id}}",
"client_secret": "{{auth0_client_secret}}",
"audience": "{{auth0_audience}}",
"grant_type": "client_credentials"
}
The response will contain an access_token. Copy this token and save it to your access_token environment variable.
Tip: You can automate this in Postman by adding a test script to extract and save the token:
// Postman test script to auto-save token
const response = pm.response.json();
if (response.access_token) {
pm.environment.set("access_token", response.access_token);
}
4. SOAP Request Headers
All SOAP requests should include:
Authorization: Bearer {{access_token}}
Content-Type: text/xml; charset=utf-8
SOAPAction: (leave empty)
5. Sample SOAP Requests
Ping Test
POST {{soap_url}}
Authorization: Bearer {{access_token}}
Content-Type: text/xml; charset=utf-8
SOAPAction:
<?xml version="1.0" encoding="UTF-8"?>
<Envelope xmlns="http://schemas.xmlsoap.org/soap/envelope/">
<Header/>
<Body>
<OTA_PingRQ xmlns="http://www.opentravel.org/OTA/2003/05" Version="1.0" TimeStamp="2025-01-01T12:00:00Z">
<EchoData>Test connection</EchoData>
</OTA_PingRQ>
</Body>
</Envelope>
Sailing Availability
POST {{soap_url}}
Authorization: Bearer {{access_token}}
Content-Type: text/xml; charset=utf-8
SOAPAction:
<?xml version="1.0" encoding="UTF-8"?>
<Envelope xmlns="http://schemas.xmlsoap.org/soap/envelope/">
<Header/>
<Body>
<OTA_CruiseSailAvailRQ xmlns="http://www.opentravel.org/OTA/2003/05" Version="1.0" TimeStamp="2025-01-01T12:00:00Z">
<POS>
<Source>
<RequestorID ID="{{agency_id}}" Type="5" ID_Context="SEAWARE"/>
<BookingChannel Type="1">
<CompanyName>{{booking_source}}</CompanyName>
</BookingChannel>
</Source>
</POS>
<SailingDateRange>
<StartDateWindow EarliestDate="2025-06-01"/>
<EndDateWindow LatestDate="2025-12-31"/>
</SailingDateRange>
</OTA_CruiseSailAvailRQ>
</Body>
</Envelope>
6. Expected Responses
-
Ping:
with echo data wrapped in SOAP response -
Availability: Error Code 168 (expected if used with test credentials - confirms format is correct)
7. Troubleshooting
401 Unauthorized
If you receive 401 errors:
-
Verify your access token is valid and not expired
-
Check that the
Authorization: Bearerheader is included in your request -
Ensure your Auth0 credentials are correct
-
Verify you're using the correct audience for your environment
-
Get a fresh token - tokens expire after the time specified in
expires_in
403 Forbidden
-
Verify your client has the correct permissions/scopes
-
Contact your integration manager to verify your account setup
Connection Errors
-
Timeout: Verify you're using the correct SOAP endpoint URL (
/ota/ws) and that you have network access to the server. -
404 Not Found: Confirm you're posting to the
/ota/wspath, not/ota/rest/.
SOAP Request Errors
-
Invalid Namespace: Ensure you're using the correct namespace
http://www.opentravel.org/OTA/2003/05 -
Missing Headers: Verify the Content-Type header is set to
text/xml; charset=utf-8and the (empty) SOAPAction header is present -
Agency Errors: Confirm your agency_id is correct and properly configured in your environment variables.