Table of Contents

SwOTA SOAP Testing Guide

Quick Setup for SOAP Testing with Auth0 Authentication

SOAP uses the same Auth0 token-based authentication as REST. The only differences from REST are the endpoint path (/ota/ws), the SOAP envelope wrapper, and the text/xml content type.

1. Obtain Auth0 Credentials

Before testing, you need Auth0 credentials from your integration manager:

  • Client ID: Your application's Auth0 client identifier

  • Client Secret: Your application's Auth0 client secret

  • Audience: The API audience value for the environment

2. Import Environment

Create a Postman environment with these variables:

{
  "name": "SwOTA Development - SOAP",
  "values": [
    {
      "key": "soap_url",
      "value": "https://bookings-dev.sw.travelhx.com/ota/ws",
      "enabled": true
    },
    {
      "key": "auth0_url",
      "value": "https://travelhx-backend-stage.eu.auth0.com/oauth/token",
      "enabled": true
    },
    {
      "key": "auth0_client_id",
      "value": "YOUR_CLIENT_ID",
      "enabled": true
    },
    {
      "key": "auth0_client_secret",
      "value": "YOUR_CLIENT_SECRET",
      "enabled": true
    },
    {
      "key": "auth0_audience",
      "value": "https://partner.dev.travelhx.dev/api",
      "enabled": true
    },
    {
      "key": "access_token",
      "value": "",
      "enabled": true
    },
    {
      "key": "agency_id", 
      "value": "YOUR_AGENCY_ID",
      "enabled": true
    },
    {
      "key": "booking_source",
      "value": "OPENTRAVEL", 
      "enabled": true
    }
  ]
}

3. Get Access Token

Before making SwOTA SOAP API requests, you need to obtain an Auth0 access token.

Create a Token Request in Postman

POST {{auth0_url}}
Content-Type: application/json

{ "client_id": "{{auth0_client_id}}", "client_secret": "{{auth0_client_secret}}", "audience": "{{auth0_audience}}", "grant_type": "client_credentials" }

The response will contain an access_token. Copy this token and save it to your access_token environment variable.

Tip: You can automate this in Postman by adding a test script to extract and save the token:

// Postman test script to auto-save token
const response = pm.response.json();
if (response.access_token) {
    pm.environment.set("access_token", response.access_token);
}

4. SOAP Request Headers

All SOAP requests should include:

Authorization: Bearer {{access_token}}
Content-Type: text/xml; charset=utf-8
SOAPAction: (leave empty)

5. Sample SOAP Requests

Ping Test

POST {{soap_url}}
Authorization: Bearer {{access_token}}
Content-Type: text/xml; charset=utf-8
SOAPAction:

<?xml version="1.0" encoding="UTF-8"?> <Envelope xmlns="http://schemas.xmlsoap.org/soap/envelope/"> <Header/> <Body> <OTA_PingRQ xmlns="http://www.opentravel.org/OTA/2003/05" Version="1.0" TimeStamp="2025-01-01T12:00:00Z"> <EchoData>Test connection</EchoData> </OTA_PingRQ> </Body> </Envelope>

Sailing Availability

POST {{soap_url}}
Authorization: Bearer {{access_token}}
Content-Type: text/xml; charset=utf-8
SOAPAction:

<?xml version="1.0" encoding="UTF-8"?> <Envelope xmlns="http://schemas.xmlsoap.org/soap/envelope/"> <Header/> <Body> <OTA_CruiseSailAvailRQ xmlns="http://www.opentravel.org/OTA/2003/05" Version="1.0" TimeStamp="2025-01-01T12:00:00Z"> <POS> <Source> <RequestorID ID="{{agency_id}}" Type="5" ID_Context="SEAWARE"/> <BookingChannel Type="1"> <CompanyName>{{booking_source}}</CompanyName> </BookingChannel> </Source> </POS> <SailingDateRange> <StartDateWindow EarliestDate="2025-06-01"/> <EndDateWindow LatestDate="2025-12-31"/> </SailingDateRange> </OTA_CruiseSailAvailRQ> </Body> </Envelope>

6. Expected Responses

  • Ping: with echo data wrapped in SOAP response

  • Availability: Error Code 168 (expected if used with test credentials - confirms format is correct)

7. Troubleshooting

401 Unauthorized

If you receive 401 errors:

  • Verify your access token is valid and not expired

  • Check that the Authorization: Bearer header is included in your request

  • Ensure your Auth0 credentials are correct

  • Verify you're using the correct audience for your environment

  • Get a fresh token - tokens expire after the time specified in expires_in

403 Forbidden

  • Verify your client has the correct permissions/scopes

  • Contact your integration manager to verify your account setup

Connection Errors

  • Timeout: Verify you're using the correct SOAP endpoint URL (/ota/ws) and that you have network access to the server.

  • 404 Not Found: Confirm you're posting to the /ota/ws path, not /ota/rest/.

SOAP Request Errors

  • Invalid Namespace: Ensure you're using the correct namespace http://www.opentravel.org/OTA/2003/05

  • Missing Headers: Verify the Content-Type header is set to text/xml; charset=utf-8 and the (empty) SOAPAction header is present

  • Agency Errors: Confirm your agency_id is correct and properly configured in your environment variables.