OpenBooking is updating its Authentication System to increase security. This is the first update since launch of OpenBooking and integrates the latest best-practices. It also enables OpenBooking a fine grained request tracking and to better prevent future Denial of service attacks (DDOS).
This document describes the necessary changes for each use case:
- 1.REST API users
- 3.Whitelabel users
ACTION: These changes need to be implemented until March 27th, 2020. After that date, accessing our services without the new Auth 2.0 will be blocked.
Until today, our REST API accepts a JWT token in two forms, either
- as Authorization HTTP HeaderGET https://api.openbooking.ch/accommodations Authorization: Bearer ey...
You may have used either methods.
Both methods will no longer be supported.
With Auth 2.0, you will be provided with a new API Key. The API Key needs to be passed in the following form:
The new HTTP Header "api-key" is CORS enabled.
You will be provided with a new API Key. Just replace the current token with the new API Key.
var ob = new OBManager('<https://api.openbooking.ch>', '<INSERT NEW API KEY HERE>');
You will be provided with a new API Key. Just replace the current "group" parameter in the White Label Embed tag with the new API Key.
data-group="<INSERT NEW API KEY HERE>"
Our new Auth 2.0 system is already online. You can start implementing the changes outlined above immediately. The old auth system will be cut off on March 27th, 2020.
Our team is glad to support you and your agency with these necessary changes free of charge. Please get in touch with [email protected] if you need any support.