Authentication 2.0

OpenBooking is updating its Authentication System to increase security. This is the first update since launch of OpenBooking and integrates the latest best-practices. It also enables OpenBooking a fine grained request tracking and to better prevent future Denial of service attacks (DDOS).

This document describes the necessary changes for each use case:

  1. REST API users

  2. JavaScript SDK users

  3. Whitelabel users

ACTION: These changes need to be implemented until March 27th, 2020. After that date, accessing our services without the new Auth 2.0 will be blocked.

1. REST API users

Until today, our REST API accepts a JWT token in two forms, either

You may have used either methods.

Both methods will no longer be supported.

With Auth 2.0, you will be provided with a new API Key. The API Key needs to be passed in the following form:

GET <https://api.openbooking.ch/accommodations>
api-key: ABCDEF12345

The new HTTP Header "api-key" is CORS enabled.

2. JavaScript SDK users

You will be provided with a new API Key. Just replace the current token with the new API Key.

var ob = new OBManager('<https://api.openbooking.ch>', '<INSERT NEW API KEY HERE>');

3. White Label users

You will be provided with a new API Key. Just replace the current "group" parameter in the White Label Embed tag with the new API Key.

<div data-whitelabel
data-lang="en"
data-group="<INSERT NEW API KEY HERE>"
data-currency="CHF">
</div>

You can start right now.

Our new Auth 2.0 system is already online. You can start implementing the changes outlined above immediately. The old auth system will be cut off on March 27th, 2020.

Support

Our team is glad to support you and your agency with these necessary changes free of charge. Please get in touch with support@openbooking.ch if you need any support.