​
OpenBooking is updating its Authentication System to increase security. This is the first update since launch of OpenBooking and integrates the latest best-practices. It also enables OpenBooking a fine grained request tracking and to better prevent future Denial of service attacks (DDOS).
This document describes the necessary changes for each use case:
REST API users
JavaScript SDK users
Whitelabel users
ACTION: These changes need to be implemented until March 27th, 2020. After that date, accessing our services without the new Auth 2.0 will be blocked.
​
Until today, our REST API accepts a JWT token in two forms, either
as Query Param
GET https://api.openbooking.ch/accommodations?access_token=ey...
as Authorization HTTP Header
GET https://api.openbooking.ch/accommodations Authorization: Bearer ey...
You may have used either methods.
Both methods will no longer be supported.
With Auth 2.0, you will be provided with a new API Key. The API Key needs to be passed in the following form:
GET <https://api.openbooking.ch/accommodations>api-key: ABCDEF12345
The new HTTP Header "api-key" is CORS enabled.
You will be provided with a new API Key. Just replace the current token with the new API Key.
var ob = new OBManager('<https://api.openbooking.ch>', '<INSERT NEW API KEY HERE>');
You will be provided with a new API Key. Just replace the current "group" parameter in the White Label Embed tag with the new API Key.
<div data-whitelabeldata-lang="en"data-group="<INSERT NEW API KEY HERE>"data-currency="CHF"></div>
Our new Auth 2.0 system is already online. You can start implementing the changes outlined above immediately. The old auth system will be cut off on March 27th, 2020.
Our team is glad to support you and your agency with these necessary changes free of charge. Please get in touch with support@openbooking.ch if you need any support.