Authentication
IP allowlisting
Any IPs accessing our NDC gateway must be explicitly allowlisted. Please provide a list of IPs you will use to access our gateway, and specify whether these IPs will access our sandbox or production environments. Requests to allow additional IPs are typically fulfilled within one week.
Subscription key
All requests to the Breeze NDC gateway must provide an Ocp-Apim-Subscription-Key header. This subscription key is unique to each partner and each environment. It does not change per-session.
Authorization type per endpoint
| Message type | Route | Request type | Authorization header type |
|---|---|---|---|
| Authorization | /api/Selling/r3.x/Auth | POST | Basic |
| IATA_AirlineProfileRQ / IATA_AirlineProfileRS | /api/Shopping/r3.x/v21.3/AirlineProfile | GET, POST | Bearer |
| IATA_AirShoppingRQ / IATA_AirShoppingRS | /api/Shopping/r3.x/v21.3/AirShopping | GET, POST | None required |
| IATA_SeatAvailabilityRQ / IATA_SeatAvailabilityRS | /api/Selling/r3.x/v21.3/SeatAvailability /api/Servicing/r3.x/v21.3/SeatAvailability | POST | Bearer |
| IATA_ServiceListRQ / IATA_ServiceListRS | /api/Selling/r3.x/v21.3/ServiceList /api/Servicing/r3.x/v21.3/ServiceList | POST | Bearer |
| IATA_OfferPriceRQ / IATA_OfferPriceRS | /api/Selling/r3.x/v21.3/OfferPrice | POST | Bearer |
| IATA_OrderCreateRQ / IATA_OrderViewRS | /api/Selling/r3.x/v21.3/OrderCreate | POST | Bearer |
| IATA_OrderRetrieveRQ / IATA_OrderViewRS | /api/Servicing/r3.x/v21.3/OrderRetrieve | POST | Bearer |
| IATA_OrderChangeRQ / IATA_OrderViewRS | /api/Servicing/r3.x/v21.3/OrderChange | POST | Bearer |
| IATA_OrderReshopRQ / IATA_OrderReshopRS | /api/Servicing/r3.x/v21.3/OrderReshop | POST | Bearer |
| IATA_OrderQuoteRQ / IATA_OrderReshopRS | /api/Servicing/r3.x/v21.3/OrderQuote | POST | Bearer |
Obtain a session bearer token
Authentication requests create a unique, stateful session in Breeze's reservation system for shopping and order management, returned as an access_token.
- Request
- Response
- Errors
Required headers—SAMPLE
"Authorization": "Basic U2FtcGxlXFNhbXBsZTpTQU1QTEU="
"Ocp-Apim-Subscription-Key": "e43b6d0b92824718b29e5fed70fc39f1"
POST /api/Selling/r3.x/Auth
{
"grant_type":"client_credentials"
}
Faster token requests
Authentication requests are twice as fast when the optional role parameter is declared. When role codes are undefined, our NDC gateway must make an additional network request to the reservation system.
/api/Selling/r3.x/Auth?role={rolecode}
{
"grant_type":"client_credentials"
}
200 OK
{
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuc2stc2lnbmF0dXJlIjoiYjV1ZllVT1JTK0k9fElLZVRJR0ZFeTllV25FS3czZlMweDYyM0ZVY1o0K09BUURTUnJ1YmJQYk1ENVdaQ2FrZGFjeW0vUm8zNUl4YndVQWpsc0xyZFVwMWdWM3dPRktvekNZdW16dFMweTBwa2p2c0RyMjhtd0Iwd1dUdUxpUkxjMkFLMThtSGpreE81allUVVhSS01TMjA9IiwidXNlcm5hbWUiOiJXVzJcXEV4cGVkaWFOREMiLCJyb2xlY29kZSI6Ik5EQ08iLCJhdWQiOlsic2hvcHBpbmciLCJzZWxsaW5nIiwic2VydmljaW5nIiwib3JkZXJjaGFuZ2Vub3RpZmljYXRpb24iXSwiZXhwIjoxNzQxNzE0Njg4LCJpc3MiOiJuZGNnYXRld2F5Lm5hdml0YWlyZS5jb20ifQ.P3UbH1Yll1tfhdrNP_VZdocLTSt1zEJdcgaC5WL92Lk",
"token_type": "Bearer",
"expires_in": "00:30:00"
}
401 Access Denied
Symptoms
- Response header
WWW-Authenticate: AzureApiManagementKey
Remedy
- Provide a valid Azure API gateway key using an
Ocp-Apim-Subscription-Keyheader
500 Internal Server Error
Symptoms
- Response header
Error-Code-0: CF4000 - Response header
Error-Msg-0: Unable to find best role for agent…
Cause
- The role code defined in the URL does not match the key provided in the Authorization token
Remedy
- Correct the
roleparameter value OR - remove the parameter from the authentication request
500 Internal Server Error
Symptoms
- Response header
Error-Code-0: CF4000 - Response header
Error-Msg-0: Unable to decode credentials. Please ensure correct format.
Causes
- No authorization header provided OR
- Invalid key provided
- Invalid key provided
Remedy
- Provide valid credentials
500 Internal Server Error
Symptoms
- Response header
Error-Code-0: CF4000 - Response header
Error-Msg-0: The agent [*agent name*] is locked.
Causes
- Multiple invalid login credential attempts OR
- Breeze initiated an agent lock
Remedy
- Contact Breeze to request agent unlock
Use the bearer token
This token issued by the Authorization endpoint should be used as a unique Bearer token for each NDC flow. A new token should be obtained for each transaction flow—concurrent use across bookings will cause failures.
Required headers—SAMPLE
"Authorization": "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuc2stc2lnbmF0dXJlIjoiZXlKaGJHY2lPaUpTVXpJMU5pSXNJblI1Y0NJNklrcFhWQ0o5LmV5SnFkR2tpT2lJMU1UZGtOVFJqTWkwME9URXdMVFJrWmpRdFlURTBZeTFsTUdabFpUWmlOVEUyTURNaUxDSmhkWFJvWDNScGJXVWlPaUl4TnpVek5qWTRNVGMzSWl3aWMyVnpjMmx2YmtsRUlqb2lOalk0TURRMU1TSXNJblJ2YTJWdVZIbHdaU0k2SWlJc0ltRm5aVzUwU1VRaU9pSTFORGs0T0RJMklpd2laRzl0WVdsdVEyOWtaU0k2SWxkWE1pSXNJbUZuWlc1MFRtRnRaU0k2SWt0aGVXRnJUa1JEVUhKdlpDSXNJbTl5WjJGdWFYcGhkR2x2YmtOdlpHVWlPaUpQVkVFaUxDSnliMnhsUTI5a1pTSTZJazVFUTA4aUxDSmphR0Z1Ym1Wc1ZIbHdaU0k2SWtGUVNTSXNJbk41YzNSbGJWUjVjR1VpT2lJM0lpd2lZMnhwWlc1MFRtRnRaU0k2SWxkbFlsTmxjblpwWTJWelFWQkpJaXdpWTNWc2RIVnlaVU52WkdVaU9pSmxiaTFWVXlJc0ltTjFjbkpsYm1ONVEyOWtaU0k2SWxWVFJDSXNJbXh2WTJGMGFXOXVRMjlrWlNJNklsZFhWeUlzSW5CbGNuTnZia2xFSWpvaU5UUTVPVFUzTlNJc0luQmxjbk52YmxSNWNHVWlPaUl5SWl3aWRISmhZMlZNWlhabGJDSTZJakFpTENKMGNtRmpaVk4zYVhSamFHVnpJam9pTUNJc0ltRm5aVzUwVVhWbGRXVkRiMlJsSWpvaUlpd2liM0puWVc1cGVtRjBhVzl1VVhWbGRXVkRiMlJsSWpvaUlpd2laWGh3SWpveE56ZzFNakEwTVRjM2ZRLmdvV1hkTlVJcGlnT3k0SVRSb1RUM0FXaWJQNl9xbnV5Y0pzOElraHRsNkRDdEJ1NW45Zk10MWozQjBNcm1pZk1RR3F3U1czekhqNnFYWURzYnoxamZjMDN2MFdpcGtyNXZpbzFOa1JVR2hZbFZaSEF4VTJyaldXbXhXUDhHMUhBZTlKSzdjT3M1MTNPWjVRa1A3Nl9KeDJwNGpnTGhYdGE3SUhuQWYyc3BrYzRCMVNNTXVnMHJySUhXU3dVakU4NlZpYXMyaFFhMjdUdDZuaEZRcEhOQV96a01helZOMmpFXzhDT3hIa2duVXdyb0ZKU3l0LWFHVEwzNi1uejdRa05qdjJPdmxwUUNOdzI3OHVfdlExb2ZUc3pSMVcyb3NENERIMUNhcFR0QWdyTzR4R09PcGc3RU91OFBMMjVaUS1TQktCTXpxbS1nVDlnekV5NjVpSk9zRzVqLUtXYzNRaXNKUUk0bTE2TzJHN0F0VW9JN0tYbzU2V2c2U1lhX3pKU1Z3Y0tPMi1vY1diODRqLTBkNmpZYTZvcFlqRHBESmtjS29mUUxvbEVXUms1VUZJT0FGaFZwNHJzQzZ4dF9rcV8yRks2M2dVRTB3enVnNEpvUE91eHpNSVNwSHd1dGxpTHp2V09zSFp2X1BpOXNXVUR4RFN5T1JjT2l2bVZEUmQ0IiwidXNlcm5hbWUiOiJXVzJcXEtheWFrTkRDUHJvZCIsInJvbGVjb2RlIjoiTkRDTyIsImF1ZCI6WyJzaG9wcGluZyIsInNlbGxpbmciLCJzZXJ2aWNpbmciLCJvcmRlcmNoYW5nZW5vdGlmaWNhdGlvbiJdLCJleHAiOjE3NTM2Njk5NzcsImlzcyI6Im5kY3I0eS5wcm9kLm14Lm5hdml0YWlyZS5jb20ifQ.z_6OTePEd4xw3DVeJvnEFijL2ZbNhkO1j5EOt1tHc-U"
"Ocp-Apim-Subscription-Key": "e43b6d0b92824718b29e5fed70fc39f1"