diff --git a/.nojekyll b/.nojekyll new file mode 100644 index 00000000..e69de29b diff --git a/404.html b/404.html new file mode 100644 index 00000000..63226a0f --- /dev/null +++ b/404.html @@ -0,0 +1,1527 @@ + + + +
+ + + + + + + + + + + + + + + + + + +Amadeus for Developers uses OAuth
to authenticate access requests. OAuth
generates an access token
which grants the client permission to access a protected resource.
The method to acquire a token is called grant. There are different types of OAuth grants
. Amadeus for Developers uses the Client Credentials Grant
.
Once you have created an app and received your API Key
and API Secret
, you can generate an access token by sending a POST
request to the authorization server:
https://test.api.amadeus.com/v1/security/oauth2/token/
+Information
+Remember that your API Key
and API Secret
should be kept private. Read more about best practices for secure API key storage.
The body of the request is encoded as x-www-form-urlencoded
, where the keys and values are encoded in key-value tuples separated by '&', with a '=' between
+the key and the value:
Key | +Value | +
---|---|
grant_type |
+The value client_credentials |
+
client_id |
+The API Key for the application |
+
client_secret |
+The API Secret for the application |
+
Specify the type of the request using the content-type
HTTP header with the value application/x-www-form-urlencoded
.
The following example uses cURL
to request a new token:
-X POST
parameter is not needed in the cURL
command. As we are sending a body, cURL
sends the request as POST
automatically.
+The authorization server will respond with a JSON object:
+Parameter | +Description | +
---|---|
type |
+The type of resource. The value will be amadeusOAuth2Token . |
+
username |
+Your username (email address). | +
application_name |
+The name of your application. | +
client_id |
+The API Key for your application |
+
token_type |
+The type of token issued by the authentication server. The value will be Bearer . |
+
access_token |
+The token to authenticate your requests. | +
expires_in |
+The number of seconds until the token expires. | +
state |
+The status of your request. Values can be approved or expired . |
+
Once the token has been retrieved, you can authenticate your requests to Amadeus Self-Service APIs.
+Each API call must contain the authorization
HTTP header with the value Bearer {access_token}
, where acess_token
is the token you have just retrieved.
The following example is a call to the Flight Check-in Links
API to retrieve the check-in URL for Iberia (IB
):
To retrieve a token using your favourite programming language, send a POST
request and parse the JSON
response as in the cURL
examples above.
There are different strategies to maintain your token updated, like checking the time remaining until expiration before each API call or capturing the unauthorized
error when the token expires. In both cases, you must request a new token.
To simplify managing the authentication process, you can use the Amadeus for Developers SDKs available on GitHub. The SDKs
+automatically fetch and store the access_token
and set the headers in all API
+calls.
Example of initializing the client and authenticating with the Node
SDK:
You can then call the API. The following example is a call to the Flight Check-in Links
API to retrieve the check-in URL for Iberia (IB
):
To start working with our Self-Service APIs, you need to register your application with us to obtain API keys. In this section we describe how to authorize your application and move it to production.
+ +When your application is ready to be deployed to the Real World™, you can request your Production Key and access the Production Environment
.
To request a production key, you must complete the following steps:
+Production
and click Get Production environment
:Flight Create Orders
in the checkbox at the bottom of the form. This API has special access requirements detailed below in the Moving to Production with Flight Create Orders
section of this guide.Docusign
. Once these steps are completed, your application status will be pending:
+ +You will receive a notification that your application is validated and the status will change to live. This usually occurs within 72 hours. Note that the validation period applies to your first production application. Subsequent applications will be validated automatically.
+ +++Production keys are valid for all Self-Service APIs except
+Flight Create Orders API
, which has special requirements. See theMoving to Production with Flight Create Orders
of this guide for more information.
Remember that once you exceed your free transactions threshold, you will be billed automatically for your transactions every month. You can manage and track your app usage in My Self-Service Workspace.
+Once you have a production key, you can make the following changes to your source code:
+https://api.amadeus.com
.API key
and API secret
with the new production keys.If you are using Amadeus for Developers SDKs, add hostname='production'
to the Client
together with your API key and API secret as shown below example in python SDK:
You can check the step by step process in this video tutorial of How to move to production from Get Started series.
+ +Applications using Flight Create Orders
must meet special requirements before moving to Production
. The requirements are detailed in the following section.
You have a ticket issuance agreement with a consolidator. Only certified + travel agents can issue flight tickets. Non-certified businesses must issue + tickets via an airline consolidator (an entity that acts as a host agency + for non-certified agents). The Amadeus for Developers team can assist you in finding a consolidator in your region.
+There are no restrictions in your country. Though we are working to make Self-Service flight booking available worldwide, Flight Create Orders
API is currently not available to companies in the following countries:
Algeria, Bangladesh, Bhutan, Bulgaria, Croatia, Egypt, Finland, Iceland, +Iran, Iraq, Jordan, Kuwait, Kosovo, Lebanon, Libya, Madagascar, Maldives, +Montenegro, Morocco, Nepal, Pakistan, Palestine, Qatar, Saudi Arabia, Serbia, Sri Lanka, Sudan, Syria, Tahiti, Tunisia, United Arab Emirates and +Yemen
+Contact us for questions about the above requirements or assistance with local regulations and airline consolidators in your region.
+If you meet the above requirements, you are ready to move your application +to production.
+Flight Create Orders
to a production appTo add Flight Create Orders
to an application currently in production, select the app in the My Apps section of your Self-Service Workspace and click API requests:
Then request production access to Flight Create Orders
by clicking the Request button located under Actions:
+ +
Amadeus Self-Service APIs have two types of rate limits in place to protect against abuse by third parties.
+Artificial intelligence APIs and APIs from Amadeus partners' are currently following the rate limits below.
+Test and Production | +
---|
20 transactions per second, per user | +
No more than 1 request every 50ms | +
The rest of Self-Service APIs apart from Artificial intelligence and Partners' APIs are below rate limits per environment.
+Test | +Production | +
---|---|
10 transactions per second, per user | +40 transactions per second, per user | +
No more than 1 request every 100ms | ++ |
To manage the rate limits in APIs, there are mainly two options: +- Use an external library +- Build a request queue from scratch
+The right choice depends on your resources and requisites.
+Check out the rate limits examples in Node, Python and Java using the respective Amadeus SDKs.
+ +{"use strict";/*!
+ * escape-html
+ * Copyright(c) 2012-2013 TJ Holowaychuk
+ * Copyright(c) 2015 Andreas Lubbe
+ * Copyright(c) 2015 Tiancheng "Timothy" Gu
+ * MIT Licensed
+ */var Ha=/["'&<>]/;Un.exports=$a;function $a(e){var t=""+e,r=Ha.exec(t);if(!r)return t;var o,n="",i=0,s=0;for(i=r.index;i