...
Faces supports multiple Oauth2 grant flows, depending on the individual requirements of the client application. The following table lists possible flows:
| Type | Purpose | Description | Restrictions | ||
|---|---|---|---|---|---|
| Authorization Code | Interact with the API on behalf of an end-user | Allows an application to act on behalf of a (or multiple) specific user within Faces. The Authorization Code Flow requires the client application to open a popup-window where an user signs into Faces and explicitly allows access. Once Access has been granted, a refresh-token is issued which allows further access without additional human interaction. | Not all API operations may be available, depending on the authorization level of the user. (e.g. company data can not be queried or updated by a traveller) | ||
| Implicit | Similar to the Authorization Code flow, with the difference that no refresh-token will be issued and thus only temporary access of maximum one hour is possible before re-confirmation is needed. | Same as for Authorization Code.
| |||
| Client Credentials | Machine-to-Machine communication | Currently allows a specific OAuth2 Client to be linked to a specific travel agency in Faces. No end-user interaction is required | ID-Tokens cannot be requested since the access is not tied to a specific user. |
...
| Code Block | ||
|---|---|---|
| ||
{
"access_token": "eb0afd63-7ad3-4b0f-a3cb-bacbbf4cac7c",
"token_type": "bearer",
"refresh_token": "0561038e-02d3-48e4-a859-399acacad59c",
"expires_in": 3599
} |
| Note |
|---|
Please do only rely on the "access_token", "token_type", "refresh_token" and "expires_in" attributes within the token response payload. |
Step 5: Get new access token
...
As a result, a new access token will be issued.
| Note |
|---|
Please do only rely on the "access_token", "token_type", "expires_in" attributes within the token response payload. |
Anchor IDToken IDToken
ID token
| IDToken | |
| IDToken |
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
{
"access_token": "f88a7119-b585-4c9c-9867-88a40aae41f8",
"token_type": "bearer",
"refresh_token": "bab32afe-acf8-4a8e-ba7c-ed567daa0ee4",
"expires_in": 3599,
"scope": "email openid profile",
"id_token": "eyJhbGciOiJSUzI1NiJ9.eyJvcGVuaWQiOiIzZDkyMDVjYS1mMjY0LTRhZDgtYjFhYy1lNjQ1NTU3ZWFhOTkiLCJwcm9maWxlIjp7ImZpcnN0bmFtZSI6IlJlbW8iLCJwaG9uZSI6Iis0MTQ0MTIzNDU2NyIsImRpc3BsYXluYW1lIjoiSGVyciBSZW1vIFLDpGJlciIsIm5hbWUiOiJSw6RiZXIifSwiZW1haWwiOiJyZW1vLnRlc3RAdW1icmVsbGEuY2gifQ.ni2_4eszvqV5JgWBzJNmQ8jq225_7i-TiMAFzSGDSkPt6J5CTPSQF5wsq_Og5tOzd39nybGfwRzDyAkAOWinU2_djUv58gMx095U77ccSlSVYca6sn8t8WL62v8AOPSO9h8ok52nQpjtZFWcni4KABlcCKd_feT_5KjAmsRQwf7NZ0gqkoP3Y4Ymo454N8ezu822slF-ub4UdA1VBHDZuCJtQWbdsT2Cfep1NWRf3by_uP2s6yxHcHmQ0R_kYwXKMW2SbxyGo821cN-sxXYmppb4ipDtPKC7ANUYc5wZQ2Gp0gAenMIfxooz0njkEWKKMq3pwZWNJnWHDwVsluqI_w"
} |
| Note |
|---|
Please do only rely on the "access_token", "token_type", "refresh_token", "expires_in", "scope" and "id_token" attributes within the token response payload. |
Decoded ID-Token
The following extract depicts a decoded ID-Token from the value of "id_token" in the response above
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
curl -v -H "Authorization: Bearer <token>" \
"https://hurricane.umbrellanet.ch/uf-test/api/v1/reference-data/air-providers?profileType=TRAVELLER" |
Get hotel chain codes
| Scopes | (none needed) |
|---|---|
| Endpoints | api/v1/reference-data/hotel-chains |
| Request method | GET |
Fetch a list of available hotel chain code options
| Code Block | ||||
|---|---|---|---|---|
| ||||
curl -v -H "Authorization: Bearer <token>" \
"https://hurricane.umbrellanet.ch/uf-test/api/v1/reference-data/hotel-chains" |
Get rental car providers
| Scopes | (none needed) |
|---|---|
| Endpoints | api/v1/reference-data/car-providers |
| Request method | GET |
...