Security within the TravelgateX platform
This page describes the how security is implemented in TravelgateX platform.
Introduction
TravelgateX offers a fine-grained access control and visibility for centrally managing Resources
, which are granted to Partners
belonging to Organizations
.
Authentication
Authentication is the process of authorizing or making sure that the Partner
is the correct one. Every request to TravelgateX GraphQL API must carry an Access Token whether it’s an API Key or a JSON Web Token (JWT).
API Key
The API key takes cares of the authentication of applications, normally created as a Service Account
with limited scopes.
The correct way to send it to GraphQL server is via HTTP Header:
All queries must include a HTTP Header with the API key inserted in the format:
* API key: "Authorization: Apikey xxxxxxxxx"
If you wish to use test headers, insert "Authorization":"Apikey 8626cf56-e364-4fd1-4fe0-311e23ac6355"
curl -X\
POST\
-H "Content-Type: application/json" \
-H "Authorization: Apikey 8626cf56-e364-4fd1-4fe0-311e23ac6355" \
--data '{"query":"{searchStatusService{code description}}"}' \
--compressed \
https://api.travelgatex.com
Creating an API Key
For development and testing purposes, please use the following Test API Key 8626cf56-e364-4fd1-4fe0-311e23ac6355
JSON Web Token (JWT)
The JSON Web Token takes cares of the authentication of users, normally created as User
.
Whenever the user wants to access a protected resource, the user agent should send the JWT, in the Authorization header using the Bearer schema. The content of the header should look like the following:
All queries to a protected resources must include an Authorization Header using the Bearer schema. The content of the header should look like the following:
"Authorization: Bearer xxxxxxxxx"
Authorization
Once the Member
is authenticated we must authorize the Partner
to use the requested Resource
.
TravelgateX Identity and Access Management let Partner administrators authorize who can take action on specific resources. This gives you full control and internal visilibity to manage your resources centrally.