Su API Documentation
  • Su Overview
    • Su API Introduction
  • Su Channel Manager
    • Getting Started
      • Certification
      • Authentication
    • Content
      • Property
      • Room Type
      • Rate Plan
      • Listing
        • Property Listing
        • Room Type Listing
        • Rate Plan Listing
        • Delete Property Listing
      • Image API
        • Create Images
        • Retrieve Images
        • Associate Images
    • Booking.com Content API
      • Booking.com
        • Contract - Introduction
          • Create Contract
          • Link/Retrieve Contract
          • Update Contract
          • Resend Contract
        • Property Management
          • Property Statuses
          • Property Detail
            • Create Property
            • Retrieve Property
            • Update Property
          • Contact Details
            • Set Contact
            • Retrieve Contact
            • Contact Profile Types
          • Property Settings
            • Retrieve Property Settings
            • Retrieve Property Settings Damage Programme
            • Retrieve City Tax Category For Property Settings
            • Create / Update Property Settings
            • Create / Update Property Settings - Specific Setting
          • Property Profile
            • Set Profile
            • Retrieve Property Profile
            • Set Hotelier Message
            • Retrieve Hotelier Message
            • Remove Hotelier-Message
          • Booking.com Property Status
            • Property Status Check
            • Property Status Open
            • Property Status Closed
          • Property Key Collection
            • Set CheckIn Methods
            • Retrieve CheckIn Method
            • Retrieve All Stream Variation
        • Images
          • Create Image
          • Retrieve All Images
          • Update Image Tags
          • Delete Image
          • Retrieve Associate Images
          • Associate Image
          • Unassociate Image
          • Ordering Image
          • Smart Ordering Image
          • Show Image
          • Retrieve Property Pending Photos based on photo-batch-id
          • Retrieve Image Tags
        • Facilities
          • Create/Update Facility
          • Retrieve Set Facility of Property and Room
          • Retrieve Supported Facilities
        • Property/Room Charges
          • Retrieve Property Charge Meta
          • Retrieve Property Charges
          • Retrieve Room Charges
          • Create Property Charges
        • Rate Plan
          • Set Rateplan
          • Retrieve Rateplan
      • Room API
        • Room Meta API
        • Room Set (Create/Update) API
        • Room Retrieve API
        • Room Deactivate API
      • Policies API
        • Create/Update Policies
        • Retrieve Policies
      • Bathroom API
        • Set Bathroom (Create and Update)
        • Remove/Disable Bathroom
        • Retrieve Bathroom
      • Product API
        • Product Meta
        • Product List
        • Product Create
        • Product Modify
        • Product Remove
        • Product Map Create (Room Based)
        • Product Map Modify (Room Based)
        • Product Map Create (Occupancy Based)
        • Product Map Modify (Occupancy Based)
        • Product Unmap
      • Property and Room License
        • Property License Retrieve All Rule (Without property id)
        • Property License Retrieve Rule (With property id)
        • Sending License Information of Property
        • Retrieve License Information of Property
        • Sending License Information of Room
        • Retrieve License Information of Room
      • BCIO (Booking.com Check-In / Check-Out Times)
      • PCT (Property Class Type Codes)
      • BCJT (Booking.com Job Titles)
      • PTT (Phone Technology Type Codes)
      • BCL (Booking.com Language Codes)
      • Currency Codes/Names
      • Country Codes/Names
      • BCPT (Booking.com Payment Type Codes)
    • Rates and Availability
    • Inventory Control
    • Reservations
      • New/Modified/Requested/Cancelled Retrievals
        • Request for Reservation Information
        • Response of Reservation Information
      • Reservation Using Push API
        • Reservations Notification Push
        • PUSH API Method
      • Reservation Notification
      • Request Booking
        • Accept/Confirm Request Booking
        • Deny/Cancel Request Booking
      • Booking Repull
        • List of Bookings
        • Refetch Booking
    • Logs
      • Update Logs
      • Failed Channel Logs
      • Rates & Inventory Logs (Future Date)
      • Bulk Rates & Inventory Logs (Future Date)
      • Resync OTA Updates (Failed)
      • OTA Rateplan Pull API
    • Users
      • Global Users
      • Chain Users
    • Channel Mapping Widget API
      • Generate a Token
      • Mapping Script
    • Reviews
    • Messaging
    • Reporting
      • Reporting - No Show (Booking.com & Goibibo)
      • Reporting - Invalid CC (Booking.com)
      • Reporting - Cancellation Due to Invalid CC (Booking.com)
      • Bulk ARI Update
      • Marketing Insight API - Booking.com
    • AirBnB
      • Cancel Reservation
        • Retrieve AirBnB Cancel Reservation Details API
        • Final AirBnB Cancel Reservation API
      • Notification
      • Trip Issue
    • My Booking Site
      • Confirm Reservation
      • Cancel Reservation
  • Su Token
    • Su Token - Introduction
    • Su Token - Authentication
    • Partner
    • Card
      • Card API
      • Card View API
      • Charge API
      • Card Collection
        • Get CC Collection (Generate Link)
        • Check Status of CC Collection
      • WIDGET
        • CC Collection Using Widget
  • Codes
    • Room Type Codes
    • Language Codes
    • Country Codes
    • Phone Technology Type Codes
    • Meal Plan Codes
    • Currency Codes
    • Channel or OTA Codes
    • Credit Card Type Codes
    • Time Zones
    • Error Codes
  • Versioning
  • Glossary of Terms
Powered by GitBook

STAAH Limited. 2024 © All Rights Reserved.

On this page
  • Authorization
  • Su Partner Supply API Authentication
  • Encoding
  • Authentication Failure
  • Authentication Failure Error

Was this helpful?

Export as PDF
  1. Su Channel Manager
  2. Getting Started

Authentication

All Su API requests need to be authenticated through the authorization header. The Su APIs offer only basic authentication methods.

Authorization

Authorization involves sending credentials (username and password) and app-id with every API request. Here's how it works:

  1. Encoding Credentials

    • Your username and password are encoded in Base64 format and separated by a colon (:).

    • For example, username:password becomes dXNlcm5hbWU6cGFzc3dvcmQ= in Base64.

  2. Adding to Header

    The encoded credentials are added to the request header after the word "Basic". Example: Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=

  3. Usage Example

    When making an API request to generate API keys, you include the Authorization header and your unique app ID provided by Su.

Example header

Authorization: Basic ZTZjTk80S1U6VjBEN1NxSGo
app-id: dWF0c3Uuc3RhYWgubmV0

Key facts:

  • Basic authentication is built into the HTTP protocol.

  • The credentials should be encoded in Base64 and placed in the header with the format Basic <encoded credentials>.

  • The app-id is a unique identifier provided to PMS partners by Su.

Su Partner Supply API Authentication

The Su Partner Supply API authentication process validates the identity of the client attempting to make a connection by using an authentication protocol. The system needs to make sure each end user is properly validated.

Your API keys carry many privileges, so be sure to keep them secure. Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, and so forth.

Partners can opt for their own domain for live production. STAAH requires an SSL certificate for the domain that is valid for the next 2 years at least.

Authorization: Basic {Authorization String}

Replace {Authorization String} with the API key provided by STAAH.

Encoding

Encoding provides a specific mechanism for handling text in various available character encodings. The Partner Supply API uses UTF-8 encoding for the JSON body for all API requests and responses.

Authentication Failure

An API failure is any response that does not confirm to the system’s expected behavior when invoked by the client. If a call fails authentication, the API returns HTTP status code 401. See below:

Authentication Failure Error

{
  "Status": "Fail",
  "Errors": {
    "Code": "497",
    "ShortText": "Authorization Required"
  }
}
PreviousCertificationNextContent

Last updated 26 days ago

Was this helpful?

All requests to the Su REST API need to be authenticated. The Su API supports the scheme for the Partner Supply APIs. For each request, you must include an authorization header.

HTTP basic authentication