Technical Documentations
  • 🇻🇳Vietnamese
    • Tổng quan
    • Đối tác B2B2C
      • Phương thức Webview
        • API Login
        • Yêu cầu bảo mật
        • Place Order
        • API Get Booking Detail
        • API Commit
        • API Check commit result
      • Phương thức SDK
        • API Login
        • Yêu cầu bảo mật
        • Initiate SDK
          • Init IOS SDK
          • Init Android SDK
        • Place order
        • API Commit
        • API Get booking detail
        • API Check commit result
      • Phương thức API
        • API Login
        • Yêu cầu bảo mật
        • ✈️Flight
          • Search API
          • Booking API
        • 🏨Hotel
          • Search API
          • Booking API
          • Cancellation API
        • Payment API
        • Booking Management API
    • Đối tác Corporate Agent (CA)
      • Qui trình tích hợp
      • API Chứng thực
      • Yêu cầu bảo mật
    • Đối tác Affiliate
    • ❓Câu hỏi thường gặp
      • Các status trong luồng booking Gotadi
      • Quy định Test
        • ✈️Vé máy bay
        • 🏨Khách sạn
      • Bộ Testcase dành cho đối tác B2B2C
      • Quy trình hỗ trợ từ CS
      • Danh sách Airlines
  • 🇬🇧English
    • Overview
    • B2B2C Partner
      • Webview method
        • API Login
        • Security Requirements
        • Place Order
        • API Get Booking Detail
        • API Commit
        • API Check commit result
      • SDK method
        • API Login
        • Security Requirments
        • Initiate SDK
          • Init IOS SDK
          • Init Android SDK
        • Place order
        • API Commit
        • API Get booking detail
        • API Check commit result
      • API method
        • Integration process
        • Login API
        • ✈️Flight
          • Search API
          • Booking API
        • 🏨Hotel
          • Search API
          • Booking API
          • Cancellation API
        • Payment API
    • Corporate Agent Partner (CA)
      • Integration Process
      • Authentication API
      • Security Requirements
    • Affiliate Partner
    • ❓FAQ section
      • Booking Statuses in Gotadi's Booking Flow
      • Regulations for Testing
        • ✈️Flight
        • 🏨Hotel
      • CS Support Overall Flow
      • Airlines List
Powered by GitBook
On this page
  • API Key
  • Digital signature
  1. English
  2. Corporate Agent Partner (CA)

Security Requirements

PreviousAuthentication APINextAffiliate Partner

Last updated 3 months ago

API Key

All requests from the partner to Gotadi's system must include the following headers to support security operations and data statistics for Gotadi:

  • apikey: <api_key>

  • x-ibe-req-name: <access_code>

Note

The <api_key> and <access_code> values ​​are provided by Gotadi to the Partner.


Digital signature

Some important APIs require a digital signature to be attached to the request and response for authentication.

Generating a Digital Signature

The sender applies the RSA-SHA256 algorithm combined with their own Private Key to sign the digital signature on the signature data.

Note: The schema for constructing the signature data will be specifically described in each API.

Java example code

public static String signRSA(String signatureData, String xmlPrivateKey) throws Exception {
    PrivateKey privateKey = getPrivateKeyFromXML(xmlPrivateKey);
    Signature instance = Signature.getInstance("SHA256withRSA");
    instance.initSign(privateKey);
    instance.update(signatureData.getBytes("UTF-8"));
    byte[] signature = instance.sign();
    return Base64.encodeBase64String(signature);
}
Digital signature verification

The receiver uses the RSA-SHA256 algorithm and the sender's Public Key to verify the signature created by the sender.a.

Java example code

public static boolean verifyRSA(String signedData, String signature, String xmlPublicKey) throws Exception {
    PublicKey publicKey = getPublicKeyFromXML(xmlPublicKey);
    Signature instance = Signature.getInstance("SHA256withRSA");
    instance.initVerify(publicKey);
    instance.update(signedData.getBytes("UTF-8"));
    return instance.verify(Base64.decodeBase64(signature));
}

🇬🇧