SOAP Message Structure

1 Overview
2 SOAP version
3 SOAP Security Header
- 3.1 Security Header Example
- 3.2 Credential and Endpoint Requirements
4 Full XML Sample

Overview

All messages to and from SiteConnect must be soap messages. They include a SOAP Security header for authentication purposes and contain the SOAP Body which contains the OTA message.

The following example is a complete SOAP message (this one shows an OTA_HotelAvailNotifRQ message payload)

SOAP version

SiteConnect is using SOAP 1.1

SOAP Security Header

The Security Header structure conveys authentication information. It is mandatory.

The ONLY acceptable value for the Password/@Type attribute is
"<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">SECRET</wsse:Password>", indicating a plain text password.

Plain text passwords are acceptable as all communication is done over encrypted HTTP (HTTPS).

Security Header Example

<wsse:Security soap:mustUnderstand="1" 
	xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
	xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
	<wsse:UsernameToken>
		<wsse:Username>USERNAME</wsse:Username>
		<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">SECRET</wsse:Password>        
        <!-- The ONLY acceptable value for the Password/@Type attribute is Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText" -->
	</wsse:UsernameToken>
</wsse:Security>

Credential and Endpoint Requirements

Booking Channels will need to provide SiteConnect with a single username and password to be used for Retrieve Rooms, Inventory and Rate Push authentication.
These credentials MUST be global for all hotels using the connection, not for each individual hotel.
Booking Channels should try to provide SiteConnect with a single URI endpoint for all messages. If this is not possible, SiteConnect can handle a maximum of 2 URIs (one for the Retrieve Rooms API and one for the Inventory and Rate Push API).
SiteConnect partners will be provided with a single username and password for Reservation authentication.

Full XML Sample

The following example is a complete SOAP message (this one shows an OTA_HotelAvailNotifRQ message payload):

<SOAP-ENV:Envelope
	xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
	
	<SOAP-ENV:Header
		xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
		
		<wsse:Security
			xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
			xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" soap:mustUnderstand="1">
			<wsse:UsernameToken>
				<wsse:Username>****</wsse:Username>
				<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">****</wsse:Password>
			</wsse:UsernameToken>
		</wsse:Security>
		
	</SOAP-ENV:Header> 
	
	<SOAP-ENV:Body
		xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
		
        <OTA_HotelAvailNotifRQ
			xmlns="http://www.opentravel.org/OTA/2003/05" EchoToken="abc123" Version="1.0" TimeStamp="2022-01-01T09:30:47+08:00">
			<AvailStatusMessages HotelCode="HOTEL">
				<AvailStatusMessage BookingLimit="10">
					<StatusApplicationControl Start="2022-01-01" End="2022-01-14" InvTypeCode="A1K" RatePlanCode="GLD"/>
				</AvailStatusMessage>
			</AvailStatusMessages>
		</OTA_HotelAvailNotifRQ>
		
	</SOAP-ENV:Body>
</SOAP-ENV:Envelope>

Developer Guide <<

>> Retrieve Rooms API