First steps#

Access API environments#

We offer different environments for different purposes :

PRODUCTION : The production API is located at base url: https://api.amadeus-discover.com/admin/
SANDBOX-CONSUMER : The ‘new’ sandbox for consumer API is located at base url: https://api-sandbox-consumer.amadeus-discover.com/admin/

Each of these urls will point you to a swagger UI interface offering you the list of our endpoints and the input / output formatting they each require.

Note

Before going to production, your tests should be done in the sandbox environment according to the credentials you have been given
In this documentation {base_url} will refer to the targeted environment. (ex use : {base_url} = https://api.amadeus-discover.com if you want to target production environment)

In order to access our endpoints you will need to generate a token for a specific environment, and pass it in the header of each REST API query.

Token Generation#

Users cannot perform any action on the API without being authenticated and authorized. Therefore, any Consumer API user must be authenticated by creating an application token through an OAuth2 flow. Once the token has been received, the user can perform some API requests. Access tokens allow third party application to make API requests on behalf of a user with the right permissions.

This section describes how to get a token, then use it into Consumer API requests. All examples are reproducible using our Swagger environment or any API development related tool.

Step 1 – Authentication and Token generation#

The user must send a POST request to :

{{base_url}}/auth/realms/amadeus-discover-backoffice/protocol/openid-connect/token

by passing an HTTP form (application/x -www-form-urlencoded) containing the following fields:

client_id: the name of the API concerned by the requests (consumer-api)
grant_type: the string “password”
username: the login (email)
password: the account password

API request example using cURL (example targeting production env):

curl -X POST https://api.amadeus-discover.com/admin/auth/realms/amadeus-discover/protocol/openid-connect/token -H "Content-Type: application/x-www-form-urlencoded" --data-urlencode "client_id=consumer-api" --data-urlencode "grant_type=password" --data-urlencode "username=YOUR_EMAIL@mail.com" --data-urlencode "password=YOUR_PASSWORD"

The authentication token is contained in the “access_token” field of the JSON returned in the response.

Alternatively, if you have a high-level OpenID Connect client, you can also automatically configure this client with the OIDC Discovery URL {base_url}/auth/realms/amadeus-discover and acquire the authentication token through your client.

Step 2 - Access API with token#

Since the token has been generated, users can perform Consumer API requests using this token. To use inside Swagger, just click on “authorize”:

Then copy paste the token on the “value” field (cf. image) and click on the “authorize” button:

swagger authentication flow : authorize 2nd

Note

Token lifespan is 300 seconds. In case the token has expired, this authentication process will need to be reinitiated to get access to the API.
A token is specifically linked to its environment (i.e production token -> production API)