Authentication method#

Amadeus Discover Consumer API utilizes OAuth2 for secure and reliable authentication.

This section provides a detailed guide on obtaining and refreshing an authentication token, which is essential for making any API queries. Users cannot perform any action on the API without being authenticated.

Once the token is received, it can be used to authenticate API queries, ensuring secure and authorized access to Amadeus Discover consumer API services. It is important to reuse the token for its entire lifetime to make API calls. Generating a new token for each API call is considered bad practice and should be avoided. Tokens have a lifetime of 15 minutes and can be refreshed as needed without any maximum number of refreshes. Refreshing a token is preferable to generating a new one, as it reduces overhead and improves efficiency.

Step 1 – Authentication and Token generation#

Depending on your use case, you can authenticate using either Password Grant or Client Credentials Grant.

1. Client Credentials Grant (Machine-to-Machine Authentication):

Our API employs the Client Credential Grant Type, which is designed to ensure secure access and usage. This grant type is specifically tailored for server-to-server interactions, where user interaction is not required. By utilizing this method, our API can authenticate and authorize requests in a secure manner, ensuring that only trusted clients can access the API. To implement this, you will need to use a middleware that handles the authentication process. The middleware will manage the client credentials and obtain the necessary access tokens, thereby facilitating a seamless and secure integration with our API. This approach not only enhances the security of your API interactions but also simplifies the process of obtaining and managing access tokens.

Request example using cURL:

curl -X POST "https://api-sandbox-consumer.amadeus-discover.com/auth/realms/amadeus-discover/protocol/openid-connect/token" \
--data-urlencode "grant_type=client_credentials" \
--data-urlencode "client_id={YOUR_CLIENT_ID}" \
--data-urlencode "client_secret={YOUR_CLIENT_SECRET}"

The authentication token is contained in the “access_token“ field of the JSON response.

2. Password Grant (User Authentication) → Legacy:

This method is used when authenticating with a username and password. This authentication method is no longer proposed for new implementations.

Request example using cURL:

curl -X POST "https://api-sandbox-consumer.amadeus-discover.com/auth/realms/amadeus-discover/protocol/openid-connect/token" \
--data-urlencode "client_id=consumer-api" \
--data-urlencode "grant_type=password" \
--data-urlencode "username={YOUR_USERNAME}" \
--data-urlencode "password={YOUR_PASSWORD}"

The authentication token is contained in the “access_token” field of the JSON returned in the response.

3. Refreshing/extending a token:

curl -X POST "https://api-sandbox-consumer.amadeus-discover.com/auth/realms/amadeus-discover/protocol/openid-connect/token" \
--data-urlencode "grant_type=refresh_token" \
--data-urlencode "client_id=consumer-api" \
--data-urlencode "refresh_token={YOUR_TOKEN}"

Note

On windows (or linux), with curl, jq, tee and clip you may use an advanced command line to output the raw token to the terminal, inside a token.tmp file, and in the windows clipboard all at once, with a call like this:: curl -X POST https://api-sandbox-consumer.amadeus-discover.com/auth/realms/amadeus-discover/protocol/openid-connect/token --data-urlencode "client_id=consumer-api" --data-urlencode "grant_type=password" --data-urlencode "username=YOUR_USERNAME" --data-urlencode "password=YOUR_PASSWORD" --silent | jq -r ".access_token" | tee token.tmp && clip < token.tmp

Alternatively, if you have a high-level OpenID Connect client, you can also automatically configure this client with the OIDC Discovery URL {base_url}/auth/realms/amadeus-discover and acquire the authentication token through your client.

Step 2 – Access API with token#

Once the token has been generated, the user can perform Consumer API requests using this token.

You can use a curl like below or configure a high-level OpenID Connect client to do the call.

API request example using cURL:

curl -X GET "https://api-sandbox-consumer.amadeus-discover.com/api/consumer/products/top/10?lat=48.86&lon=2.33&radius=100" \
-H "Accept-Language: en" \
-H "Authorization: Bearer {YOUR_TOKEN}"

Test it in Postman!

Token can be directly generated through the Postman collection here: