How do I, as an application developer get authenticated access to the Flex API?
In order to use the API/s a developer must request access. Once the access is approved the developer will have access to unique application id, Application secret and a resource id. API key(s) are used when calling (invoking) the API. The API key is used to authenticate the API call. If the API is invalid, access is denied.
API key(s) :
- ApplicationId= Airline ApplicationId in Azure Active Directory.
- ApplicationSecret = application secret of the airline application in Azure Active Directory.
- Tenant = login.microsoftonline.com
- ResourceId = A GUID denoting the resource / service / application that "access to" is being requested. For the Peripheral API methods this is the CoreApp.
- AADInstance = The Azure Active Directory domain used in flexapi and The fully qualified name of AAD supporting the subscription.
Using the API Keys you will be able to generate a Bearer Token which you can then use for authentication of API requests.
What hardware set-up do I need to start testing calls to the Flex platform?
You would be provided with Suitcase with needed hardware for your testing.
What devices can I interact with through Flex?
The APC Flex service offers APIs for check-in and boarding activities,: print a bag tag, read a passport, scan a boarding pass, etc.
Current Flex provide support for Devices : ATB, BTP , DCP , LSR , OCR , MSR and BGR
What mechanism is used to authenticate against Flex (credentials, certificate etc.)?
The Microsoft OAuth2 flow is used for authentication. This requires an application id, application secret and resource id, which SITA will provide for the airlines developers, which can then be used to obtain a bearer token for the API.
The OAuth authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner and the HTTP service, or by allowing the third-party to obtain access on its own behalf. Authorization is now on all of the Peripheral API methods in the form of inclusion of the bearer token within the method header.
How do I receive unsolicited messages from the Flex platform, document scans etc?
When subscribing to a specific location, connection details to Azure Service Bus is returned. This information should be used to subscribe to the Azure Service Bus, after which unsolicited messages and other messages for the application will be delivered through here. For an example implementation, see the reference application availble for download in the Support tab.
What are the workflows/steps required to interact with the different devices? i.e. Opening/locking/reading/writing data?
- Session token needs to generated using the API Keys shared with you.
- This session token should be used to subscribe to the location, by using the subscribe API call. This will yield connection details to the service bus, to where messages for the session will be delivered.
- The specific device that one wants to interact with can now be reserved, by using the reserve API call. Output operations to the device (e.g. prints) are now possible.
- If the device is an input device, it will need to be enabled. Only one session can enable a device at a time, and only the session which has enabled will receive messages (e.g. scans) from the device.
Are there any specific requirements/recommendations for multiple client applications interacting with and sharing the same devices?
There will be only one session at given instance and thereby application, will be able to use an input device at a time. When usage of a device is finished, the device should therefore be released as soon as possible, as this allows another session to reserve and thereby use the device.
How is the data for printing encoded, what formats are used?
The API supports printing any document. Boarding Pass, Bag tag, and Boarding Receipt can be printed. Supported types include: Document and BoardingPass.
Supported Payload types in Base64 format include pdf, svg, and text.