OAuth 2.0 for Webhooks¶
What does it do?¶
OAuth 2.0 is the industry standard protocol for authorization.
Why use it?¶
As our webhook payloads contain private data, communication between the Booking.com Taxi Public API and our supply partner APIs must be secure. Without building an OAuth 2.0 authentication implementation in your API, you won’t be able to consume our webhooks.
How does it work?¶
You’ll need to build the OAuth 2.0 client credentials flow in your API and provide us with a client ID and client secret that we can exchange via your API for an access token. We’ll then use the access token in the “Authorization” header for subsequent requests.
| Credential | Description | Example |
|---|---|---|
| Client ID | The client ID is considered public information. Even though it’s public, it shouldn't be guessable by third parties. | f2a1ed52710d4533bde25be6da03b6e3 |
| Client Secret | The client secret must be kept private and is sufficiently random to not be guessable. | d0110942d4d23a1d66c4ed95505e16257c5adb5174e4ac21e0bd008f8e657435 |
Note
The Search Webhook will authenticate for every request - it is recommended to bear this in mind before setting up any rate limiting logic.