References¶
Webhook Registration¶
Register your webhook endpoint configuration with Booking.com.
Note
Authenticate using your Booking.com OAuth credentials. See Authentication for details.
Rate limit
This endpoint is limited to 1 request per 10 minutes per supplier. Exceeding this limit will return HTTP 429.
Request¶
| Field | Type | Description | Required |
|---|---|---|---|
| endpoint | String | Base URL of your webhook endpoint (must be HTTPS). | Yes |
| timeoutInSeconds | Integer | Timeout for requests to your endpoint (1-60 seconds). | Yes |
| authenticationType | String | Type of authentication. Currently only OAUTH is supported. |
Yes |
| secret | String | Your OAuth client secret. Minimum length: 8 characters. | Yes |
| clientId | String | Your OAuth client ID. | Yes (required when authenticationType is OAUTH) |
Sample Request¶
{
"endpoint": "https://www.your-api.com/",
"timeoutInSeconds": 10,
"authenticationType": "OAUTH",
"secret": "your-client-secret",
"clientId": "your-client-id"
}
Response¶
HTTP 204 - No Content¶
HTTP 400 - Bad Request¶
{
"errorCode": "6f165af4-56e1-493f-a651-145c65fa4ed7",
"errorMessage": "Client ID is required when authentication type is OAUTH"
}
HTTP 429 - Too Many Requests¶
{
"message": "Rate limit exceeded",
"description": "You have exceeded your allocated limit for requests on this endpoint, please wait before calling it again"
}
Webhook Deletion¶
Delete your webhook registration.
Warning
Deleting your registration stops search requests from being sent to your endpoint. The change takes effect within up to 1 hour as the system cache refreshes.
Rate limit
This endpoint shares the same rate limit as registration: 1 request per 10 minutes per supplier.
Response¶
HTTP 204 - No Content¶
HTTP 404 - Not Found¶
{
"errorCode": "2da334fa-fbc4-7192-8f5e-79286f115810",
"errorMessage": "Secret configuration not found"
}
HTTP 429 - Too Many Requests¶
Timing & propagation¶
| Action | When it takes effect |
|---|---|
| Register new endpoint | Searches start within up to 1 hour |
| Update existing endpoint (re-register) | New endpoint receives searches within up to 1 hour |
| Update credentials (old OAuth token endpoint returns 401) | New credentials loaded on next search attempt |
| Delete registration | Searches stop within up to 1 hour |
| Re-register after deletion | Subject to 10-minute rate limit, then up to 1 hour for searches to begin |
Note
The 1-hour propagation time is due to internal configuration caching. The only scenario that triggers an earlier config reload is when your OAuth token endpoint returns HTTP 401 Unauthorized — this causes the system to re-read your latest configuration from the registration store and retry. Other errors (timeouts, 500s, connection failures) do not trigger a reload.
Further reading¶
- How can I register my webhook? — Registration FAQ