Setup: Order-Level Permissions Management [STPOPM]

Guidance for Schema Version:

All

Definition of Capability

Airline

Ability to authorize order creation and servicing requests from different API consumer sources for the same OrderID

Seller

Not applicable

NOTE: System Providers will use the above definition that pertains to their customers for Capabilities Verification.

Links to EASD Implementation Guidance

Not available

NOTE: Retailing Capabilities Verification Guidance will align to the published EASD Implementation Guidance at all times. From time to time when new guidance is published this will be updated and supersede any Retailing Capabilities Verification Guidance listed below.

Retailing Capabilities Verification Guidance

Airline

Provide documentation demonstrating ability to grant authorization to shopping and/or servicing functions based on the ID of the Sender against a given OrderID. This capability should also demonstrate how authorization is managed based solely on the relationship between the Sender’s identity and the OrderID, as opposed to hard-coded authorizations at the API level. Once an API consumer is authenticated, it is up to the Order Management System to control the authorization that API consumer has against which Orders in the OMS. This allows the Airline to grant incoming servicing requests from multiple API sources (but potentially from the same Sender ID) or even to allow multiple Senders (different travel agent IDs) to interact with the same OrderID, if the authorization at the Order level in the OMS is set up to allow it (e.g. sometimes required when the booking agent, such as a consolidator, differs from the servicing agent going forward).

NOTE: For all versions prior to that listed above (generally the most recent), the verification will be based on the guidance available for that version. In the case that no guidance is available, verification will be at IATA’s discretion.