{"activeVersionTag":"latest","latestAvailableVersionTag":"latest","collection":{"info":{"_postman_id":"aeb0fdbe-a4bb-4512-bc1b-e501ace4a8d6","name":"Booking API Documentation","description":"# Overview\n\nThis API provides a comprehensive interface for third-party applications to interact with our internal booking system. It enables seamless integration, allowing external systems to retrieve product (ticket) information, initiate booking requests, and manage booking data.\n\n## Base URL\n\n**All API endpoints are relative to the following base URL:**\n\n``` html\nhttps://dev-api.habitat.id/dev\n\n ```\n\nThe base URL provides a foundation for all API requests. By separating the static portion of the URL from the dynamic endpoint, we improve the modularity and maintainability of the API. This also allows for easier updates to the base URL in the future.\n\n**Example:**\n\nTo create a booking, you would send a POST request to the following URL:\n\n``` html\nhttps://dev-api.habitat.id/dev/booking\n\n ```\n\n**Note:**\n\n- Replace `https://dev-api.habitat.id/dev` with the appropriate base URL for your environment.\n \n- The base URL is subject to change. Please refer to the latest documentation for the most up-to-date information.\n \n\nDengan menambahkan section ini, Anda memberikan panduan yang jelas kepada pengguna API tentang bagaimana mengakses endpoint yang berbeda dan membantu mereka memahami struktur API secara keseluruhan.\n\n---\n\n## Authentication\n\n**Authentication Mechanism:**\n\nWe've implemented a token-based authentication system where the token is generated by the third-party application. This system relies on two primary parameters: `app_name` and `app_key`.\n\n- **`app_name`****:** This parameter uniquely identifies the third-party application. Each application registered with our system is assigned a distinct `app_name`, serving as a form of user identification.\n \n- **`app_key`****:** The `app_key` is a secret key associated with the `app_name`. It acts as a password or credential, used to verify the authenticity of the `app_name` during each API request.\n \n\n**Authentication Process:**\n\n1. **Third-party Application Generation:**\n \n 1. The third-party application generates a token using their unique `app_name` and `app_key`.\n \n 2. This token is typically included in the request header for each API call.\n \n2. **Server-Side Validation:**\n \n 1. Upon receiving a request, our server extracts the `app_name` and token from the request header.\n \n 2. The server then:\n \n 1. Verifies the existence of the specified `app_name` in its registered applications.\n \n 2. Uses a secure hashing algorithm to generate a hash of the `app_name` and `app_key`.\n \n 3. Compares the generated hash with the hash stored in our system.\n \n\n**Benefits of this approach:**\n\n- **Security:** The use of `app_key` as a secret ensures that only authorized applications can access the API.\n \n- **Scalability:** The system can easily accommodate a large number of third-party applications.\n \n- **Flexibility:** The token-based approach allows for easy integration with various client-side technologies.\n \n\n**Additional Considerations:**\n\n- **Token Expiration:** To enhance security, consider implementing a token expiration mechanism, requiring third-party applications to regenerate tokens periodically.\n \n- **Token Revocation:** Provide a mechanism to revoke tokens in case of security breaches or unauthorized access.\n \n- **Token Storage:** Store `app_keys` securely using strong encryption and avoid storing them in plain text.\n \n\nExample Request Header:\n\n`token:`\n\nBy following this authentication mechanism, we ensure that only authorized third-party applications can interact with our booking system, safeguarding our data and services.\n\n### Authentication error response\n\nWhen a request fails to authenticate, the server should return an appropriate error response. This typically includes:\n\n- **HTTP Status Code:**\n \n - **401 Unauthorized:** This indicates that the client must authenticate itself to get the requested response.\n \n - **403 Forbidden:** This means that even if the client is authenticated, they do not have the necessary permissions to access the resource.\n \n- **Error Message:**\n \n - A clear and concise message describing the reason for the authentication failure. For example:\n \n - \"Invalid app_name or app_key.\"\n \n - \"Token has expired.\"\n \n - \"Authentication required.\"\n \n- **Additional Details:**\n \n - Depending on the specific error, you may include additional details such as:\n \n - The timestamp of the error.\n \n - The specific endpoint that was requested.\n \n - The client's IP address.\n \n\n---\n\n> copyright © WIT.ID 2024","schema":"https://schema.getpostman.com/json/collection/v2.0.0/collection.json","isPublicCollection":false,"owner":"19659454","collectionId":"aeb0fdbe-a4bb-4512-bc1b-e501ace4a8d6","publishedId":"2sAXqneQ79","public":true,"publicUrl":"https://api-docs.wit.id","privateUrl":"https://go.postman.co/documentation/19659454-aeb0fdbe-a4bb-4512-bc1b-e501ace4a8d6","customColor":{"top-bar":"C42A0A","right-sidebar":"303030","highlight":"C42A0A"},"documentationLayout":"classic-single-column","customisation":{"metaTags":[{"name":"description","value":""},{"name":"title","value":""}],"appearance":{"default":"dark","themes":[{"name":"dark","logo":null,"colors":{"top-bar":"C42A0A","right-sidebar":"303030","highlight":"C42A0A"}},{"name":"light","logo":null,"colors":{"top-bar":"C42A0A","right-sidebar":"303030","highlight":"C42A0A"}}]}},"version":"8.10.1","publishDate":"2024-09-13T08:42:43.000Z","activeVersionTag":"latest","documentationTheme":"light","metaTags":{"title":"","description":""},"logos":{"logoLight":null,"logoDark":null}},"statusCode":200},"environments":[],"user":{"authenticated":false,"permissions":{"publish":false}},"run":{"button":{"js":"https://run.pstmn.io/button.js","css":"https://run.pstmn.io/button.css"}},"web":"https://www.getpostman.com/","team":{"logo":"https://res.cloudinary.com/postman/image/upload/t_team_logo_pubdoc/v1/team/768118b36f06c94b0306958b980558e6915839447e859fe16906e29d683976f0","favicon":"https://wit.id/favicon.ico"},"isEnvFetchError":false,"languages":"[{\"key\":\"csharp\",\"label\":\"C#\",\"variant\":\"HttpClient\"},{\"key\":\"csharp\",\"label\":\"C#\",\"variant\":\"RestSharp\"},{\"key\":\"curl\",\"label\":\"cURL\",\"variant\":\"cURL\"},{\"key\":\"dart\",\"label\":\"Dart\",\"variant\":\"http\"},{\"key\":\"go\",\"label\":\"Go\",\"variant\":\"Native\"},{\"key\":\"http\",\"label\":\"HTTP\",\"variant\":\"HTTP\"},{\"key\":\"java\",\"label\":\"Java\",\"variant\":\"OkHttp\"},{\"key\":\"java\",\"label\":\"Java\",\"variant\":\"Unirest\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"Fetch\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"jQuery\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"XHR\"},{\"key\":\"c\",\"label\":\"C\",\"variant\":\"libcurl\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Axios\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Native\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Request\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Unirest\"},{\"key\":\"objective-c\",\"label\":\"Objective-C\",\"variant\":\"NSURLSession\"},{\"key\":\"ocaml\",\"label\":\"OCaml\",\"variant\":\"Cohttp\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"cURL\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"Guzzle\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"HTTP_Request2\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"pecl_http\"},{\"key\":\"powershell\",\"label\":\"PowerShell\",\"variant\":\"RestMethod\"},{\"key\":\"python\",\"label\":\"Python\",\"variant\":\"http.client\"},{\"key\":\"python\",\"label\":\"Python\",\"variant\":\"Requests\"},{\"key\":\"r\",\"label\":\"R\",\"variant\":\"httr\"},{\"key\":\"r\",\"label\":\"R\",\"variant\":\"RCurl\"},{\"key\":\"ruby\",\"label\":\"Ruby\",\"variant\":\"Net::HTTP\"},{\"key\":\"shell\",\"label\":\"Shell\",\"variant\":\"Httpie\"},{\"key\":\"shell\",\"label\":\"Shell\",\"variant\":\"wget\"},{\"key\":\"swift\",\"label\":\"Swift\",\"variant\":\"URLSession\"}]","languageSettings":[{"key":"csharp","label":"C#","variant":"HttpClient"},{"key":"csharp","label":"C#","variant":"RestSharp"},{"key":"curl","label":"cURL","variant":"cURL"},{"key":"dart","label":"Dart","variant":"http"},{"key":"go","label":"Go","variant":"Native"},{"key":"http","label":"HTTP","variant":"HTTP"},{"key":"java","label":"Java","variant":"OkHttp"},{"key":"java","label":"Java","variant":"Unirest"},{"key":"javascript","label":"JavaScript","variant":"Fetch"},{"key":"javascript","label":"JavaScript","variant":"jQuery"},{"key":"javascript","label":"JavaScript","variant":"XHR"},{"key":"c","label":"C","variant":"libcurl"},{"key":"nodejs","label":"NodeJs","variant":"Axios"},{"key":"nodejs","label":"NodeJs","variant":"Native"},{"key":"nodejs","label":"NodeJs","variant":"Request"},{"key":"nodejs","label":"NodeJs","variant":"Unirest"},{"key":"objective-c","label":"Objective-C","variant":"NSURLSession"},{"key":"ocaml","label":"OCaml","variant":"Cohttp"},{"key":"php","label":"PHP","variant":"cURL"},{"key":"php","label":"PHP","variant":"Guzzle"},{"key":"php","label":"PHP","variant":"HTTP_Request2"},{"key":"php","label":"PHP","variant":"pecl_http"},{"key":"powershell","label":"PowerShell","variant":"RestMethod"},{"key":"python","label":"Python","variant":"http.client"},{"key":"python","label":"Python","variant":"Requests"},{"key":"r","label":"R","variant":"httr"},{"key":"r","label":"R","variant":"RCurl"},{"key":"ruby","label":"Ruby","variant":"Net::HTTP"},{"key":"shell","label":"Shell","variant":"Httpie"},{"key":"shell","label":"Shell","variant":"wget"},{"key":"swift","label":"Swift","variant":"URLSession"}],"languageOptions":[{"label":"C# - HttpClient","value":"csharp - HttpClient - C#"},{"label":"C# - RestSharp","value":"csharp - RestSharp - C#"},{"label":"cURL - cURL","value":"curl - cURL - cURL"},{"label":"Dart - http","value":"dart - http - Dart"},{"label":"Go - Native","value":"go - Native - Go"},{"label":"HTTP - HTTP","value":"http - HTTP - HTTP"},{"label":"Java - OkHttp","value":"java - OkHttp - Java"},{"label":"Java - Unirest","value":"java - Unirest - Java"},{"label":"JavaScript - Fetch","value":"javascript - Fetch - JavaScript"},{"label":"JavaScript - jQuery","value":"javascript - jQuery - JavaScript"},{"label":"JavaScript - XHR","value":"javascript - XHR - JavaScript"},{"label":"C - libcurl","value":"c - libcurl - C"},{"label":"NodeJs - Axios","value":"nodejs - Axios - NodeJs"},{"label":"NodeJs - Native","value":"nodejs - Native - NodeJs"},{"label":"NodeJs - Request","value":"nodejs - Request - NodeJs"},{"label":"NodeJs - Unirest","value":"nodejs - Unirest - NodeJs"},{"label":"Objective-C - NSURLSession","value":"objective-c - NSURLSession - Objective-C"},{"label":"OCaml - Cohttp","value":"ocaml - Cohttp - OCaml"},{"label":"PHP - cURL","value":"php - cURL - PHP"},{"label":"PHP - Guzzle","value":"php - Guzzle - PHP"},{"label":"PHP - HTTP_Request2","value":"php - HTTP_Request2 - PHP"},{"label":"PHP - pecl_http","value":"php - pecl_http - PHP"},{"label":"PowerShell - RestMethod","value":"powershell - RestMethod - PowerShell"},{"label":"Python - http.client","value":"python - http.client - Python"},{"label":"Python - Requests","value":"python - Requests - Python"},{"label":"R - httr","value":"r - httr - R"},{"label":"R - RCurl","value":"r - RCurl - R"},{"label":"Ruby - Net::HTTP","value":"ruby - Net::HTTP - Ruby"},{"label":"Shell - Httpie","value":"shell - Httpie - Shell"},{"label":"Shell - wget","value":"shell - wget - Shell"},{"label":"Swift - URLSession","value":"swift - URLSession - Swift"}],"layoutOptions":[{"value":"classic-single-column","label":"Single Column"},{"value":"classic-double-column","label":"Double Column"}],"versionOptions":[],"environmentOptions":[{"value":"0","label":"No Environment"}],"canonicalUrl":"https://api-docs.wit.id/view/metadata/2sAXqneQ79"}