Help us improve the Developer Guide! Share your feedback using the “Was this helpful?” option on the right of each page.

Integration Requirements

Understand the technical and operational requirements for using the SiteConnect API, including performance standards.

Guidelines

As outlined in the API Services Terms of Use Agreement, these guidelines ensure the efficient and proper use of the SiteConnect API.

All OTAs that integrate with SiteMinder must adhere to the following requirements. OTAs with existing integrations may need to update their setup to comply. Due to the growing number of OTA installations, SiteMinder can no longer accommodate exceptions.

Open Travel Alliance (OTA)

The SiteMinder Web Service is based on the Open Travel Alliance (OTA) specifications for version 2010A. Although this document attempts to be technically comprehensive it is expected that the connecting system’s developers be familiar with the OTA specifications found here: http://www.opentravel.org.

Security

SSL/TLS

SiteMinder supports TLSv1.1 and above. The production URI must use HTTPS. SiteMinder does not support self-signed SSL certificates.

Encryption should be provided by the transport layer via HTTPS. Each message contains a WS-Security (WSSE) UsernameToken SOAP header for authentication/authorisation purposes.

Strong Password Policy

Passwords must be at least 8 characters long and should include a mix of uppercase and lowercase letters, numbers, and at least one special character (e.g., ! @ # ? ]).

Application General

SOAP Message

All communication between SiteMinder and the Booking Channel must use SOAP messages transmitted over secure HTTP (HTTPS). These messages include a SOAP Security header for authentication and a SOAP Body containing the OTA message. The communication operates through synchronous request/response pairs, where each message is considered atomic—processed entirely or not at all by the Web Service.

Content-Type

All SOAP XML requests to SiteMinder must have a Content-Type of 'text/xml; charset=utf-8'. Other Content-Types will not be accepted.

Endpoints

Partners should provide a single URI endpoint for all messages. If not possible, SiteMinder can handle up to two URIs (one for the Rooms and Rates and one for the Availability, Restrictions and Rate PUSH).

Error Handling

Your application must include robust error handling, with a queuing mechanism and a reliable retry strategy. Refer to the Error Handling documentation for more details.

HotelCode

The HotelCode is a unique identifier provided by the booking channel, and it must be unique for each property per channel.

Reservation Regions

SiteMinder supports two regions for reservation delivery: APAC (Asia Pacific) and EMEA/AMERS (Europe, Africa, Middle East & Americas). Your connection should be capable of sending reservations to different endpoints.


API General

EchoTokens

EchoTokens are crucial for all requests made over SiteMinder. Each EchoToken must be unique per request to ensure that every request can be individually identified for troubleshooting in both testing and production environments. Every request from SiteMinder will include an EchoToken, and the Booking Channel's response must include the same EchoToken as received.

TimeStamp

The TimeStamp format must follow ISO 8601 Date and Time standards. There are two ways to handle time zone offsets:

  • UTC time is indicated by a "Z" at the end (e.g., 2021-11-05T13:15:30Z for UTC time).

  • Local time includes a time zone offset (e.g., 2021-11-05T08:15:30-05:00 for US Eastern Standard Time, which is 5 hours behind UTC).

Line Spacing

All SOAP XML requests to SiteMinder must be minified, containing no line spacing or newline characters. Keeping the XML on a single line helps our support teams extract messages from logs more efficiently.

<SOAP-ENV:Envelope	xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Body xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><OTA_HotelAvailRS xmlns="http://www.opentravel.org/OTA/2003/05" EchoToken="ed8835ff-6198-4f38-b589-3058397f677c" TimeStamp="2024-07-06T15:27:41+00:00" Version="1.0"><Success/><RoomStays><RoomStay><RoomTypes><RoomType RoomTypeCode="SGL"><RoomDescription Name="Single Room"><Text>Single bed for single occupancy.</Text></RoomDescription><Occupancy AgeQualifyingCode="10" MaxOccupancy="2"/></RoomType></RoomTypes><RatePlans><RatePlan RatePlanCode="BAR"><RatePlanDescription Name="Best Available Rate"><Text>Best Available Rate.</Text></RatePlanDescription></RatePlan></RatePlans></RoomStay></RoomStays></OTA_HotelAvailRS></SOAP-ENV:Body></SOAP-ENV:Envelope>

Best Practices

Response Time Expectations

Endpoints should aim to respond within 1-2 seconds on average, with sub-1-second response times being ideal. When processing Availability, Restrictions, and Rates messages, the endpoint must respond with either a 'Success' or 'Error' message promptly. SiteMinder enforces a 20-second timeout for update requests, but this is a failsafe. Consistent timeouts or prolonged response times should not occur frequently or persistently.

Performance Testing and Scalability

Conduct thorough performance testing on production servers and endpoints to ensure they can scale with the number of hotels connected in production. SiteMinder may push large amounts of data, such as up to 750 days' worth of Availability, Restrictions, and Rates, within a short period. This data load can be significant, especially when multiple properties go live simultaneously or push large updates. Additionally, SiteMinder operates on a set update period, meaning the connection must always be able to accept updates for the agreed period (e.g., up to 365 days from the current day) at all times.

Timezone Considerations

Ensure hotels are informed about any necessary timezone settings within the Booking Channel extranet. SiteMinder pushes Availability, Restrictions, and Rates based on the hotel's local timezone as configured in the Channel Manager, with server timestamps set to GMT for EMEA and AEST/AEDT for APAC. Consider these timezone settings when accepting Availability, Restrictions, and Rates push updates to avoid conflicts during message processing.

Last updated

Was this helpful?