Integration Requirements
Technical standards, security protocols, and compliance requirements that apply across all SMX API components.
This page defines the technical standards, security protocols, and operational requirements that apply across all SMX API components. These requirements ensure reliable, secure, and efficient connectivity between your application and the SiteMinder platform.
Compliance Policy
All integration partners must adhere to these requirements. Due to the growing number of partner integrations, SiteMinder can no longer accommodate exceptions.
Non-Compliance Timeline:
Partners have 90 days to remediate non-compliance issues after notification.
Failure to comply may result in interface deactivation.
Critical issues affecting production stability may result in immediate temporary suspension.
Endpoints
DNS TTL should be respected. IP addresses should not be cached indefinitely by the connecting application. Doing so will result in connection timeouts.
Response Time
Response time should not exceed 1000ms.
Content-Type
The ‘Content-Type’ for all SOAP XML messages must be application/xml; charset=utf-8.
SSL/TLS
Apps API supports TLSv1.2 and above. SiteMinder does not support self-signed SSL certificates.
Security
Encryption is provided by the transport layer via HTTPS. Each message contains a WS-Security (WSSE) UsernameToken SOAP header for authentication/authorization purposes. Each connecting Application must provide a secure web service endpoint to receive the reservation notifications.
Still have questions?
Use the Ask button at the top of the page to chat with our AI assistant — it can help you navigate the guide, understand requirements, and troubleshoot issues.
If you need more support, visit Integration Support.
Last updated
Was this helpful?