Quick Start

Everything you need to begin building with SMX API.

SiteMinder Exchange (SMX) connects your application to SiteMinder's platform and Property Management Systems (PMS) through a single, standardised integration. Through SMX, your application can receive booking data, and retrieve real-time availability and rates.

API components:

Reservations: Receive reservations, modifications, and cancellations via SOAP PUSH
Availability and Rates: Retrieve publishers, hotels, room types, rate plans, availability, and rates via REST

Explore all components in the API Overview.

Before You Begin

Partnership Required

Access to SMX requires an active partnership agreement with SiteMinder. Once your agreement is in place, you will receive your test environment details.

Become a SiteMinder Partner

You don't need to wait for your test environment to start development. You can begin building and testing immediately. See Make Your First Call below or explore requests directly in the Postman collection.

What You'll Provide to SiteMinder

Before SiteMinder can set up your test environment, provide the following:

Item

Details

Reservation SOAP endpoint

Your HTTPS endpoint URL for Reservations

Credentials

username and password for SiteMinder to authenticate against your Reservation SOAP endpoint

Hotel Code

HotelCode

What You'll Receive from SiteMinder

Once SiteMinder has received your details, we will provide:

Item

Details

Inventory REST endpoint

https://tpi-subscriberx.preprod.siteminderlabs.com/inventory/v1/

Partner Portal

Access to generate your Bearer Token for Availability and Rates

Hotel Test Account

Platform that includes pre-configured room types and rate plans, and to create, modify and cancel reservations.

Hotel Booking Engine

Guest reservation simulator.

Set Up Your Environment

Authentication

SMX uses two authentication models depending on the component:

Reservations (SOAP) — SiteMinder authenticates against your endpoint using the credentials you provide. Your endpoint must validate the wsse:UsernameToken on every incoming request:

<SOAP-ENV:Header>
  <wsse:Security SOAP-ENV:mustUnderstand="1"
    xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
    <wsse:UsernameToken>
      <wsse:Username>USERNAME</wsse:Username>
      <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">PASSWORD</wsse:Password>
    </wsse:UsernameToken>
  </wsse:Security>
</SOAP-ENV:Header>

Availability and Rates (REST) — Your application authenticates using a Bearer Token generated from the Partner Portal. Pass the token on every REST request:

--header 'Authorization: Bearer YOUR_BEARER_TOKEN'

Generate your Bearer Token from the Partner Portal. Once the dialogue box is closed, the token cannot be viewed again — copy it immediately and store it securely.

API Specification Files

REST (OpenAPI)

smx-api — download YAML

Make Your First Call

The first component every SMX integration must implement is Reservations — SiteMinder pushes reservation data to your endpoint as bookings are created, modified, or cancelled in the PMS. Your endpoint receives and processes these in real time.

SiteMinder pushes to your endpoint — it must be live and accepting incoming reservation requests before we can set up your dedicated test environment.

Prepare your endpoint

Your endpoint must accept OTA_HotelResNotifRQ SOAP requests over HTTPS. SiteMinder will send a similar request when a reservation is created:

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
  <SOAP-ENV:Header>
    <wsse:Security SOAP-ENV:mustUnderstand="1"
      xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
      <wsse:UsernameToken>
        <wsse:Username>USERNAME</wsse:Username>
        <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">PASSWORD</wsse:Password>
      </wsse:UsernameToken>
    </wsse:Security>
  </SOAP-ENV:Header>
  <SOAP-ENV:Body>
    <OTA_HotelResNotifRQ xmlns="http://www.opentravel.org/OTA/2003/05" Version="1.0" EchoToken="cdcd51f2-769a-5a1d-841c-e6204d811f5c" TimeStamp="2025-05-08T00:56:53Z">
      <HotelReservations>
        <HotelReservation ResStatus="Reserved" CreateDateTime="2025-05-08T00:53:30Z">
          <POS>
            <Source>
              <RequestorID ID="PUBLISHERCODE"/>
            </Source>
          </POS>
          <UniqueID ID="123456789"/>
          <RoomStays>
            <RoomStay>
              <TimeSpan Start="2017-09-05" End="2017-09-06"/>
            </RoomStay>
          </RoomStays>
          <ResGlobalInfo>
            <TimeSpan Start="2017-09-05" End="2017-09-06"/>
            <Total AmountAfterTax="200.00"/>
            <BasicPropertyInfo HotelCode="123456789"/>
          </ResGlobalInfo>
        </HotelReservation>
      </HotelReservations>
    </OTA_HotelResNotifRQ>
  </SOAP-ENV:Body>
</SOAP-ENV:Envelope>

Validate credentials

Your endpoint must validate the wsse:UsernameToken on every incoming request. If the credentials do not match, return the following error response:

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
  <SOAP-ENV:Body>
    <OTA_HotelResNotifRS xmlns="http://www.opentravel.org/OTA/2003/05" Version="1.0" EchoToken="cdcd51f2-769a-5a1d-841c-e6204d811f5c" TimeStamp="2025-05-08T00:56:53Z">
      <Errors>
        <Error Type="6" Code="497">Invalid Username and/or Password</e>
      </Errors>
    </OTA_HotelResNotifRS>
  </SOAP-ENV:Body>
</SOAP-ENV:Envelope>

Code 497 — Return this error when the wsse:Username and wsse:Password in the incoming request do not match your configured credentials.

Validate hotel code

Your endpoint must verify that the HotelCode in the request matches a property configured in your system. If not found, return the following error response:

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
  <SOAP-ENV:Body>
    <OTA_HotelResNotifRS xmlns="http://www.opentravel.org/OTA/2003/05" Version="1.0" EchoToken="cdcd51f2-769a-5a1d-841c-e6204d811f5c" TimeStamp="2025-05-08T00:56:53Z">
      <Errors>
        <Error Type="6" Code="392">Hotel not found for HotelCode=XXXXXX</e>
      </Errors>
    </OTA_HotelResNotifRS>
  </SOAP-ENV:Body>
</SOAP-ENV:Envelope>

Code 392 — Return this error when the HotelCode in the incoming request does not match any property configured in your system.

Return a success response

Once credentials and hotel code are validated, your endpoint must return an OTA_HotelResNotifRS success response acknowledging receipt of the reservation. Include your internal reservation ID so SiteMinder can correlate it with the original booking.

<soap-env:Envelope xmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/">
  <soap-env:Body>
    <OTA_HotelResNotifRS xmlns="http://www.opentravel.org/OTA/2003/05" Version="1.0" EchoToken="cdcd51f2-769a-5a1d-841c-e6204d811f5c" TimeStamp="2025-05-08T00:56:53Z">
      <Success/>
      <HotelReservations>
        <HotelReservation>
          <UniqueID ID="LH123456789"/>
          <ResGlobalInfo>
            <HotelReservationIDs>
              <HotelReservationID ResID_Type="10" ResID_Value="LH123456789"/>
            </HotelReservationIDs>
          </ResGlobalInfo>
        </HotelReservation>
      </HotelReservations>
    </OTA_HotelResNotifRS>
  </soap-env:Body>
</soap-env:Envelope>

You're ready for the next step. Once your endpoint handles the scenarios above, contact the Partner Integrations team with your endpoint URL, credentials, and hotel code. We'll set up your dedicated test account to continue development.

Explore with Postman

SiteMinder's SMX Postman workspace contains collections and environments to help you build, test, and validate your integration for certification. Fork the collections and environments to your own Postman account to get started.

→ SMX Postman Workspace

For full certification scenario coverage, see Testing and Certification.

Still have questions?

Use the Ask button at the top of the page to chat with our AI assistant — it can help you navigate the guide, understand requirements, and troubleshoot issues.

If you need more support, visit Integration Support.

Last updated 1 month ago

Was this helpful?

Good afternoon

hashtagBefore You Begin

hashtagPartnership Required

hashtagWhat You'll Provide to SiteMinder

hashtagWhat You'll Receive from SiteMinder

hashtagSet Up Your Environment

hashtagAuthentication

hashtagAPI Specification Files

hashtagMake Your First Call

hashtagPrepare your endpoint

hashtagValidate credentials

hashtagValidate hotel code

hashtagReturn a success response

hashtagExplore with Postman

hashtagStill have questions?

Before You Begin

Partnership Required

What You'll Provide to SiteMinder

What You'll Receive from SiteMinder

Set Up Your Environment

Authentication

API Specification Files

Make Your First Call

Prepare your endpoint

Validate credentials

Validate hotel code

Return a success response

Explore with Postman

Still have questions?