- Over 99% of our API traffic now uses Token-based Authentication
- Once you’ve completed your migration, your connection with our platform exchanges traveller data more securely
- Go to your Provider Portal homepage to check whether you’ve reached 100% migration to the new method
How the new method improves the way you call
More than 98% of our providers have switched to Token-based Authentication since its introduction in October 2024, and more than 99% of API calls by machine accounts are now authenticated using this method. Unlike the Basic method, which relies on static credentials, the new method uses time‑limited dynamic tokens that significantly reduce the risk of credential misuse. It also helps create a more secure environment for your properties to exchange traveller data with us.
This method has also reduced the volume of redundant calls to our servers and significantly reduced authentication errors (401s) caused by invalid credentials.
How to check that your migration is complete
To keep your connection to our APIs running smoothly and avoid disruptions to property operations, providers need to migrate all existing machine accounts to the new Token-based Authentication method so that 100% of API calls are made using the new machine accounts.
To confirm you’ve reached 100% migration, follow the steps below:
- Log in to the Connectivity provider portal and check your migration status via the homepage.
- If you’ve reached 100% migration, a ‘Congratulations!’ banner will appear. You don’t need to do anything else.
3. If you haven’t yet reached 100% migration, there’ll be an alert banner explaining what’s left to do. To complete your migration, follow these steps:
- Go to the Basic Machine Accounts page.
- Check which Basic machine accounts are still making calls.
3. Deep-dive into the machine account details to see which services are making these calls.
4. If these services have already been migrated to new accounts, make sure the header is updated to the Token-based Authentication method and that the Basic method credentials are removed from the request body.
5. If the services are not migrated, migrate them to the new accounts.
6. Once you’ve reached 100% migration, deactivate the old machine accounts.
If you have any questions or concerns, you can raise a ticket with our Connectivity Support team.
Other useful links:
- 3 simple steps to migrate to the Token-based Authentication method
- Authentication: how to authenticate your identity while calling the Tripeden.com Connectivity APIs
- The ‘Postman’ collection download (for testing)
- Managing your Token-based Authentication machine accounts
- FAQs about migrating to Token-based Authentication