Authentication

Accor Login manages the OpenID Connect flow and token lifecycle, simplifying your integration with Accor APIs.

Version
Status
Live
Incident
No incident

ACCESS_TOKEN VALIDATION 

If you want to validate the access_token from your backend server, you can use the jwk endpoint.

 

Request :

Type Endpoint
GET https://api.accor.com/contacts/v1.0/jwk

 

Parameters :

Headers

Value

Required
Apikey The apikey value generated when you register your application. Yes
appId The appId key value generated when you register your application. Yes

 A JWK request returns a JSON object containing a list of JWK-standard public keys to be cached

 

Example of request :

GET https://api.accor.com/contacts/v1.0/jwk

apikey: {your_apikey}

appId: {your_appId}

Example of response :

{

"keys": [{

    "kid": "AAAA5eXk4xyojNFum1kl2Ytv8dlNP4-c57dO6QGTVBwaNk",

    "kty": "RSA",

    "use": "sig",

    "alg": "RS256",

    "e": "AQAB",

    "n": "kNk1gR4QZJgNT-titvKUL3Ck7jUmcu4AOwvqUNG0gappa3qSuMSPjT_ORC2ouvD-ZoRq0KdSVdhbfHpBwiA29K_GSUla9mvKGIndLWJoKrThNWg_rv_idYCQ6Yc5aLCDjKhcFX0SupNy7hN52QHMRQjTmpAJK4nu39gbPWIQtfnxYNZXz2dOHanXd4m7yRaL…"

    }, {

    "kid": "BBBB5eXk4xyojNFum1kl2Ytv8dlNP4-c57dO6QGTVBwaNk",

    "kty": "RSA",

    "use": "sig",

    "alg": "RS256",

    "e": "AQAB",

    "n": "oBj9M7242QKr-pwmMlmSubHz3qsnp2-7uQ01kCx5SGRKU_S7ldnRFXdKhf_PemGITv1UXWuVT7nJfw_3k7hngCU4zd-Iw6kb5Tbj2yyBtxYtl5po9OTC7u33E6gz6S54f3V9ji5PWWRUnjqm7qqVTADXfw41oAyuCcWjHELEPgVofaBrE702zkEijZ9R7WBuqVP8AZG9xYiIDFdw5pltnJU3_..."

    }

    ]

}

 

ACCESS_TOKEN FORMAT

 

The token consists of three main parts separated with a . (period):

  • header - Metadata about the token and its cryptographic algorithm
  • payload - Claims about the issuer, the user and user authorization
  • signature - For verification of the integrity of the token

To decode the token, you need to do a base64url decode of each part. The decoded parts will be represented as JSON content data.

Header :

Header

Value

Required
kid Public identifier key Yes
alg RS256 Yes
typ JWT Yes

Payload :

Parameters

Value

Required
token_use Two values depending of the token: access or refresh Yes
scp List of access rights (scopes) Yes
client_id The Accor appId Yes
pmid Accor Id for customer Yes
contactid Another Accor Id for customer Yes
exp Expiration - Time when the token will expire Yes

Signature :

Parameters

Value

Required
string Token signature Yes

 

 

 

About us

We are far more than a worldwide leader. We are 300,000 hospitality experts placing people at the heart of what we do, and nurturing real passion for service and achievement beyond limits. We take care of millions of guests in our 5,000 addresses.