Skip to main content

Authentication

  • Customer

Accor Login manages the OpenID Connect flow and token lifecycle, simplifying your integration with Accor APIs.

Version
Status
Live
Incident
No incident

OVERVIEW

Implicit flow is deprecated

The Implicit flow (Legacy) is required for Apps and Websites that have no backend logic on the web server, and everything that is passed between the App or the  Website and Accor Hub Authent can be viewed using browser development tools.

In order to Authenticate your User via the Implicit Flow, you just have to follow 2 steps:

  1. Redirect your User to the Accor Login page
  2. Your User is redirected back to your Callback url

 

image

 

STEP 1: REDIRECT YOUR USER TO THE ACCOR LOGIN PAGE

 

You have to redirect your User’s browser to the Accor Login page.

Then, once redirected :

  • if the user is authenticated, you're done.
  • if the user is not yet authenticated, the member is presented with Accor’s authentication page.

Request:

Type Endpoint
GET https://login.accor.com/as/authorization.oauth2

Parameters:

Name

Value

Required

response_type The value of this field should always be token Yes
client_id The appId key value generated when you register your application. Yes
redirect_uri The URL your users are sent back to after authorization. Yes
scope URL-encoded, space-delimited list of member permissions your application is requesting on behalf of the user. Yes
prompt Used to display the authentication page (empty) or not (none). Use prompt=none when the user is already authenticated on another website (e.g. all.accor) No
ui_locales Language code (2 digits) No
persistent Should be yes for activating the “remember me” checkbox No

Example of Request:

GET https://login.accor.com/as/authorization.oauth2?response_type=token&client_id={your_client_id}&redirect_uri=https://yourdomain/callback&scope={list_of_scopes}

Accor login page:

Accor login page

 

STEP2: YOUR USER IS REDIRECTED TO YOUR CALLBACK URL

 

After your User is signed in on Accor, he will be redirected automatically to your callback URL with the access_token, that you sent in your request.

Request:

Type Endpoint
GET https://yoursite/Callback_URL

Parameters:

Name

Value

Required

access_token The access token for the application Yes, if authenticated
token_type Value: Bearer Yes
expire_in The number of seconds remaining until the token expires. Currently, all access tokens are issued with a 30 minutes lifespan Yes

Example of Request:

 

About us

We are far more than a worldwide leader. We are 300,000 hospitality experts placing people at the heart of what we do, and nurturing real passion for service and achievement beyond limits. We take care of millions of guests in our 5,000 addresses.