BookingSG server authentication

For our server to server authentication, we took reference from integration with APEX, and mimics their implementation. In order to make API calls to our server, your system must first generate a token using the open sourced APEX utility library which can be found in following 3 languages.

• NodeJS library

• Java library

• C# library

Note that this token generation is fully offline, the above library does not make any prior API calls to BookingSG. With the generated token, attached it in the header of the API request as such

headers: { Authorization: <generated token> }

Full Code sample for making API calls to BookingSG server

// This is a code sample making a GET request to our get-all-bookings API

import axios from 'axios';
import { ApiSigningUtil } from 'node-apex-api-security';

const baseUrl = 'https://www.stg.bookingsg.io'; // BookingSG base URL. The current value points to staging server
const path = '/bookingsg/api/v2/bookings'; // API route
const httpMethod = 'GET'; // API method
const queryParams = {}; // API query parameters

const AUTH_PREFIX = 'Molagency_l2_eg'; // Hardcoded string. Do not change this
const appId = ''; // Agency system's identifier. BookingSG will use this to identify the caller's system. This value will be passed to you after BSG receives the public key from you and did the onboarding work on BSG side.
const privateKey = ''; // PKCS8 private key generated by you
const privateKeyPassphrase = ''; // this is optional, depending on whether your private key is encrypted. If it's not encrypted, leave it as empty string

// Generate Authorization token for use in request headers
let token = ApiSigningUtil.getSignatureToken({
  AUTH_PREFIX,
  appId,
  urlPath: `${baseUrl}${path}`,
  httpMethod,
  realm: baseUrl,
  keyString: privateKey,
  passphrase: privateKeyPassphrase,
  queryString: queryParams,
});

// Making the API request
axios
  .get(`${baseUrl}${path}`, {
    headers: {
      Authorization: token, // attach the generated token in the headers
    },
  })
  .then((res) => {
    console.log('Status Code:', res.status);
    console.log(res.data);
  })
  .catch((err) => {
    console.log('Error: ', err.message);
    console.log('Error: ', err.response.data);
  });