Air Canada ADO scripted login User Guide July 22, 2016
Table of contents Purpose... 3 Background... 3 ADO scripted login Solution... 3 Impact on external systems... 4 Sample script for auto sign in... 5
Purpose The purpose of this document is to describe the implementation required to be carried out by the Air Canada travel agencies for performing automated logins through an API call to the new aircanada.com website. Background Currently the Air Canada travel agencies have custom, automated scripts for their agents to sign-in to aircanada.com. This has been put in place for enhanced security and fraud prevention. The custom automated scripts perform an auto sign-in using a post method to the current Air Canada website, thereby removing the need for the ado agent to manually login to the aircanada.com website. Hence the Ado Agent logging in need not have the knowledge of the password being used to login. The custom scripting is specific to each travel agency and is not standardized. This document provides a solution to support the current auto login feature on the new web application as well. The solution has been described in more details in further sections. ADO scripted login Solution As part of the auto-login implementation, an API would be exposed to the external systems. The API would accept a prescribed set of parameters, validate the login credentials and decide on the login status. To perform an auto sign-in, the external systems would be calling the API and a POST request will need to be sent to Air Canada booking engine in a required format (as detailed below) to perform a successful login. In case of successful sign-in user would be redirected to the ADO home page and in case of failure, redirection will happen to the ADO login page with an error message. The URL for the POST action is https://book.aircanada.com/pl/aconline/en/adologinservlet, and the list of parameters are listed below: HTTP Parameter name Description Format or Specific Value(s) AGENCY_ID Travel agency ID Numeric string Length: 3 Mandatory / Default value IATA_NUMBER Travel agency s registered IATA ID Numeric string Length: 7
HTTP Parameter name Description PIN User password (case sensitive) BOOKING_AGENT BETA Booking name agent This parameter, if true, redirects the agency to the beta site after successful login. If the parameter is not set then agency will always be redirected to the live site. Format or Specific Value(s) String -It is case sensitive -It must contain between 8 and 10 characters -It must be a combination of upper and lower case letters, numbers and any of the following special characters : exclamation mark (!), at-sign (@), dollar sign ($), caret (^), asterisk (*) and underscore (_). String Length :4 Only alphanumeric characters are allowed. TRUE/FALSE Mandatory / Default value No Impact on external systems With the new implementation, the impact on the external systems would be only in terms of the new URL and the parameter names passed to aircanada.com and rest of the logic (like determining the IATA number/ Pin etc.) at their end would remain as is. The external system would also take care of the secure form submit.
Sample script for auto sign in Given below is an example code snippet that generates an HTML form and auto submits to https://book.aircanada.com/pl/aconline/en/adologinservlet with the mandatory parameters. The implementation of generating the form with the correct values and parameters will be handled by the respective agencies as today. Response.Write("<html>" & Chr(13)) Response.Write("<body>" & Chr(13) & Chr(13)) Response.Write("<form name='adologonform' id='adologonform' action='https://book.aircanada.com/pl/aconline/en/adologinservlet' method='post' >" & Chr(13)) Response.Write("<input type='hidden' name='iata_number' value='" & iatanum & "'>" & Chr(13)) Response.Write("<input type='hidden' name='agency_id' value='" & agencyid & "'>" & Chr(13)) Response.Write("<input type='hidden' name='booking_agent' value='" & bookagent & "'>" & Chr(13)) Response.Write("<input type='hidden' name='pin' value='" & pin & "'>" & Chr(13)) Response.Write("</form>" & Chr(13) & Chr(13)) ' Close the form Response.Write("<script>" & Chr(13)) ' submit the data to post to Web website Response.Write("document.ADOLogonForm.submit();" & Chr(13)) Response.Write("</script>" & Chr(13)) Response.Write("</body>" & Chr(13) & Chr(13)) Response.Write("</html>" & Chr(13))