It is mandatory that you have either a secure certificate or a method to submit reservations through SSL with a shared certificate when booking through the API.
- All user personal and credit card data must be collected on a secure page.
- All reservations must be sent through SSL in order to protect the user's personal information and credit card details.
- This is a term of PCI compliance which we are required to pass on to all API partners handling credit card information.
- When considering your purchase for a secure certificate, you may use any provider you wish, however, you must purchase 128-bit encryption when handling credit card data.
- The certification source will provide you with instructions to set up the certificate on your server.
- We are unable to assist with this step. You must work directly with your vendor.
Any partner that does not own their own certificate or does not wish to purchase their own SSL may deep link to the affiliate template by using the deep links returned in the API results.
Any booking requests that are not received from HTTPS will fail the secure validation check.
* More about using both the API and the White Label Template as a Hybrid Site