booking.com
Booking.com exposes Demand API v3.1/v3.2 REST endpoints authenticated with `Authorization: Bearer <API key token>` plus `X-Affiliate-Id`, a Connectivity HTTP API authenticated either by a short-lived bearer JWT minted from machine-account Client ID/Secret or by legacy Basic auth machine-account credentials, and a public no-auth MCP server at `https://demandapi-mcp.booking.com/v1/mcp/8132308`.
- Demand API v3.2discovered
- Demand API v3.1discovered
- Connectivity APIsdiscovered
Sign in to the Affiliate Partner Centre as a Booking.com Managed Affiliate Partner, then generate an API key token for your API user from Partner Centre as described in Authentication and authorisation and Prerequisites. Copy the token when shown; Booking.com says it is only displayed in full once.
Become a Booking.com Managed Affiliate Partner and sign in to the Affiliate Partner Centre. In Partner Centre, locate the X-Affiliate-Id for your API user as required by Prerequisites and Authentication and authorisation. Use that value in the X-Affiliate-Id header on every Demand API request.
First create a machine account with API token authentication in the Connectivity Portal to obtain a Client ID and Client Secret. Then call POST https://connectivity-authentication.booking.com/token-based-authentication/exchange with those values, following Using the token-based authentication scheme, to receive a short-lived JWT access token. The docs say the token expires after one hour.
Create or manage a machine account in the Connectivity Portal as described in Authentication and Credential-based authentication. Use the machine account username and password, Base64-encoded as username:password, in the Authorization: Basic ... header. Booking.com notes this method is planned to sunset on 31 Dec 2025.
conventions · 0/7 published
- integrations.json——
- llms.txt✗
/llms.txt - API catalog✗
/.well-known/api-catalog - OpenAPI document✗
/api/schema/, /openapi.json, /swagger.json, /api/openapi.json, or /v1/openapi.json - MCP server card✗
/.well-known/mcp/server-card.json - OAuth protected resource✗
/.well-known/oauth-protected-resource - Agent card✗
/.well-known/agent-card.json - Agent skills✗
/.well-known/agent-skills/index.json
Publish these signals → /publishing