B

booking.com

3 integrations · REST

Booking.com exposes Demand API v3.1/v3.2 REST endpoints authenticated with `Authorization: Bearer <API key token>` plus `X-Affiliate-Id`, a Connectivity HTTP API authenticated either by a short-lived bearer JWT minted from machine-account Client ID/Secret or by legacy Basic auth machine-account credentials, and a public no-auth MCP server at `https://demandapi-mcp.booking.com/v1/mcp/8132308`.

discovered 1d ago
REST · OpenAPI3
Credentials
Demand API key tokenbearerGet token

Sign in to the Affiliate Partner Centre as a Booking.com Managed Affiliate Partner, then generate an API key token for your API user from Partner Centre as described in Authentication and authorisation and Prerequisites. Copy the token when shown; Booking.com says it is only displayed in full once.

Demand API affiliate IDapi_keyGet key

Become a Booking.com Managed Affiliate Partner and sign in to the Affiliate Partner Centre. In Partner Centre, locate the X-Affiliate-Id for your API user as required by Prerequisites and Authentication and authorisation. Use that value in the X-Affiliate-Id header on every Demand API request.

Connectivity API access tokenjwtGet key

First create a machine account with API token authentication in the Connectivity Portal to obtain a Client ID and Client Secret. Then call POST https://connectivity-authentication.booking.com/token-based-authentication/exchange with those values, following Using the token-based authentication scheme, to receive a short-lived JWT access token. The docs say the token expires after one hour.

Connectivity machine account username and passwordbasicGet credentials

Create or manage a machine account in the Connectivity Portal as described in Authentication and Credential-based authentication. Use the machine account username and password, Base64-encoded as username:password, in the Authorization: Basic ... header. Booking.com notes this method is planned to sunset on 31 Dec 2025.

conventions · 0/7 published

Publish these signals → /publishing