1. Authenticate

The first request authenticates your certificate with the Trip Kit service.

Trip Kit uses an x509 certificate to authenticate, using OAuth2 with implicit flow. The internal certificate authority at your company issues the x509 certificate. Jeppesen gives your company a DigiCert certificate authority (CA) for two-way SSL. Your company imports the DigiCert CA, which issues the authentication server certificate, into the trust store.

For more information about authentication, see the OAuth 2.0 Authentication Framework.

Service name Authenticate to the Trip Kit service
Address format POST

Evaluation: https://fedproxyclientauthn.uat.fedp.digitalaviationservices.com:443/ as/authorization.oauth2

Production: https://fedproxyclientauthn.fedp.digitalaviationservices.com:443/ as/authorization.oauth2
Parameters company_code

Parameter type: Path

During onboarding, Jeppesen provides this parameter, which is unique to airlines.

Supported HTTP method POST
POST request The request must include the following HTTP headers:
  • Content-Type: Identification of the content, for example, application/x-www-form-urlencoded
  • User-Agent: Identification of the software acting for the user, for example, company-product/1.0

For the details that are required in this request, see POST request details.
POST response The response code is in HTTP 302. This response includes this HTTP header:

Content-Type: application/json

For the details, see POST response details.

POST request details

The body of the POST request contains the following parameters:
Parameter Description Type
client_id Your company client ID, which Jeppesen provides during onboarding. String
scope Determines the authorization for an OAuth token. The Trip Kit as a Service API supports two scopes:
  • For requesting a Trip Kit API: https://tripkit-api.jeppesen.com/create
  • For getting the Trip Kit API: https://tripkit-api.jeppesen.com/download
String
response_type The type of response. This must be set to token. String
state (optional) Used by the client to maintain state between the OAuth token request and the response. The authorization server includes this value with the response to the client. Use this parameter to avoid a cross-site request forgery attack. Before further processing, make sure that the state in the request matches the value in the response. String

This example shows the HTTP POST method, where public_key_cert.pem is your public key and private_key.key is your private one.

 curl -v -E
public_key_cert_pem --key private_key.key -d "scope"
https://tripkit.api.jeppesen.com/create
https://tripkit.api.jeppesen.com/download&client_id=atlantisclient&response_type=token&state=myrandomstate
https://fedproxy-clientauthn.fedp.digitalaviationservices.com:443/as/

POST response details

The authentication server returns one of several HTTP 302 response codes:
  • If the client certificate and all parameters are valid, the authentication server generates an access token and returns it in the location header of the response. The location header is a URL, which contains the response information in the following format:

    https://donotuse.tripkit-test.jeppesen.com/#access_token= {ACCESS_TOKEN}&state={STATE}&token_type=Bearer&expires_in={EXPIRE_IN}

    Parameter Description Type
    access_token The returned access token to be used in the Request Trip Kit API and in the Get Trip Kit API. String
    state The state value in the request body. Make sure that the return value matches the request value. String
    token_type The type of token. The value is always Bearer. String
    expires_in The period during which the token is valid. After this period, the token expires and a new token is requested.

    The value is 899 seconds (15 minutes).

    		 String
  • If an invalid client certificate is provided, this error message is returned in the location header of the response:

    https://do-not-use.tripkit-test.jeppesen.com#error_description=clientID+not+authorized%26state=myrandomstate%26error=access_denied

  • If the scope parameter is not provided or is empty, the authorization server still returns a token. However, you are not able to use this token to access the Request Trip Kit and Download Trip Kit APIs.
  • If an invalid scope parameter is provided, this error message is returned in the location header of the response:

    https://do-not-use.tripkit-test.jeppesen.com#error_description=The+requested+scope%28s%29+must+be+blank+or+a+subset+of+the+provided+scopes.&state=myrandomstate&error=invalid_scope

  • If the response_code parameter is not provided, this error message is returned the location header of the response:

    https://do-not-use.tripkit-test.jeppesen.com?error_description=response_type+is+required.&state=myrandomstate&error=invalid_request#

  • If an invalid response_code parameter is provided, this error message is returned in the location header of the response:

    https://do-not-use.tripkit-test.jeppesen.com?state=testing+tripkit+test5+&error=unsupported_response_type#