api-keyheader for OTA flow APIs (/search,/quote,/book,/cancel,/v1/content/accommodations)Authorization: Bearer <partner_jwt>for partner management APIs
1) API Key Authentication
Used by:POST /api/searchPOST /api/search/tgxPOST /api/quotePOST /api/bookPOST /api/cancelPOST /api/v1/content/accommodations
- API key must exist in
partner_api_keys - API key must map to a valid partner
- Backend injects that partner into request context
2) Partner JWT Authentication
Login endpoint:passwordmust be MD5 string whenaccountType = "email"accountType = "phone"is currently not supported and returns400