Booking Engine Configuration
Connect your company to travel suppliers via OAuth integration
Booking Engine Configuration
The booking engine configuration connects your company to external travel suppliers, enabling flight and hotel searches, bookings, and reservations.
Overview
Rahal integrates with travel content providers via OAuth 2.0. Each company can have its own booking engine credentials, allowing:
- Custom Supplier Access — Connect to specific travel suppliers
- Isolated Credentials — Each company's API access is separate
- Configurable Scopes — Control which features are accessible
Configuration Fields
| Field | Required | Description |
|---|---|---|
| Client ID | Optional | OAuth client identifier |
| Client Secret | Optional | OAuth client secret (encrypted) |
| OAuth Scopes | Optional | Space-separated OAuth scopes |
| Base URL | Optional | Booking engine API base URL |
| Token URL | Optional | OAuth token endpoint URL |
Booking engine configuration is optional. If not configured, the company uses the platform's default supplier credentials.
OAuth Authentication Flow
Setting Up Integration
Prerequisites
Before configuring the booking engine:
- Obtain Credentials — Get OAuth client ID and secret from your travel supplier
- Verify URLs — Confirm the base URL and token URL endpoints
- Define Scopes — Determine which API scopes you need
Configuration Steps
- Navigate to Companies → Select your company
- Click Edit to open the company form
- Switch to the Booking Engine tab
- Enter your OAuth credentials:
- Client ID — Your OAuth client identifier
- Client Secret — Your OAuth secret (will be encrypted)
- Scopes — Space-separated list (e.g.,
booking.read booking.write) - Base URL — Full URL including protocol (e.g.,
https://api.supplier.com) - Token URL — Token endpoint (e.g.,
https://api.supplier.com/oauth/token)
- Click Save
URL Validation
Both Base URL and Token URL must be valid HTTP/HTTPS URLs:
| Example | Valid? | Notes |
|---|---|---|
https://api.supplier.com | ✅ | Correct format |
https://api.supplier.com/v1 | ✅ | Path included is fine |
api.supplier.com | ❌ | Missing protocol |
ftp://api.supplier.com | ❌ | Invalid protocol |
Security
Credential Storage
- Client secrets are encrypted before storage
- Secrets are never returned in API responses
- Only the presence of credentials is indicated (
hasConfiguredCredentials: true)
Credential Updates
When editing a company with existing credentials:
- Leave the Client Secret field blank to keep the existing secret
- Enter a new value to replace the existing secret
There is no way to view the stored client secret. Keep a secure backup of your credentials.
Without Configuration
If no booking engine is configured:
- The company uses platform default credentials
- All standard travel content is available
- No custom supplier integration
Troubleshooting
Authentication Failures
If bookings fail with authentication errors:
- Verify the client ID and secret are correct
- Check the token URL is accessible
- Confirm the scopes match what the supplier expects
- Ensure credentials haven't expired
Missing Content
If flights or hotels aren't appearing:
- Verify the base URL is correct
- Check the scopes include read permissions
- Confirm your supplier account is active
Invalid URL Errors
If you see URL validation errors:
- Include the protocol (
https://) - Remove trailing slashes
- Ensure the URL is complete (not just a domain)