Introduction

The LATAM Pass Authentication PNA API is the way through which our partners obtain the access token necessary to technically interact with all the program's APIs.

Request

Header

• Authorization: fixed Basic followed by space and the base64 encode calculated using the value obtained from the Dev Tools > My Apps > Client ID / Client Secret menu
• data-urlencode: fixedgrant_type=client_credentials
• client_id: value obtained from the Dev Tools > My Apps > Client ID menu and mandatory in all requests
• x-latam-test: fixed  LatamPass, to be used in the test environment only, which means, it must not be used in the production environment

Response

If the request is successful, a access_tokent will be returned that expires in 60 minutes. After this time, the access token will be automatically invalidated, it will no longer be possible to make requests with it and a new one will need to be generated.

Most common errors

Invalid client_id

{
   "result": "failure",
   "errors": [
       {
           "type": "INVALID",
           "message": "Invalid client_id in Authorization header"
       }
   ],
   "status": 400
}

Invalid Client Secret

{
    "result": "failure",
    "errors": [
        {
            "type": "INVALID",
            "message": "Invalid secret in Authorization header"
        }
    ],
    "status": 400
}

Invalid Grant Type

{
    "result": "failure",
    "errors": [
        {
            "type": "INVALID",
            "message": "Invalid grant_type format"
        }
    ],
    "status": 400
}

Request blocked by WAF - Web Application Firewall

<HTML>
    <HEAD>
        <TITLE>Access Denied</TITLE>
    </HEAD>
    <BODY>
        <H1>Access Denied</H1>
        You don't have permission to access
        "http://api.latampass.com/sandbox/oauth/access-token" on this server.
        Reference #18.7ac41002.1729607132.2593867
        <P>https://errors.edgesuite.net/18.7ac41002.1729607132.2593867</P>
    </BODY>
</HTML>

Technical documentation

Click here to access it.