Authentication (2025)
As part of our ongoing commitment to security enhancements, we are introducing a Token-Based Authentication (OAuth 2.0) solution for the Agoda connectivity system. This new security measure will become the standard for connecting to our Agoda Channel Manager APIs by 2026.
Please refer to roll-out timeline, and details as below.
OAuth 2.0 Authorization roll-out timeline
| Action | Timeline | Remark |
|---|---|---|
| Token-Based Authentication (OAuth 2.0) ready for YCSAPI | March 2025 | |
| Token-Based Authentication (OAuth 2.0) ready for CPAPI and PromoAPI | June 2025 | |
| Client ID and Secret Self-Service Available | June 2025 | |
| Channel Manager Development & Certification Period | Q2 2025 – Q4 2026 | During this period, both API Key authentication and Token-Based Authentication (OAuth 2.0) will be supported. |
| Cut-off for API Key Authentication | End of 2026 | After the cut-off, only Token-Based Authentication (OAuth 2.0) will be supported. API Key authentication will no longer be available. |
Action required for existing Partners
Please submit yourdevelopment timeline via this form. This will allow us to assist you with setup, development, testing, and certification.
If you have any questions, feel free to reach out to us directly or submit your connectivity inquiries via the Technical Support Form >> https://developer.agoda.com/supply/docs/contact-us
Documentation
API Specification is available here >> https://developer.agoda.com/supply/reference/oauth-20-authorization.
Updated 6 months ago