The guide mandates that you validate the X-APTRA-Signature header on every incoming webhook. The signature is an HMAC-SHA256 of the raw payload, using your tenant secret as the key.
def verify_signature(payload, signature_header, secret): computed = hmac.new(secret.encode(), payload, hashlib.sha256).hexdigest() return hmac.compare_digest(computed, signature_header) The payload wraps the native NDC OrderView inside an APTRA envelope. This standardization means you can write one handler for multiple airlines. Chapter 5: Error Handling and Debugging The APTRA Advance NDC Developer’s Guide includes an exhaustive 50-page appendix of error codes. This is arguably its most valuable section. 5.1 Common Error Classes | HTTP Status | APTRA Code | Description | Developer Action | |-------------|------------|-------------|------------------| | 400 | NDC-1001 | Missing mandatory element (e.g., PTC ) | Validate request against JSON schema (provided in /schemas folder) | | 409 | NDC-2015 | Offer expired | Re-run AirShopping | | 402 | NDC-3010 | Payment authorization failed | tokenize card again or use different FOP | | 500 | NDC-8005 | Airline NDC gateway timeout | Implement retry with exponential backoff (max 3 retries) | 5.2 Debugging with Audit Logs Enable audit.logging=true in the configuration. The guide explains how to export raw NDC XML/JSON requests and responses sent to the airline’s endpoint. This is critical for airline dispute resolution. aptra advance ndc developer-s guide
// Abridged request as per Section 4.2 of the guide The guide mandates that you validate the X-APTRA-Signature
# Recommended settings for APTRA Advance connector maxConnectionsPerAirline: 200 keepAliveTimeout: 120s connectionTimeout: 30s socketTimeout: 60s Instead of calling OrderRetrieve for each PNR individually, use batch: This standardization means you can write one handler