What is an API key and what do I need it for?
What is the difference between a Sandbox and a Production API Key?
If I generate a new API key will the other one be removed?
How can I view my API key once again?
Can I delete an API key if it's been compromised?
What is an API key and what do I need it for?
An API key can act as a secret authentication token as well as a unique identifier. Typically, the key will come with a set of access rights for the API that it is associated with. Think of an API key as a password used to authenticate you to the API.
An API key is necessary to access our Booking API. Please see here for more information about authentication. Without an API key, when executing an API call you will receive a "401 unauthorised" response.
To create an API key, log in and go to the dashboard: https://app.impala.travel/sellers.
There are no associated costs with signing up to the platform, charges are only made when you create live bookings using the API.
What is the difference between a Sandbox and a Production API Key?
Impala provides free access to our sandbox test environment allowing you to thoroughly test the API. You'll find hotels and rates that roughly reflect the real world, making it easy to test location and availability search. The Sandbox environment has been built with a realistic mix of test hotels and rates reflective of what would be available in the production environment. You can create and manage bookings in the sandbox environment without incurring costs. To access your sandbox environment, please use the Sandbox API key from the dashboard. Please see here for more details about testing.
When you are ready to book a real hotel room, please use a production API key. The booking created with a Production key will be processed and will make a real reservation. To generate a Production API key, we request you to provide certain company information and your business credit card for payment. You can find more information about billing for the Booking API here.
* Please don't make test bookings for real hotels in production.
If I generate a new API key will the other one be removed?
When you generate another API key, the existing API keys remain the same and you can continue using those. You can create as many API keys as you need.
How can I view my API key once again?
Unfortunately, there is no way to view your API key again after creation for security reasons.
When you create an API key, it is important that you have this API key somewhere safe before clicking on “Done”. As a safeguard, we ask you to click the checkbox to confirm you've saved the API key somewhere safe:
Once you click “Done”, you will be able to see the API key name but not the actual key itself:
Can I delete an API key if it's been compromised?
As soon as you realise that your API key has been compromised, we advise that for security reasons you delete your existing API key and create a new one.
If you hover the cursor on the API key name, the delete icon appears on the far right. Click the icon and choose delete as seen here:
Please be careful when deleting API keys as once it has been deleted you won’t be able to recover it and will have to use a new key to authenticate onto the API.