Crew OAuth2 Server Overview

In order to use the FlightOps/Crew API, authorization via a specific Lufthansa Crew OAuth2 Server is necessary. There are two separate instances available for the different API environments:

  • Sandbox and Sandbox Mock API: OAuth2 TEST server
  • Production API: OAuth2 PROD server

The Lufthansa Crew OAuth2 Server supports the OAuth2 specification according to RFC6749 and provides the following endpoints:

TEST Server: oauth-test.lufthansa.com
Endpoint Name URL Remarks
Authorization Endpoint https://oauth-test.lufthansa.com/oauth/authorize

- for MOCK API use scope prefix https://mock.cms.fra.dlh.de/... instead of https://cms.fra.dlh.de/...

- a MOCK scope will lead to a special login page which supports login via Google Authenticator

Token Endpoint https://oauth-test.lufthansa.com/oauth/token
Session Logout Endpoint https://oauth-test.lufthansa.com/logout "Browser Logout" (local session) only
Backend Logout Endpoint https://oauth-test.lufthansa.com/logout_backend "Backend logout" (Mashery token, backend sessions) only
PROD Server: oauth.lufthansa.com
Endpoint Name URL Remarks
Authorization Endpoint https://oauth.lufthansa.com/oauth/authorize
Token Endpoint https://oauth.lufthansa.com/oauth/token
Session Logout Endpoint https://oauth.lufthansa.com/logout "Browser Logout" (local session) only
Backend Logout Endpoint https://oauth.lufthansa.com/logout_backend "Backend logout" (Mashery token, backend sessions) only