Client Runtime

Use a WebSocket capable client (for example, Java, .NET, Node.js, Go, or Python) that supports the "graphql-transport-ws" subprotocol and custom headers. Ensure you can send pings and respond to pongs, manage reconnects, and refresh tokens before they expire.

The consuming client must programmatically:

• Open a WebSocket connection with subprotocol graphql-transport-ws and the SHA256 hashed application key supplied as a query parameter.
• Add required HTTP headers (such as Authorization with Bearer token).
• Send and respond to ping and pong messages per the specified protocol interval.
• Track and refresh the OAuth token according to the exp claim.

If you have not previously implemented a WebSocket client, consult the provided Node.js Reference Implementation and basic WebSocket tutorials for your chosen language. Differences from typical HTTP polling:

• Persistent Connection: Your app will open a connection and keep it open, rather than repeatedly connecting and disconnecting.
• Message Exchange: Instead of sending/receiving HTTP requests/responses, exchange JSON messages according to a defined protocol ("graphql-transport-ws").
• Heartbeat (ping/pong): Your app must periodically send and respond to special 'ping' and 'pong' messages to keep the connection alive.

There are many protocols for WebSocket. The OHIP Streaming API uses "graphql-transport-ws" subprotocol with several OHIP-specific extensions, such as passing the hashed application key as a URL parameter.

Security: Do not connect directly from mobile apps or browser-based front ends. As with other Oracle Hospitality APIs, access to the Streaming API must be mediated by a trusted backend service; never embed credentials, OAuth tokens, application keys, or hashes in client apps. For more information, see the Oracle Hospitality Integration Platform Security Guide.