--- uuid: ca29d17b-e56d-4697-96ac-a3d46d382c52 date_created: 2026-01-15T13:54:03.820Z date_updated: 2026-02-24T17:08:34.533Z versions: - v0.3371.0 (21563) - v0.3370.0 (21562) - v0.3369.0 (21494) - v0.3368.2 (21491) --- # Release v0.3368.2 โ†’ v0.3371.0 This release brings significant improvements to customer request management and API key configuration. A new sub-reason ONE\_EURO\_HOTEL\_NIGHT is now available for CXO customer support forms. API key management is enhanced with a new prebookable\_price\_access parameter for fine-grained control over price access during ODR periods. Finally, a security fix has been applied to price search to prevent unauthorized access to pre-booking prices via specific requests with identical dates. ## Notes ## ๐Ÿš€ Highlights * **New sub-reason values**: Added `ONE_EURO_HOTEL_NIGHT` sub-reason for customer support requests * **Advanced API key configuration**: New `prebookable_price_access` parameter to control access to ODR prices * **Security fix**: The `/v1/search_price` route no longer returns prices during the pre-booking period when not authorized *** ## ๐Ÿ“‹ Summary This release brings significant improvements to customer request management and API key configuration. A new `ONE_EURO_HOTEL_NIGHT` sub-reason is now available for CXO customer support forms. API key management is enhanced with a new `prebookable_price_access` parameter for fine-grained control over access to prices during the ODR (Offre De Rรฉservation) period. Finally, a security fix has been applied to price search to prevent unauthorized access to pre-booking prices via specific requests with identical dates. *** ## ๐Ÿ†• New features ### New sub-reason for customer support requests The customer support request update resource now accepts the `ONE_EURO_HOTEL_NIGHT` value in the `sub_reason_code` field of the reasons. **Affected endpoint:** * `PUT /v0/customers/{customer_id}/support_requests/{support_request_id}` **Payload example:** ```json { "request_type": "CLAIM", "subject_code": "UPCOMING_STAY", "reasons": [ { "code": "COMMERCIAL", "sub_reason_code": "ONE_EURO_HOTEL_NIGHT" } ] } ``` *** ### New configuration parameter for access to ODR prices API keys can now be configured with the boolean parameter `prebookable_price_access` to allow or disallow access to prices during the pre-booking period on all endpoints returning prices (excluding calendar and bookable dates). **Affected endpoints:** * `GET /v0/api_keys` * `POST /v0/api_keys` * `GET /v0/api_keys/{id}` * `PUT /v0/api_keys/{id}` * `PATCH /v0/api_keys/{id}` **New field:** * **`prebookable_price_access`** (boolean): If set to `true`, the API key will have access to prices during the pre-booking period on all API endpoints. Default value: `false`. **Configuration example:** ```json { "prebookable_price_access": true } ``` *** ## ๐Ÿ› Bug fixes ### Security fix on price search The `GET /v1/search_price` route has been corrected to prevent access to pre-booking (PRE\_BOOKABLE) prices when the `first_date` and `last_date` parameters are identical and correspond to an ODR date. The system now performs an intersection between the price index and the date index in all cases. **Affected endpoint:** * `GET /v1/search_price` **Fixed behavior:** * Requests with identical `first_date` and `last_date` on an ODR date no longer return unauthorized prices * Results for a single date (first\_date = last\_date) are correctly limited to that single date on calendars and bookable dates *** ## ๐Ÿ“Š Statistics for this release * **New features**: 2 * **Bug fixes**: 1 * **Modified routes**: 7 * **Routes added**: 0 * **Routes removed**: 0 * **Routes deprecated**: 0