|
| 1 | +--- |
| 2 | +pcx_content_type: reference |
| 3 | +title: 2Brother Travel Cloud Integration |
| 4 | +rss: file |
| 5 | +--- |
| 6 | + |
| 7 | +import { Render } from "~/components"; |
| 8 | + |
| 9 | +<Render |
| 10 | + file="casb/integration-description" |
| 11 | + product="cloudflare-one" |
| 12 | + params={{ |
| 13 | + integrationName: "2Brother Travel Cloud Integration", |
| 14 | + integrationAccountType: "2Brother Travel account", |
| 15 | + }} |
| 16 | +/> |
| 17 | + |
| 18 | +## Integration prerequisites |
| 19 | + |
| 20 | +- A verified **2Brother Travel account** |
| 21 | +- Administrator access to your travel partner APIs (e.g., 12Go Asia, Trip.com, Traveloka) |
| 22 | +- Access credentials (API Token, API Key, API Secret) to connect automation pipelines |
| 23 | + |
| 24 | +--- |
| 25 | + |
| 26 | +## Integration permissions |
| 27 | + |
| 28 | +For the 2Brother Travel integration to function within Cloudflare CASB, the following access scopes are required: |
| 29 | + |
| 30 | +- `read:booking` — Access travel booking and status data |
| 31 | +- `write:inventory` — Update or sync travel inventory data |
| 32 | +- `read:partner` — Retrieve partner connection data (e.g., affiliate, reseller) |
| 33 | +- `deploy:site` — Deploy and sync web content through the Netlify or GoDaddy API |
| 34 | + |
| 35 | +These permissions ensure least-privilege access while enabling automation across connected travel APIs. |
| 36 | + |
| 37 | +To learn more about each scope, refer to the [2Brother Travel Developer Documentation](https://2brother.online/api/docs). |
| 38 | + |
| 39 | +--- |
| 40 | + |
| 41 | +## Compute account |
| 42 | + |
| 43 | +You can connect a compute or hosting account to your integration to perform **Data Loss Prevention (DLP)** and **travel data sync automation** within your 2Brother environment. |
| 44 | +CASB will automatically monitor and scan your API data exchange and service objects. |
| 45 | + |
| 46 | +### Add a compute account |
| 47 | + |
| 48 | +<Render file="casb/aws-compute-account" product="cloudflare-one" /> |
| 49 | + |
| 50 | +Only one compute account can be connected per integration. To remove a compute account, go to **Manage compute accounts** in the Cloudflare dashboard. |
| 51 | + |
| 52 | +--- |
| 53 | + |
| 54 | +### Configure compute account scanning |
| 55 | + |
| 56 | +Once your compute account has successfully connected: |
| 57 | + |
| 58 | +1. Go to [Zero Trust](https://one.dash.cloudflare.com) → **CASB** → **Integrations**. |
| 59 | +2. Find your **2Brother Travel** integration. |
| 60 | +3. Select **Create new configuration**. |
| 61 | +4. In **Resources**, choose your data APIs or endpoints to monitor. |
| 62 | +5. Choose DLP profiles (e.g., “Customer Info”, “Payment Data”) and file types. |
| 63 | +6. Configure rate limits or API call frequency. |
| 64 | +7. Review and select **Start scan**. |
| 65 | + |
| 66 | +CASB may take up to an hour to initialize data synchronization and scanning. |
| 67 | + |
| 68 | +You can view scan results under **CASB → Content → Cloud**. |
| 69 | + |
| 70 | +--- |
| 71 | + |
| 72 | +## Security findings |
| 73 | + |
| 74 | +<Render |
| 75 | + file="casb/security-findings" |
| 76 | + product="cloudflare-one" |
| 77 | + params={{ integrationName: "2Brother Travel", slugRelativePath: "2brother-travel" }} |
| 78 | +/> |
| 79 | + |
| 80 | +### Partner API Security |
| 81 | + |
| 82 | +| Finding type | FindingTypeID | Severity | |
| 83 | +| ------------------------------------------- | -------------------------------------- | -------- | |
| 84 | +| API Token Exposed in Client Build | `2bfa1d7c-b27a-4128-9a8d-72af214f9aa7` | Critical | |
| 85 | +| API Key Without Rate Limiting | `6a93d917-501f-4b92-9f59-fb3b5a4f37ae` | High | |
| 86 | +| Partner API Using Insecure HTTP | `ad7bfe4d-0837-472b-84d9-bfc4160f1285` | High | |
| 87 | +| Missing CORS Restrictions | `cb3e8214-1f21-4b6d-bd42-c88c7b6f09f5` | Medium | |
| 88 | +| Missing JWT Expiry Policy | `87fd2a6d-8b0a-4a9e-8e51-62f8e3b8c231` | Medium | |
| 89 | +| Inactive Affiliate Token Older than 90 days | `90aee8e2-0d94-4c16-8c97-19388a3cc5de` | Medium | |
| 90 | +| Publicly Accessible Booking Endpoint | `3c8b18e1-7e4b-4f4d-9394-64c8c3b28ef4` | High | |
| 91 | + |
| 92 | +--- |
| 93 | + |
| 94 | +### Authentication & Access Control |
| 95 | + |
| 96 | +| Finding type | FindingTypeID | Severity | |
| 97 | +| -------------------------------------------- | -------------------------------------- | -------- | |
| 98 | +| Weak Password Policy | `eb741f33-103a-49cb-b81a-8c4a06a6c90f` | High | |
| 99 | +| Multi-Factor Authentication Not Enforced | `09c9a2b5-1920-4b35-bf42-b93c0deacb1a` | Critical | |
| 100 | +| OAuth Token Without Expiration | `10b2f326-6540-44ce-9b8c-ccf02736d171` | Medium | |
| 101 | +| User Session Expiration Not Configured | `fb02a28a-d174-45cf-b816-2a8aebcbf1d7` | Medium | |
| 102 | +| Public Admin Console Exposure | `fcae0e54-8a57-4f07-a690-02e4e6d7dfbb` | High | |
| 103 | + |
| 104 | +--- |
| 105 | + |
| 106 | +### Certificates & Domain Security |
| 107 | + |
| 108 | +| Finding type | FindingTypeID | Severity | |
| 109 | +| -------------------------------------- | -------------------------------------- | -------- | |
| 110 | +| Expired SSL Certificate | `a97f2728-177c-4a35-9d52-5f8afde1e014` | Critical | |
| 111 | +| Wildcard Certificate without SAN check | `97d9df3f-c124-414d-934b-caaaf1a3e662` | High | |
| 112 | +| Insecure DNS Record (HTTP only) | `f1db9a44-3947-4a19-b9da-83520f3c3d12` | Medium | |
| 113 | +| Missing DNSSEC on Domain | `d4729b61-032d-4e63-985e-81b12cf8b721` | Medium | |
| 114 | + |
| 115 | +--- |
| 116 | + |
| 117 | +### Integration Lifecycle |
| 118 | + |
| 119 | +| Finding type | FindingTypeID | Severity | |
| 120 | +| --------------------------------------- | -------------------------------------- | -------- | |
| 121 | +| Outdated API Integration (>180 days) | `5a9c4731-50cc-420d-8ff1-1af7ec0e7d87` | Medium | |
| 122 | +| Deprecated Partner SDK in Use | `8e1cd594-b6a2-4ab0-84f8-fb0d9b27d625` | Medium | |
| 123 | +| Unverified Third-Party Plugin Detected | `2bff8c43-2469-4fd2-85a3-cb8f1da2f1a1` | High | |
| 124 | + |
| 125 | +--- |
| 126 | + |
| 127 | +### Root Access & Admin Management |
| 128 | + |
| 129 | +| Finding type | FindingTypeID | Severity | |
| 130 | +| ------------------------------------ | -------------------------------------- | -------- | |
| 131 | +| Root Access Token Used in Last 90 Days | `9d23c002-aece-42b5-b082-2b51fab8d7c1` | Critical | |
| 132 | +| Root Access Without MFA | `19abe0ee-e8bd-4e3b-9ee9-ea5c64fe769c` | Critical | |
| 133 | +| Admin Token Without Scope Restriction | `b3e89c2e-b5e1-45e1-871d-6af0a1c90123` | High | |
| 134 | +| Privileged Access Not Audited | `7a86e5fa-7e8b-4f47-b927-0e38eac3c2fd` | Medium | |
| 135 | + |
| 136 | +--- |
| 137 | + |
| 138 | +### 📘 Learn more |
| 139 | +For setup guides, visit [https://2brother.online/docs](https://2brother.online/docs). |
| 140 | +For automation workflow examples, see the [2Brother Automator Demo Project](https://github.com/2brothertravel/demo). |
| 141 | + |
| 142 | +--- |
0 commit comments