Your EPS account

Sign in to view secure API documentation, update your account details, log support requests and much more.

Your email or password is incorrect. Please try again or reset your password.
If the issue persists please contact your EPS representative.

Forgot password?

Reset your password

Please enter your email address below. We will send password reset instructions to the email associated with your EPS account.

Thank you

An email has been sent to your account email address with further instructions on how to reset your password.

Back to sign in

Signature Authentication

EPS's signature authentication method is required for all API requests.

API Key Authentication and Access

You'll use the HTTP Authorization header to transmit your API key and an SHA-512 signature hash with each request. The signature hash consists of your API key, shared secret, and a UNIX timestamp.

Creating Your Authorization Header

EPS expects your authorization header to use the format below - note the required EAN prefix. This prefix ensures the correct authorization rules are applied to your request.

Authorization: EAN APIKey=yourAPIKey,Signature=sha512Hash,timestamp=yourUNIXTimestamp

Your signature value is the unsalted SHA-512 hash of the concatenation of your API Key + shared secret + UNIX timestamp in seconds.

Your timestamp value must be the same value used to generate your signature. If a different timestamp value is provided, EPS will not be able to verify your signature hash value and your request will be rejected.

Here is an example complete Authorization header:

Authorization: EAN APIKey=dkc4wrkp7w58wx5v2jxen2kx,Signature=Mgup2Azf,timestamp=1476739212
Note: NTP Clock Sync

EPS syncs internal server times using Network Time Protocol (NTP). If you use NTP as well, clock sync issues should not occur. Most modern operating systems support this or similar time sync services – check your OS documentation. The system accepts timestamps up to five minutes before or after the server timestamp to accommodate for reasonable clock drift.

Signature Generation Code Samples

PHP

$apiKey = "abcdefg";
$secret = "1a2bc3";
$timestamp = time();
$authHeader = 'Authorization: EAN APIKey=' . $apiKey . ',Signature=' . hash("sha512", $apiKey.$secret.$timestamp) . ',timestamp=' . time();

JavaScript 

var crypto = require('crypto');
var request = require('request');
var apiKey = "123";
var secret="123";
var timestamp = Math.round((new Date().getTime()/1000));
var hash = crypto.createHmac('sha512', apiKey+secret+timestamp).digest('hex');
var authHeaderValue = 'EAN APIKey=' +apiKey+ ',Signature=' + hash + ',timestamp=' + timestamp;

Java

import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Timestamp;
import java.util.Date;
String apiKey = "123";
String secret = "123";
Date date= new java.util.Date();
Long timestamp = (date.getTime() / 1000);
String signature = null;
try {
   String toBeHashed = apiKey + secret + timestamp;
   MessageDigest md = MessageDigest.getInstance("SHA-512");
   byte[] bytes = md.digest(toBeHashed.getBytes("UTF-8"));
   StringBuilder sb = new StringBuilder();
   for(int i=0; i< bytes.length ;i++){
       sb.append(Integer.toString((bytes[i] & 0xff) + 0x100, 16).substring(1));
   }
   signature = sb.toString();
} catch (NoSuchAlgorithmException e) {
   e.printStackTrace();
} catch (UnsupportedEncodingException e) {
   e.printStackTrace();
}
String authHeaderValue = "EAN APIKey=" + apiKey +  ",Signature=" + signature + ",timestamp=" + timestamp;

Python

#!/usr/bin/env python
import hashlib
import time
apiKey = "123"
secret = "123"
timestamp = str(int(time.time()));
authHeaderValue = "EAN APIKey=" + apiKey + ",Signature=" + hashlib.sha512(apiKey+secret+timestamp).hexdigest() + ",timestamp=" + timestamp

Ruby

require 'digest'
apiKey="123"
secret="123"
timestamp = Time.now.to_i
toBeHashed = "#{apiKey}#{secret}#{timestamp}"
signature = Digest::SHA2.new(512).hexdigest(toBeHashed)
authHeaderValue = "EAN APIKey=#{apiKey},Signature=#{signature},timestamp=#{timestamp}"

C#

String apiKey = "123";
String secret = "123";
TimeSpan epochTicks = new TimeSpan(new DateTime(1970, 1, 1).Ticks);
TimeSpan unixTicks = new TimeSpan(DateTime.UtcNow.Ticks) - epochTicks;
double unixTime = (int)unixTicks.TotalSeconds;
var toBeHashed = apiKey + secret + unixTime;
var bytes = System.Text.Encoding.UTF8.GetBytes(toBeHashed);
using (var hash = System.Security.Cryptography.SHA512.Create())
{
   var hashedInputBytes = hash.ComputeHash(bytes);
   var hashedInputStringBuilder = new System.Text.StringBuilder(128);
   foreach (var b in hashedInputBytes)
       hashedInputStringBuilder.Append(b.ToString("X2"));
   var signature = hashedInputStringBuilder.ToString();
   var authHeaderValue = "EAN APIKey=" + apiKey + ",Signature=" + signature +",timestamp=" + unixTime;
}

Perl

use strict;
use Crypt::Digest::SHA512 qw(sha512_hex);
my $apiKey = '123';
my $secret = '123';
my $timestamp = time;
my $sig = sha512_hex($apiKey . $secret . $timestamp);
my $authHeaderValue = "EAN APIKey=".$apiKey.",Signature=".$sig.",timestamp=".$timestamp;
print $authHeaderValue;

Protecting your Shared Secret

The shared secret provided to you is critical to the security of your request data – treat it like a password. Never include the raw value in any publicly accessible site or app code. You will be provided with a shared secret and an API key when you are approved to integrate EPS Rapid.