Your EPS account
Sign in to view secure API documentation, update your account details, log support requests and much more.
Your email or password is incorrect. Please try again or reset your password.
If the issue persists please contact your EPS representative.
Reset your password
Please enter your email address below. We will send password reset instructions to the email associated with your EPS account.
Thank you
An email has been sent to your account email address with further instructions on how to reset your password.
API Key Authentication and Access
You'll use the HTTP Authorization header to transmit your API key and an SHA-512 signature hash with each request. The signature hash consists of your API key, shared secret, and a UNIX timestamp.
Creating Your Authorization Header
EPS expects your authorization header to use the format below - note the required EAN
prefix. This prefix ensures the correct authorization rules are applied to your request.
Authorization: EAN APIKey=yourAPIKey,Signature=sha512Hash,timestamp=yourUNIXTimestamp
Your signature
value is the unsalted SHA-512 hash of the concatenation of your API Key + shared secret + UNIX timestamp in seconds.
Your timestamp
value must be the same value
used to generate your signature
. If a different timestamp
value is provided, EPS will not be able to verify your signature hash
value and your request will be rejected.
Here is an example complete Authorization header:
Authorization: EAN APIKey=dkc4wrkp7w58wx5v2jxen2kx,Signature=Mgup2Azf,timestamp=1476739212
Verifying your Authorization Header
Test your own code against the EPS Signature Generator before attempting test requests.
Note: NTP Clock Sync
EPS syncs internal server times using Network Time Protocol (NTP). If you use NTP as well, clock sync issues should not occur. Most modern operating systems support this or similar time sync services – check your OS documentation. The system accepts timestamps up to five minutes before or after the server timestamp to accommodate for reasonable clock drift.
Signature Generation Code Samples
PHP
$apiKey = "abcdefg"; $secret = "1a2bc3"; $timestamp = time(); $authHeader = 'Authorization: EAN APIKey=' . $apiKey . ',Signature=' . hash("sha512", $apiKey.$secret.$timestamp) . ',timestamp=' . time();
JavaScript
var crypto = require('crypto'); var request = require('request'); var apiKey = "123"; var secret="123"; var timestamp = Math.round((new Date().getTime()/1000)); var hash = crypto.createHmac('sha512', apiKey+secret+timestamp).digest('hex'); var authHeaderValue = 'EAN APIKey=' +apiKey+ ',Signature=' + hash + ',timestamp=' + timestamp;
Java
import java.io.UnsupportedEncodingException; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.security.Timestamp; import java.util.Date; String apiKey = "123"; String secret = "123"; Date date= new java.util.Date(); Long timestamp = (date.getTime() / 1000); String signature = null; try { String toBeHashed = apiKey + secret + timestamp; MessageDigest md = MessageDigest.getInstance("SHA-512"); byte[] bytes = md.digest(toBeHashed.getBytes("UTF-8")); StringBuilder sb = new StringBuilder(); for(int i=0; i< bytes.length ;i++){ sb.append(Integer.toString((bytes[i] & 0xff) + 0x100, 16).substring(1)); } signature = sb.toString(); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } catch (UnsupportedEncodingException e) { e.printStackTrace(); } String authHeaderValue = "EAN APIKey=" + apiKey + ",Signature=" + signature + ",timestamp=" + timestamp;
Python
#!/usr/bin/env python import hashlib import time apiKey = "123" secret = "123" timestamp = str(int(time.time())); authHeaderValue = "EAN APIKey=" + apiKey + ",Signature=" + hashlib.sha512(apiKey+secret+timestamp).hexdigest() + ",timestamp=" + timestamp
Ruby
require 'digest' apiKey="123" secret="123" timestamp = Time.now.to_i toBeHashed = "#{apiKey}#{secret}#{timestamp}" signature = Digest::SHA2.new(512).hexdigest(toBeHashed) authHeaderValue = "EAN APIKey=#{apiKey},Signature=#{signature},timestamp=#{timestamp}"
C#
String apiKey = "123"; String secret = "123"; TimeSpan epochTicks = new TimeSpan(new DateTime(1970, 1, 1).Ticks); TimeSpan unixTicks = new TimeSpan(DateTime.UtcNow.Ticks) - epochTicks; double unixTime = (int)unixTicks.TotalSeconds; var toBeHashed = apiKey + secret + unixTime; var bytes = System.Text.Encoding.UTF8.GetBytes(toBeHashed); using (var hash = System.Security.Cryptography.SHA512.Create()) { var hashedInputBytes = hash.ComputeHash(bytes); var hashedInputStringBuilder = new System.Text.StringBuilder(128); foreach (var b in hashedInputBytes) hashedInputStringBuilder.Append(b.ToString("X2")); var signature = hashedInputStringBuilder.ToString(); var authHeaderValue = "EAN APIKey=" + apiKey + ",Signature=" + signature +",timestamp=" + unixTime; }
Perl
use strict; use Crypt::Digest::SHA512 qw(sha512_hex); my $apiKey = '123'; my $secret = '123'; my $timestamp = time; my $sig = sha512_hex($apiKey . $secret . $timestamp); my $authHeaderValue = "EAN APIKey=".$apiKey.",Signature=".$sig.",timestamp=".$timestamp; print $authHeaderValue;
GoLang
apiKey := "123" secret := "123" timestamp := strconv.FormatInt(time.Now().Unix(), 10) c := sha512.New() c.Write([]byte(apiKey + secret + timestamp)) signature := hex.EncodeToString(c.Sum(nil)) authHeaderValue := "EAN APIKey=" + apiKey + ",Signature=" + signature + ",timestamp=" + timestamp
Protecting your Shared Secret
The shared secret provided to you is critical to the security of your request data – treat it like a password. Never include the raw value in any publicly accessible site or app code. You will be provided with a shared secret and an API key when you are approved to integrate EPS Rapid.
See the changes that we've made here.
EPS Home | EPS Portal Login | Expedia Partner Central | Advertise with Expedia | News | Privacy Policy | Cookie Policy
© 2022 Expedia, Inc. All Rights Reserved.