More info
For new partners
Interested in an EPS Rapid API integration? Using our V3 API but want to learn more about EPS Rapid?
For existing partners
To view secure documentation please login with EPS Service Desk, using the link below.
Doc Access for Current Partners
Documentation for our previous API is available in a new location. Simply sign in to your account on support.ean.com to view all previous API docs.
No EPS Service Desk account?
Please contact your EPS representative
API Key Authentication and Access
You'll use the HTTP Authorization header to transmit your API key and an SHA-512 signature hash with each request. The signature hash consists of your API key, shared secret, and a UNIX timestamp.
Creating Your Authorization Header
EPS expects your authorization header to use the format below - note the required EAN prefix. This prefix ensures the correct authorization rules are applied to your request.
Authorization: EAN APIKey=yourAPIKey,Signature=sha512Hash,timestamp=yourUNIXTimestamp
Your signature value is the unsalted SHA-512 hash of the concatenation of your API Key + shared secret + UNIX timestamp in seconds.
Your timestamp value must be the same value
used to generate your signature. If a different timestamp
value is provided, EPS will not be able to verify your signature hash
value and your request will be rejected.
Here is an example complete Authorization header:
Authorization: EAN APIKey=dkc4wrkp7w58wx5v2jxen2kx,Signature=Mgup2Azf,timestamp=1476739212
Verifying your Authorization Header
Test your own code against the EPS Signature Generator before attempting test requests.
Note: NTP Clock Sync
EPS syncs internal server times using Network Time Protocol (NTP). If you use NTP as well, clock sync issues should not occur. Most modern operating systems support this or similar time sync services – check your OS documentation. The system accepts timestamps up to five minutes before or after the server timestamp to accommodate for reasonable clock drift.
Signature Generation Code Samples
PHP
$apiKey = "abcdefg";
$secret = "1a2bc3";
$timestamp = time();
$authHeader = 'Authorization: EAN APIKey=' . $apiKey . ',Signature=' . hash("sha512", $apiKey.$secret.$timestamp) . ',timestamp=' . time();
JavaScript
var crypto = require('crypto');
var request = require('request');
var apiKey = "123";
var secret="123";
var timestamp = Math.round((new Date().getTime()/1000));
var hash = crypto.createHmac('sha256', apiKey+secret+timestamp).digest('hex');
var authHeaderValue = 'EAN APIKey=' +apiKey+ ',Signature=' + hash + ',timestamp=' + timestamp;
Java
import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Timestamp;
import java.util.Date;
String apiKey = "123";
String secret = "123";
Date date= new java.util.Date();
Long timestamp = (date.getTime() / 1000);
String signature = null;
try {
String toBeHashed = apiKey + secret + timestamp;
MessageDigest md = MessageDigest.getInstance("SHA-512");
byte[] bytes = md.digest(toBeHashed.getBytes("UTF-8"));
StringBuilder sb = new StringBuilder();
for(int i=0; i< bytes.length ;i++){
sb.append(Integer.toString((bytes[i] & 0xff) + 0x100, 16).substring(1));
}
signature = sb.toString();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
String authHeaderValue = "EAN APIKey=" + apiKey + ",Signature=" + signature + ",timestamp=" + timestamp;
Python
import hashlib import datetime apiKey = "123" secret = "123" timestamp = str(int(time.time())); authHeaderValue = "EAN APIKey=" + apiKey + ",Signature=" + hashlib.sha512(apiKey+secret+timestmap).hexdigest() + ",timestamp=" + timestamp
Ruby
require 'digest'
apiKey="123"
secret="123"
timestamp = Time.now.to_i
toBeHashed = "#{apiKey}#{secret}#{timestamp}"
signature = Digest::SHA2.new(512).hexdigest(toBeHashed)
authHeaderValue = "EAN APIKey=#{apiKey},Signature=#{signature},timestamp=#{timestamp}"
C#
String apiKey = "123";
String secret = "123";
TimeSpan epochTicks = new TimeSpan(new DateTime(1970, 1, 1).Ticks);
TimeSpan unixTicks = new TimeSpan(DateTime.UtcNow.Ticks) - epochTicks;
double unixTime = (int)unixTicks.TotalSeconds;
var toBeHashed = apiKey + secret + unixTime;
var bytes = System.Text.Encoding.UTF8.GetBytes(toBeHashed);
using (var hash = System.Security.Cryptography.SHA512.Create())
{
var hashedInputBytes = hash.ComputeHash(bytes);
var hashedInputStringBuilder = new System.Text.StringBuilder(128);
foreach (var b in hashedInputBytes)
hashedInputStringBuilder.Append(b.ToString("X2"));
var signature = hashedInputStringBuilder.ToString();
var authHeaderValue = "EAN APIKey=" + apiKey + ",Signature=" + signature +",timestamp=" + unixTime;
}
Perl
use strict; use Crypt::Digest::SHA512 qw(sha512_hex); my $apiKey = '123'; my $secret = '123'; my $timestamp = time; my $sig = sha512_hex($apiKey . $secret . $timestamp); my $authHeaderValue = "EAN APIKey=".$apiKey.",Signature=".$sig.",timestamp=".$timestamp; print $authHeaderValue;
Protecting your Shared Secret
The shared secret provided to you is critical to the security of your request data – treat it like a password. Never include the raw value in any publicly accessible site or app code. You will be provided with a shared secret and an API key when you are approved to integrate EPS Rapid.
You can now review documentation for the upcoming version of our EPS Rapid API. Review the schema, start coding and test against our end-points in preparation for go-live in January 2019.
Go to our EPS Rapid 2.2 page to learn more. Version 2.1 is still available here.
EPS Home | EPS Portal Login | Expedia Partner Central | Advertise with Expedia
News | Privacy Policy | Cookie Policy | Contact Us
© 2018 Expedia, Inc. All Rights Reserved.