More info
For new partners
Interested in an EPS Rapid API integration? Using our V3 API but want to learn more about EPS Rapid?
For existing partners
To view secure documentation please login with EPS Service Desk, using the link below.
Doc Access for Current Partners
Documentation for our previous API is available in a new location. Simply sign in to your account on support.ean.com to view all previous API docs.
No EPS Service Desk account?
Please contact your EPS representative
API Key Authentication and Access
You'll use the HTTP Authorization header to transmit your API key and an SHA-512 signature hash with each request. The signature hash consists of your API key, shared secret, and a UNIX timestamp.
Creating Your Authorization Header
EPS expects your authorization header to use the format below - note the required EAN prefix. This prefix ensures the correct authorization rules are applied to your request.
Authorization: EAN APIKey=yourAPIKey,Signature=sha512Hash,timestamp=yourUNIXTimestamp
Your signature value is the unsalted SHA-512 hash of the concatenation of your API Key + shared secret + UNIX timestamp in seconds.
Your timestamp value must be the same value
used to generate your signature. If a different timestamp
value is provided, EPS will not be able to verify your signature hash
value and your request will be rejected.
Here is an example complete Authorization header:
Authorization: EAN APIKey=dkc4wrkp7w58wx5v2jxen2kx,Signature=Mgup2Azf,timestamp=1476739212
Verifying your Authorization Header
Test your own code against the EPS Signature Generator before attempting test requests.
Note: NTP Clock Sync
EPS syncs internal server times using Network Time Protocol (NTP). If you use NTP as well, clock sync issues should not occur. Most modern operating systems support this or similar time sync services – check your OS documentation. The system accepts timestamps up to five minutes before or after the server timestamp to accommodate for reasonable clock drift.
Signature Generation Code Samples
PHP
$apiKey = "abcdefg";
$secret = "1a2bc3";
$timestamp = time();
$authHeader = 'Authorization: EPS APIKey=' . $apiKey . ',Signature=' . hash("sha512", $apiKey.$secret.$timestamp) . ',timestamp=' . time();
JavaScript
var crypto = require('crypto');
var request = require('request');
var apiKey = "123";
var secret="123";
var timestamp = Math.round((new Date().getTime()/1000));
var hash = crypto.createHmac('sha256', apiKey+secret+timestamp).digest('hex');
var authHeaderValue = 'EPS APIKey=' +apiKey+ ',Signature=' + hash + ',timestamp=' + timestamp;
Java
import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Timestamp;
import java.util.Date;
String apiKey = "123";
String secret = "123";
Date date= new java.util.Date();
Long timestamp = (date.getTime() / 1000);
String signature = null;
try {
String toBeHashed = apiKey + secret + timestamp;
MessageDigest md = MessageDigest.getInstance("SHA-512");
byte[] bytes = md.digest(toBeHashed.getBytes("UTF-8"));
StringBuilder sb = new StringBuilder();
for(int i=0; i< bytes.length ;i++){
sb.append(Integer.toString((bytes[i] & 0xff) + 0x100, 16).substring(1));
}
signature = sb.toString();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
String authHeaderValue = "EPS APIKey=" + apiKey + ",Signature=" + signature + ",timestamp=" + timestamp;
Python
import hashlib import datetime apiKey = "123" secret = "123" timestamp = str(int(time.time())); authHeaderValue = "EPS APIKey=" + apiKey + ",Signature=" + hashlib.sha512(apiKey+secret+timestmap).hexdigest() + ",timestamp=" + timestamp
Ruby
require 'digest'
apiKey="123"
secret="123"
timestamp = Time.now.to_i
toBeHashed = "#{apiKey}#{secret}#{timestamp}"
signature = Digest::SHA2.new(512).hexdigest(toBeHashed)
authHeaderValue = "EPS APIKey=#{apiKey},Signature=#{signature},timestamp=#{timestamp}"
C#
String apiKey = "123";
String secret = "123";
TimeSpan epochTicks = new TimeSpan(new DateTime(1970, 1, 1).Ticks);
TimeSpan unixTicks = new TimeSpan(DateTime.UtcNow.Ticks) - epochTicks;
double unixTime = (int)unixTicks.TotalSeconds;
var toBeHashed = apiKey + secret + unixTime;
var bytes = System.Text.Encoding.UTF8.GetBytes(toBeHashed);
using (var hash = System.Security.Cryptography.SHA512.Create())
{
var hashedInputBytes = hash.ComputeHash(bytes);
var hashedInputStringBuilder = new System.Text.StringBuilder(128);
foreach (var b in hashedInputBytes)
hashedInputStringBuilder.Append(b.ToString("X2"));
var signature = hashedInputStringBuilder.ToString();
var authHeaderValue = "EPS APIKey=" + apiKey + ",Signature=" + signature +",timestamp=" + unixTime;
}
Perl
use strict; use Crypt::Digest::SHA512 qw(sha512_hex); my $apiKey = '123'; my $secret = '123'; my $timestamp = time; my $sig = sha512_hex($apiKey . $secret . $timestamp); my $authHeaderValue = "EPS APIKey=".$apiKey.",Signature=".$sig.",timestamp=".$timestamp; print $authHeaderValue;
Protecting your Shared Secret
The shared secret provided to you is critical to the security of your request data – treat it like a password. Never include the raw value in any publicly accessible site or app code. You will be provided with a shared secret and an API key when you are approved to integrate EPS Rapid.
EPS Rapid 2.1 has been fully released to production! Find out what's new or see our changelog details to get started. Rapid 2.0 documentation is still available via the version drop-down menu in the upper right corner of each doc page.
EPS Home | EPS Portal Login | Expedia Partner Central | Advertise with Expedia
News | Privacy Policy | Cookie Policy | Contact Us
© 2018 Expedia, Inc. All Rights Reserved.