Leverage Expedia data with authentication and authorization
To use the Expedia Group travel platform APIs you must create one or more API clients, which are like a password-protected user accounts. Essentially, an API client establishes that the software making an API request belongs to you (authentication), and allows you to limit the types of API requests each client can make (authorization).
The Fraud Prevention Service has enabled the Sandbox feature, which allows you to test API results in a way that won't be reflected in your production application. Try the Fraud Prevention Service APIs with sandbox-specific credentials in our API Explorer, Postman, or other tools, and test your configurations before you push them live.
Whether you're going to start in sandbox mode or go directly to live, you can create and manage your API clients in the Expedia Group Console. Before you can create an API client, you must have added products to your account.
- In the Console, click the Create API client link in the lower left corner.
- On the Create new API client page, give the client a name and description that will help you and others in your organization remember what products it includes.
- In the list of available products, check the boxes next to the scopes (API request types) you want to include. Checking the box at the top level will select all of the child elements.
- Click Get credentials.
- Copy your credentials and save them in a secure place.
Note: API credentials are displayed only at the time that the client is created so you will need to copy and store them before you proceed. You will not be able to display them again.
You can create as many API clients as you need. Each client can be granted specific permissions, allowing you to limit what each of your software services can do on the Expedia Group travel platform.
All API clients operate within a single partner account. When you add products to the account, they will be available to include in an API client. You can create a single API client and grant it access to one or more products.
Each product includes a set of scopes that grant access to certain request types. The scopes you assign will control what the client is authorized to do. If you have multiple software services making API requests, we recommend that you create a separate API client for each service, and select only the scopes that each API client will need.
Each API client is given an ID and a secret for authentication, analogous to a username and password. The credentials are displayed only at the time that the client is created so you will need to copy and store them before you proceed.
Be sure to secure your API client credentials! Do not store your client ID or secret in publicly accessible areas such as GitHub, client-side code, etc.
If you just want to try out APIs in the API Explorer you are ready to go - you can enter the API client key (client_id) and secret directly in the API Explorer UI by flipping the Show authentication section toggle.
To learn how to embed an API client in your software, read API authentication and authorization.