Implementation checklist
When setting your attach module up, verify that the final request URL is correct.
String values
Exclude the domain
The request string should only contain the endpoint plus the request parameters.
Code example
`/xsell-pwa.js?partnerId=partner123&outboundEndDateTime=2014-01-02T12%3A55%3A00%2B08%3A00&...param=xyz`Check the encoding
Remember that all parameter values should be percent-encoded UTF-8.
Check required parameters
All required parameters must be passed. In addition, be sure that:
- You’re sending either
destinationTlaORlatitudeandlongitude - The
bookingDateTimevalue is in the past - The
outboundEndDateTimeis in the future - See the guidelines for one-way, round trip, and multi-destination flights
Check the signature placement
The signature should always be the last parameter of the final request URL.
Signature
Use the correct format
The signature should be in Base64, not hexadecimal.
Use the correct data type
When converting to Base64 encoding, treat the signature as an integer, not a string.
Check the special characters
Although Base64 should do this automatically, check that you’re using the correct special characters:
- Replace
+with-:m6y13j0747-x/h81wEzR9jE1fco= - Replace
/with_:m6y13j0747-x_h81wEzR9jE1fco= - Remove any
=padding from the string:m6y13j0747-x_h81wEzR9jE1fco
Check the length
The signature should be exactly 27 characters long.
Check the secret key visibility
The secret key should not be publicly visible in the request URL. It should only be used on the server side to generate the signature.
Domain and endpoint
Make sure the script is protocol-agnostic
Include the script without an HTTP protocol (//xsell.expedia.com instead of http://xsell.expedia.com) so that it will automatically select the necessary one.
Check that the request URL is structured correctly
The final request URL should be combination of the domain plus the request string (a combination of the endpoint and the request parameters) plus the signature parameter.
- Domain:
//xsell.expedia.com - Endpoint:
/xsell-pwa.js? - Request parameters:
partnerId=partner123&outboundStartDateTime=2024-10-22T11%3A55%3A00%2B08%3A00&outboundEndDateTime=2024-10-22T13%3A55%3A00%2B08%3A00&returnStartDateTime=2024-10-30T20%3A30%3A00%2B08%3A00&returnEndDateTime=2024-10-30T22%3A30%3A00%2B08%3A00&destinationTla=LAX&numOfAdults=2&locale=en-US¤cyCode=USD&bookingDateTime=2024-04-12T12%3A32%3A15%2B08%3A00&bookingId=123ABC&bookingStatus=confirmed - Signature parameter (must be the final element):
&signature=bj01fgT85mUiRmzxxSufSmlGpiI
Code example //xsell.expedia.com/xsell-pwa.js?partnerId=partner123&outboundStartDateTime=2024-10-22T11%3A55%3A00%2B08%3A00&outboundEndDateTime=2024-10-22T13%3A55%3A00%2B08%3A00&returnStartDateTime=2024-10-30T20%3A30%3A00%2B08%3A00&returnEndDateTime=2024-10-30T22%3A30%3A00%2B08%3A00&destinationTla=LAX&numOfAdults=2&locale=en-US¤cyCode=USD&bookingDateTime=2024-04-12T12%3A32%3A15%2B08%3A00&bookingId=123ABC&bookingStatus=confirmed&signature=bj01fgT85mUiRmzxxSufSmlGpiI
Script integration
Check the script
The script should be included inside the <body>. If you’re using an embedded module, check that the required <div> element is present.
Verify the referrer policy
For an embedded attach module, the parent page referrer policy should be set as origin-when-cross-origin.