OAuth 2.0 authentication

Set up OAuth 2.0 authentication for your Rapid API implementation

All of the Rapid APIs except for the Lodging API use an OAuth 2.0 authentication process. This information applies to:

Rapid Car API
Rapid Flight API
Rapid Activities API
Rapid Typeahead API

Note: The Lodging API includes signature authentication in its schema, but to use Typeahead API with Lodging, you'll need to include OAuth 2.0 authentication as well.

Establish authorization

OAuth 2.0 authentication requires an access token. To get an access token, you will send a request to the Expedia gateway using your API credentials. The two parts of your credentials will be combined, Base64 encoded, and sent as the Authorization header with a Basic prefix, e.g. Basic <base64>.

Example: Encode your credentials in Base64 format

var client-id = postman.getEnvironmentVariable("client-id");
var client-secret= postman.getEnvironmentVariable("client-secret");
var base64Hash = CryptoJS.enc.Utf8.parse(client-id + ":" + client-secret);
var base64 = CryptoJS.enc.Base64.stringify(base64Hash);
postman.setEnvironmentVariable("base64",base64);

Get an opaque access token

You'll need an opaque access token (that is, one that does not contain any information about the user or resource) before you can make an API request.

Sample request

POST – https://api.ean.com/identity/oauth2/v3/token 

Header: 
Key: ‘Authorization’ 
Value: ‘Basic {base64}’

Sample response

{ 
    "access_token": "p1xy6rxahicQPUIX_Sq6a52yFnHXpX3ImaSX9sKiUI4:XM8qZiTr1HPDc8FgBE5HLvFTFdICuRFV0-l7gFWI-WU", 
    "token_type": "bearer", 
    "expires_in": 1800, 
    "scope": "demand-solutions.demand-api-wrappers-playground.all" 
}

Use the opaque access token

Now that you have an access_token, you can use it to make requests to any endpoint that supports OAuth 2.0, such as Typeahead, Geography, and Cars.

GET - https://test.ean.com/v3/regions?include=standard&language=en-US&iata_location_code=SEA

Header: 
Key: 'Authorization' 
Value: 'Bearer {access_token}'