Availability and rates APIs
Booking APIs
Property mgmt APIs
Developer Tools
Reservation management
Payments API referenceReservation management

API intro

The Payments API enables you to securely retrieve guest credit card or Expedia Virtual Card (EVC) information using a payment token provided by the reservations query of the Lodging Supply GraphQL API.

Endpoint

https://api.expediagroup.com/supply/payments/graphql

All requests must be made over a secure connection. All response bodies, including errors, are encoded in JSON. If no response is returned within 65 seconds, the request has timed out; set your retry logic accordingly.

Use the POST method as shown in this syntax statement:

curl --request POST \
     --url https://api.expediagroup.com/supply/payments/graphql \
     --header 'Authorization: Bearer {token}' \
     --header 'Content-Type: application/json' \
     -d ' {
      paymentInstrument(token: "{token}")
        ...
      }
     '

Even though a POST is sent to the GraphQL endpoint, data will only be retrieved, not modified, because the body contains queries only.

Authentication and authorization

This API uses the same request headers and bearer token that was used when issuing the reservations query that retrieved the token.

Rate limits

A rate limit is the number of requests received by the API within any given second. We ask each partner to issue no more than five requests per second. We constantly evaluate traffic as it surges and subsides. We will adjust the limit as needed to protect our platform, partners, and travelers. If you receive the HTTP 200 status code with the RATE_LIMIT_EXCEEDED error code, you have exceeded our rate limit and should consider throttling your requests.

Testing requests and responses

We provide a graphical integrated development environment (IDE) that enables you to issue query requests using test data. This GraphQL explorer is available on many doc pages on this site. Or, you can install a third-party IDE (desktop app), such as Prisma or Insomnia. After you install the application, configure it with either your client ID and secret or a token generated using these values. Refer to the application's documentation for more information about configuring authorization and headers. Then, load our GraphQL endpoint URL and issue test requests as needed.

Error handling

An error can occur during different phases of a GraphQL request (authentication, validation, schema generation, and execution). If an error occurs, an HTTP status code is returned as well as an error object. The HTTP status code of 200 is returned if a GraphQL execution error occurs, and a non-200 status code is returned if an HTTP or GraphQL request error occurs. For a list of HTTP status codes and GraphQL error classes, refer to Error handling.