XAP API Sandbox Guidance
- Overview
- What is the Sandbox?
- Requesting Sandbox Access
- How to Use the Sandbox?
- Supported APIs
- Response Behavior
Overview
To support developers in building and testing integrations more efficiently, we offer a Sandbox environment for a curated set of APIs under Flights and Lodging domain. This environment simulates expected behavior using mock responses, helping partners test API requests without affecting live systems.
With Sandbox, you can experiment search, availability, reservations, and cancellations capabilities of Flights and Lodging APIs.
Note: The Sandbox currently supports limited dynamic behavior. Responses are mostly static, with only a subset of elements varying based on the request parameters.
What is the Sandbox?
The Sandbox is a non-production simulation layer that mimics real API behavior using stubbed responses. It is intended to help developers:
- Validate API structure and parameter requirements.
- Test request/response flows.
- Understand response formats before integrating with production.
- Simulate common error cases in a controlled setup.
Use the following base URL and header for all sandbox requests:
curl https://apim.sandbox.expedia.com \
-H 'Authorization: ••••••'Please refer Basic-Authentication to understand how to authenticate your requests.
Key differences between sandbox and production environments:
- Sandbox uses mock data and doesn't affect real inventory
- Some features may be limited or simulated in the sandbox
- Response times may differ from production
Requesting Sandbox Access
All sandbox endpoints are publicly accessible with the same API key or token mechanism used in production.
If you already have access to XAP API in production, you can use the same API Key and Password to access the sandbox environment. Otherwise, request sandbox access from your Expedia Account Manager.
How to Use the Sandbox
Our API Explorer provides a convenient Try-It-Out experience that lets you test Sandbox APIs directly from the browser without writing any code.
Follow these steps to get started:
- Open the API Explorer
Go to the Sandbox Playground page. - Enter Authentication credentials
Enter your username and password in the Basic Authentication section.
Use the same credentials you use for production or the one given for Sandbox access. - Select the API
Choose the API you want to test from the available list. - Fill in Parameters
Use the sample values provided in this Sandbox guidance documentation to populate the request parameters. - Click Try It Out
Submit the request to view the mock response in the response section. - Use cURL Examples in Postman (Optional)
You can also copy the cURL requests provided in this documentation and run them directly in tools like Postman, Terminal, or other REST clients for testing outside the API Explorer interface.
Supported APIs
The following APIs currently support the Sandbox experience:
Lodging
| API Name | Method & Endpoint | Description |
|---|---|---|
| Listings | GET /hotels/listings | Returns mock search results |
| Details | GET /hotels/details | Returns mock availability data |
| Booking | POST /hotels/bookings | Simulates booking initiation |
| Retrieve | GET /hotels/bookings | Returns mock details of a sample booking |
| Cancel | PUT /hotels/bookings | Simulates booking cancellation |
| Cancel Details | GET /hotels/bookings/canceldetails | Returns mock cancellation details of a sample reservation |
Flights
| API Name | Method & Endpoint | Description |
|---|---|---|
| Listings | GET /flights/listings | Returns mock flights search results |
| Details | GET /flights/details | Returns mock availability data of a chosen flight offer |
| Booking | POST /flights/bookings | Simulates booking initiation |
| Retrieve | GET /flights/bookings | Returns mock details of a sample reservation |
This list is subject to expansion as we roll out sandbox support across more APIs.
Response Behavior
The mock responses are not fully dynamic or data-driven. Instead:
- A limited set of fields (such as locationKeyword, ecomHotelIds etc) may influence the response content.
- Other fields are stubbed or hardcoded for demonstration purposes only.