GET AN API KEY AND AUTHENTIFICATION

Register for an API Key

It's very quick to get your API Key for testing purpose In only few clicks you will be able to get your API Key for testing purposes. The API key is required to launch every request of our API.

Step 1. Register to get a Mashery ID to access to our developer portal.

Step 2. Following registration, you will receive a confirmation email.
Click on the link in the email and follow the easy next steps.

Step 3.  Generate your own API Key for making calls. At this step, select also an API package and agree to the terms of service.

Step 4.  When you receive your API key, be sure to read the documentation, learn how to make a booking through our API, launch a request in our Sandbox, and be prepared to integrate our system.

At this point you are able to run an example of our workflow using Postman:

RUN IN POSTMAN

After running it, you need to edit the environment adding your API key and Secret. Then you are ready to test our availability, check and confirm requests.

AUTHENTICATION

For the authentification, send the following headers:

Header nameValue
Api-Key Your registered API key
X-Signature

SHA256 encoding signature

How to obtain the X-Signature

To obtain the X-Signature, generate an SHA256 hash in Hex format from your Api key, your secret plus current timestamps in seconds

sha256Hex(apiKey + Secret + System.currentTimeMillis() / 1000)

Java code

package test;

import java.io.BufferedReader;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.URL;

import javax.net.ssl.HttpsURLConnection;

public class Test {

    public static void main(String[] args) {

        try {
            // Your API Key and secret
            String apiKey = "yourApiKey";
            String Secret = "yourSecret";
            // Signature is generated by SHA256 (Api-Key + Secret +
            // Timestamp (in seconds))
            String signature = org.apache.commons.codec.digest.DigestUtils
                    .sha256Hex(apiKey + Secret + System.currentTimeMillis() / 1000);
        
            // Example of call to the API
            String endpoint = "https://api.test.hotelbeds.com/hotel-api/1.0/status";
            URL url = new URL(endpoint);
            
            HttpsURLConnection connection = (HttpsURLConnection) url.openConnection();
            connection.setRequestProperty("X-Signature", signature);
            connection.setRequestProperty("Api-Key", apiKey);
            connection.setRequestProperty("Accept", "application/xml");

            InputStream ins = connection.getInputStream();
            InputStreamReader isr = new InputStreamReader(ins);
            BufferedReader in = new BufferedReader(isr);

            String inputLine;
            while ((inputLine = in.readLine()) != null) {
                System.out.println(inputLine);
            }
            in.close();

        } catch (Exception e) {
            e.printStackTrace();
        }
    }
}

PHP 5.5.x code

The following example requires PHP version greater than 5.5.x and the library pecl_http => 2.5.3 You can install it via https://pecl.php.net 

<?php // Your API Key and secret $apiKey = "yourApiKey"; $Secret = "yourSecret"; // Signature is generated by SHA256 (Api-Key + Secret + Timestamp (in seconds)) $signature = hash("sha256", $apiKey.$Secret.time()); // Example of call to the API $endpoint = "https://api.test.hotelbeds.com/hotel-api/1.0/status"; $request = new http\Client\Request("GET",     $endpoint,     [ "Api-Key"     => $apiKey,       "X-Signature" => $signature,       "Accept"      => "application/xml" ]); try {     $client = new http\Client;     $client->enqueue($request)->send();     // pop the last retrieved response     $response = $client->getResponse();     if ($response->getResponseCode() != 200) {         printf("%s returned '%s' (%d)\n",            $response->getTransferInfo("effective_url"),            $response->getInfo(),            $response->getResponseCode()        );     } else {        printf($response->getBody());     } } catch (Exception $ex) {     printf("Error while sending request, reason: %s\n",$ex->getMessage()); } ?>

.Net C# code

using System;
using System.Diagnostics;
using System.Net;
using System.Security.Cryptography;
using System.Text;

namespace Examples {
    class Program {
        public static void Main() {
            
            const string apiKey       = "YourApiKey";
            const string Secret = "YourSecret";
            
            const string endpoint = "https://api.test.hotelbeds.com/hotel-api/1.0/status";
            
            // Compute the signature to be used in the API call (combined key + secret + timestamp in seconds)
            string signature;
            using (var sha = SHA256.Create()) {
                long ts = (long)(DateTime.UtcNow - new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc)).TotalMilliseconds / 1000;
                Console.WriteLine("Timestamp: " + ts);
                   var computedHash = sha.ComputeHash(Encoding.UTF8.GetBytes(apiKey + Secret + ts));
                signature = BitConverter.ToString(computedHash).Replace("-", "");
            }

            Console.WriteLine("Signature: " + signature);
            
            using (var client = new WebClient()) {
                // Request configuration            
                client.Headers.Add("X-Signature", signature);
                client.Headers.Add("Api-Key", apiKey);
                client.Headers.Add("Accept", "application/xml");
                
                // Request execution
                string response = client.DownloadString(endpoint);
                   Debug.WriteLine(response);
            }
            
        }
    }
}

Go code

package main

import (
       "fmt"
       "time"
       "crypto/sha256"
       "encoding/hex"
       "io/ioutil"
       "net/http"
)

func main() {

        // Your API Key and secret
        apiKey := "yourApiKey"
        Secret := "yourSecret"
       
        // Signature is generated by SHA256 (Api-Key + Secret + Timestamp (in seconds))
        hasher := sha256.New()
        hasher.Write([]byte(fmt.Sprintf("%s%s%d",apiKey,Secret,time.Now().Unix())))
        signature := hex.EncodeToString(hasher.Sum(nil))

        // Example of call to the API
        endpoint := "https://api.test.hotelbeds.com/hotel-api/1.0/status"

        // Creating GET Request with headers
        req, _ := http.NewRequest("GET", endpoint, nil)
        req.Header.Add("X-Signature", signature)
        req.Header.Add("Api-Key", apiKey)
        req.Header.Add("Accept", "application/xml")

        client := &http.Client{}
        res, err := client.Do(req)
        if err != nil {
           fmt.Printf("Error sending request: %s\n",err)
           return
        } 
        
        defer res.Body.Close()
        body, err := ioutil.ReadAll(res.Body)
        if err != nil {
           fmt.Printf("Error reading response: %s\n", err) 
           return
        }

        fmt.Println(string(body))
}

Python code

#
# Simple python client example 
# Using Python 2.7 and urrlib2 library
#

import time, hashlib
import urllib2

# Your API Key and secret
apiKey = "yourApiKey"
Secret = "yourSecret"

# Signature is generated by SHA256 (Api-Key + Secret + Timestamp (in seconds))
sigStr = "%s%s%d" % (apiKey,Secret,int(time.time()))
signature = hashlib.sha256(sigStr).hexdigest()

endpoint = "https://api.test.hotelbeds.com/hotel-api/1.0/status"

try:
    # Create http request and add headers
    req = urllib2.Request(url=endpoint)
    req.add_header("X-Signature", signature)
    req.add_header("Api-Key", apiKey)
    req.add_header("Accept", "application/xml")

    # Reading response and print-out
    file = urllib2.urlopen(req)
    print file.read()

except urllib2.HTTPError, e:
    # Reading body of response
    httpResonponse = e.read()
    print "%s, reason: %s " % (str(e), httpResonponse)
except urllib2.URLError, e:
    print "Client error: %s" % e.reason
except Exception, e:
    print "General exception: %s " % str(e)

Objective-c

//
//  main.m
//  TestAPI
//
//

#import <Foundation/Foundation.h>
#include <CommonCrypto/CommonDigest.h>

// Compute signature function, calculate SHA256 and returns HEX signature string

NSString *computeSignature(NSString *apiKey, NSString *Secret)
{
    NSData *sigData = [[NSString stringWithFormat: @"%@%@%ld", apiKey, Secret, time(NULL)]
                       dataUsingEncoding:NSUTF8StringEncoding];
    
    // Calculate SHA256 in hash buffer and convert to HEX string
    unsigned char hash[CC_SHA256_DIGEST_LENGTH];
    if ( CC_SHA256([sigData bytes], (CC_LONG)[sigData length], hash) ) {
        NSData *sha256 = [NSData dataWithBytes:hash length:CC_SHA256_DIGEST_LENGTH];
        
        // Convert NSData bytes into HEX string
        NSMutableString *hexSignature = [NSMutableString stringWithCapacity: sha256.length * 2];
        const unsigned char *buf = sha256.bytes;
        for (NSInteger i=0; i<sha256.length; ++i) {
            [hexSignature appendFormat:@"%02lX", (unsigned long)buf[i]];
        }
        
        return hexSignature;
    }
    
    return nil;
}

int main(int argc, const char * argv[]) {
    @autoreleasepool {
        
        // Your API Key and secret
        NSString *apiKey = @"yourApiKey";
        NSString *Secret = @"yourSecret";
        
        // Signature is generated by SHA256 (Api-Key + Secret + Timestamp (in seconds))
        NSString *signature = computeSignature(apiKey, Secret);
        
        // Example of call to the API
        NSString *endpoint = @"https://api.test.hotelbeds.com/hotel-api/1.0/status";
        
        NSMutableURLRequest *request = [[NSMutableURLRequest alloc] init];
        [request setURL: [NSURL URLWithString: endpoint]];
        [request setHTTPMethod:@"GET" ];
        
        // Define mandatory headers (Signature, Api-Key and Accept)
        [request setValue:signature forHTTPHeaderField:@"X-Signature"];
        [request setValue:apiKey forHTTPHeaderField:@"Api-Key"];
        [request setValue:@"application/xml" forHTTPHeaderField:@"Accept"];
        
        // Send request
        NSHTTPURLResponse* urlResponse = nil;
        NSError *errorRequest = nil;
        NSData *responseData = [NSURLConnection sendSynchronousRequest:request returningResponse:&urlResponse error: &errorRequest];
        if (errorRequest)
        {
            NSLog(@"Error sending request: %@", [errorRequest localizedDescription]);
            return -1;
        }
    
        // Check response status code
        if ([urlResponse statusCode] != 200) {
            NSLog(@"HTTP error %ld", [urlResponse statusCode]);
            return -2;
        }
        
        // Get response
        NSLog(@"%@", [NSString stringWithUTF8String:[responseData bytes]]);
        
    }
    return 0;
}

Docs Navigation