Register for an API Key

It's very quick to get your API Key for testing purpose In only few clicks you will be able to get your API Key for testing purposes. The API key is required to launch every request of our API.

Step 1. Register to get a Mashery ID to access to our developer portal.

Step 2. Following registration, you will receive a confirmation email.
Click on the link in the email and follow the easy next steps.

Step 3.  Generate your own API Key for making calls. At this step, select also an API package and agree to the terms of service.

Step 4.  When you receive your API key, be sure to read the documentation, learn how to make a booking through our API, launch a request in our Sandbox, and be prepared to integrate our system.

At this point you are able to run an example of our workflow using Postman:


After running it, you need to edit the environment changing the {{Api-key}} and {{secret}} variable values with your API key and secret. Then you are ready to test our availability, check and confirm bookings.


For the authentification, send the following headers:

Header name Value
Api-Key Your registered API key

SHA256 encoding signature

How to obtain the X-Signature

To obtain the X-Signature, generate an SHA256 hash in Hex format from your Api key, your secret plus current timestamps in seconds

sha256Hex(apiKey + Secret + System.currentTimeMillis() / 1000)

The following example can be run in a bash shell, if the return status is 200, this means the key and signature are correct.

curl -i \
-X GET \
-H 'Accept:application/json' \
-H 'Api-key:'$apiKey'' \
-H 'X-Signature:'$(echo -n ${apiKey}${secret}$(date +%s)|sha256sum|awk '{ print $1}')'' \

The following example requires the Apache Commons Codec. You can install it from here.

public class Main {

	public static void main(String[] args) {

		try {
			// Your API Key and secret
			String apiKey = "yourApiKey";
			String Secret = "yourSecret";
			// Signature is generated by SHA256 (Api-Key + Secret +
			// Timestamp (in seconds))
			String signature = org.apache.commons.codec.digest.DigestUtils
									 .sha256Hex(apiKey + Secret + System.currentTimeMillis() / 1000);

			// Example of call to the API
			String endpoint = "";
			URL url = new URL(endpoint);

			HttpsURLConnection connection = (HttpsURLConnection) url.openConnection();
			connection.setRequestProperty("X-Signature", signature);
			connection.setRequestProperty("Api-Key", apiKey);
			connection.setRequestProperty("Accept", "application/json");

			InputStream ins = connection.getInputStream();
			InputStreamReader isr = new InputStreamReader(ins);
			BufferedReader in = new BufferedReader(isr);

			String inputLine;
			while ((inputLine = in.readLine()) != null) {

		} catch (Exception e) {

The following example requires cURL. You can install it by editing php.ini and uncommenting ;extension=php_curl.dll. In Ubuntu you can run sudo apt-get install curl and then restart your webserver.


// Your API Key and secret
$apiKey = "yourApiKey";
$Secret = "yourSecret";

// Signature is generated by SHA256 (Api-Key + Secret + Timestamp (in seconds))
$signature = hash("sha256", $apiKey.$Secret.time());

$endpoint = "";

echo "Your API Key is: " . $apiKey . "";
echo "Your X-Signature is: " . $signature . "";

// Example of call to the API
	// Get cURL resource
	$curl = curl_init();
	// Set some options 
	curl_setopt_array($curl, array(
	CURLOPT_URL => $endpoint,
	CURLOPT_HTTPHEADER => ['Accept:application/json' , 'Api-key:'.$apiKey.'', 'X-Signature:'.$signature.'']
	// Send the request & save response to $resp
	$resp = curl_exec($curl);

	// Check HTTP status code
	if (!curl_errno($curl)) {
		switch ($http_code = curl_getinfo($curl, CURLINFO_HTTP_CODE)) {
			case 200:  # OK
				echo "Server JSON Response:" . $resp;
				echo 'Unexpected HTTP code: ', $http_code, "\n";
				echo $resp;
	// Close request to clear up some resources

} catch (Exception $ex) {

	printf("Error while sending request, reason: %s\n",$ex->getMessage());


For the following example start a new Project in Visual Studio for Console App (.NET Framework), not Core, as it does not include WebClient.

using System;
using System.Diagnostics;
using System.Net;
using System.Security.Cryptography;
using System.Text;

namespace Examples {
    class Program {
        public static void Main() {

            const string apiKey = "yourApiKey";
            const string Secret = "yourSecret";

            const string endpoint = "";

            // Compute the signature to be used in the API call (combined key + secret + timestamp in seconds)
            string signature;
            using (var sha = SHA256.Create()) {
                long ts = (long)(DateTime.UtcNow - new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc)).TotalMilliseconds / 1000;
                Console.WriteLine("Timestamp: " + ts);
                   var computedHash = sha.ComputeHash(Encoding.UTF8.GetBytes(apiKey + Secret + ts));
                signature = BitConverter.ToString(computedHash).Replace("-", "");

            Console.WriteLine("Signature: " + signature);

            using (var client = new WebClient()) {
                // Request configuration            
                client.Headers.Add("X-Signature", signature);
                client.Headers.Add("Api-Key", apiKey);
                client.Headers.Add("Accept", "application/xml");

                // Request execution
                string response = client.DownloadString(endpoint);
package main
import (

func main() {

	 // Your API Key and secret
	 apiKey := "yourApiKey"
	 Secret := "yourSecret"

	 // Signature is generated by SHA256 (Api-Key + Secret + Timestamp (in seconds))
	 hasher := sha256.New()
	 signature := hex.EncodeToString(hasher.Sum(nil))

	 // Example of call to the API
	 endpoint := ""

	 // Creating GET Request with headers
	 req, _ := http.NewRequest("GET", endpoint, nil)
	 req.Header.Add("X-Signature", signature)
	 req.Header.Add("Api-Key", apiKey)
	 req.Header.Add("Accept", "application/xml")

	 client := &http.Client{}
	 res, err := client.Do(req)
	 if err != nil {
		 fmt.Printf("Error sending request: %s\n",err)

	 defer res.Body.Close()
	 body, err := ioutil.ReadAll(res.Body)
	 if err != nil {
		 fmt.Printf("Error reading response: %s\n", err) 

# Simple python client example 
# Using Python 2.7 and urrlib2 library

import time, hashlib
import urllib2

# Your API Key and secret
apiKey = "yourApiKey"
Secret = "yourSecret"

# Signature is generated by SHA256 (Api-Key + Secret + Timestamp (in seconds))
sigStr = "%s%s%d" % (apiKey,Secret,int(time.time()))
signature = hashlib.sha256(sigStr).hexdigest()

endpoint = ""

	# Create http request and add headers
	req = urllib2.Request(url=endpoint)
	req.add_header("X-Signature", signature)
	req.add_header("Api-Key", apiKey)
	req.add_header("Accept", "application/xml")

	# Reading response and print-out
	file = urllib2.urlopen(req)

except urllib2.HTTPError, e:
	# Reading body of response
	httpResonponse =
	print "%s, reason: %s " % (str(e), httpResonponse)
except urllib2.URLError, e:
	print "Client error: %s" % e.reason
except Exception, e:
	print "General exception: %s " % str(e)
//	 main.m
//	 TestAPI

#import <Foundation/Foundation.h>
#include <CommonCrypto/CommonDigest.h>

// Compute signature function, calculate SHA256 and returns HEX signature string

NSString *computeSignature(NSString *apiKey, NSString *Secret)
	NSData *sigData = [[NSString stringWithFormat: @"%@%@%ld", apiKey, Secret, time(NULL)]

	// Calculate SHA256 in hash buffer and convert to HEX string
	unsigned char hash[CC_SHA256_DIGEST_LENGTH];
	if ( CC_SHA256([sigData bytes], (CC_LONG)[sigData length], hash) ) {
		NSData *sha256 = [NSData dataWithBytes:hash length:CC_SHA256_DIGEST_LENGTH];

		// Convert NSData bytes into HEX string
		NSMutableString *hexSignature = [NSMutableString stringWithCapacity: sha256.length * 2];
		const unsigned char *buf = sha256.bytes;
		for (NSInteger i=0; i<sha256.length; ++i) {
			[hexSignature appendFormat:@"%02lX", (unsigned long)buf[i]];

		return hexSignature;

	return nil;

int main(int argc, const char * argv[]) {
	 @autoreleasepool {

		// Your API Key and secret
		NSString *apiKey = @"yourApiKey";
		NSString *Secret = @"yourSecret";

		// Signature is generated by SHA256 (Api-Key + Secret + Timestamp (in seconds))
		NSString *signature = computeSignature(apiKey, Secret);

		// Example of call to the API
		NSString *endpoint = @"";

		NSMutableURLRequest *request = [[NSMutableURLRequest alloc] init];
		[request setURL: [NSURL URLWithString: endpoint]];
		[request setHTTPMethod:@"GET" ];

		// Define mandatory headers (Signature, Api-Key and Accept)
		[request setValue:signature forHTTPHeaderField:@"X-Signature"];
		[request setValue:apiKey forHTTPHeaderField:@"Api-Key"];
		[request setValue:@"application/xml" forHTTPHeaderField:@"Accept"];

		// Send request
		NSHTTPURLResponse* urlResponse = nil;
		NSError *errorRequest = nil;
		NSData *responseData = [NSURLConnection sendSynchronousRequest:request returningResponse:&urlResponse error: &errorRequest];
		if (errorRequest)
			 NSLog(@"Error sending request: %@", [errorRequest localizedDescription]);
			 return -1;

		// Check response status code
		if ([urlResponse statusCode] != 200) {
			NSLog(@"HTTP error %ld", [urlResponse statusCode]);
			return -2;

		// Get response
		NSLog(@"%@", [NSString stringWithUTF8String:[responseData bytes]]);

	return 0;

Docs Navigation