Sign in

To view secure documentation please login with EAN Service Desk, using the link below.

EAN service desk

No EAN Service Desk account?

Please contact your EAN representative

Sign in

Signature AuthenticationAll Versions

API Key Authentication and Access

EAN's signature authentication method is required for all API requests. You'll use the HTTP Authorization header to transmit your API key and an SHA-512 signature hash with each request. The signature hash consists of your API key, shared secret, and a UNIX timestamp.

Creating Your Authorization Header

EAN expects your authorization header to use the format below - note the required EAN prefix. This prefix ensures the correct authorization rules are applied to your request.

Authorization: EAN APIKey=yourAPIKey,Signature=sha512Hash,timestamp=yourUNIXTimestamp

Your signature value is the unsalted SHA-512 hash of the concatenation of your API Key + shared secret + UNIX timestamp in seconds.

Your timestamp value must be the same value used to generate your signature. If a different timestamp value is provided, EAN will not be able to verify your signature hash value and your request will be rejected.

Here is an example complete Authorization header:

Authorization: EAN APIKey=dkc4wrkp7w58wx5v2jxen2kx,Signature=Mgup2Azf,timestamp=1476739212
Note: NTP Clock Sync

EAN syncs internal server times using Network Time Protocol (NTP). If you use NTP as well, clock sync issues should not occur. Most modern operating systems support this or similar time sync services – check your OS documentation. The system accepts timestamps up to five minutes before or after the server timestamp to accommodate for reasonable clock drift.

Signature Generation Code Samples


$apiKey = "abcdefg";
$secret = "1a2bc3";
$timestamp = time();
$authHeader = 'Authorization: EAN APIKey=' . $apiKey . ',Signature=' . hash("sha512", $apiKey.$secret.$timestamp) . ',timestamp=' . time();


var crypto = require('crypto');
var request = require('request');
var apiKey = "123";
var secret="123";
var timestamp = Math.round((new Date().getTime()/1000));
var hash = crypto.createHmac('sha256', apiKey+secret+timestamp).digest('hex');
var authHeaderValue = 'EAN APIKey=' +apiKey+ ',Signature=' + hash + ',timestamp=' + timestamp;


import java.util.Date;
String apiKey = "123";
String secret = "123";
Date date= new java.util.Date();
Long timestamp = (date.getTime() / 1000);
String signature = null;
try {
   String toBeHashed = apiKey + secret + timestamp;
   MessageDigest md = MessageDigest.getInstance("SHA-512");
   byte[] bytes = md.digest(toBeHashed.getBytes("UTF-8"));
   StringBuilder sb = new StringBuilder();
   for(int i=0; i< bytes.length ;i++){
       sb.append(Integer.toString((bytes[i] & 0xff) + 0x100, 16).substring(1));
   signature = sb.toString();
} catch (NoSuchAlgorithmException e) {
} catch (UnsupportedEncodingException e) {
String authHeaderValue = "EAN APIKey=" + apiKey +  ",Signature=" + signature + ",timestamp=" + timestamp;


import hashlib
import datetime
apiKey = "123"
secret = "123"
timestamp = str(int(time.time()));
authHeaderValue = "EAN APIKey=" + apiKey + ",Signature=" + hashlib.sha512(apiKey+secret+timestmap).hexdigest() + ",timestamp=" + timestamp


require 'digest'
timestamp =
toBeHashed = "#{apiKey}#{secret}#{timestamp}"
signature =
authHeaderValue = "EAN APIKey=#{apiKey},Signature=#{signature},timestamp=#{timestamp}"


String apiKey = "123";
String secret = "123";
TimeSpan epochTicks = new TimeSpan(new DateTime(1970, 1, 1).Ticks);
TimeSpan unixTicks = new TimeSpan(DateTime.UtcNow.Ticks) - epochTicks;
double unixTime = (int)unixTicks.TotalSeconds;
var toBeHashed = apiKey + secret + unixTime;
var bytes = System.Text.Encoding.UTF8.GetBytes(toBeHashed);
using (var hash = System.Security.Cryptography.SHA512.Create())
   var hashedInputBytes = hash.ComputeHash(bytes);
   var hashedInputStringBuilder = new System.Text.StringBuilder(128);
   foreach (var b in hashedInputBytes)
   var signature = hashedInputStringBuilder.ToString();
   var authHeaderValue = "EAN APIKey=" + apiKey + ",Signature=" + signature +",timestamp=" + unixTime;


use strict;
use Crypt::Digest::SHA512 qw(sha512_hex);
my $apiKey = '123';
my $secret = '123';
my $timestamp = time;
my $sig = sha512_hex($apiKey . $secret . $timestamp);
my $authHeaderValue = "EAN APIKey=".$apiKey.",Signature=".$sig.",timestamp=".$timestamp;
print $authHeaderValue;

Protecting your Shared Secret

The shared secret provided to you in the EAN Affiliate Center is critical to the security of your request data – treat it like a password. Never include the raw value in any publicly accessible site or app code. Your account representative will provide you with your shared secret and API key when you are approved to integrate EAN Rapid.

New Release - EAN Rapid 2.1

EAN Rapid 2.1 has been fully released to production! Find out what's new or see our changelog details to get started. Rapid 2.0 documentation is still available via the version drop-down menu in the upper right corner of each doc page.