Need an account first? Credentials are issued during onboarding, not here. ā Supported Airlines & Onboarding
ā Credentials ā ā” Endpoint ā ⢠HMAC headers ā ⣠AirShopping call ā ⤠Read response āāā¶ next: OfferPrice ā OrderCreateš§© Key idea: Your credentials do three different jobs ā some sign the request, one points it to the right URL, and others identify your agency inside the body. They are not interchangeable. Keeping this straight is the single biggest thing that prevents errors.
| Job | Value(s) | Goes into |
|---|---|---|
| š Sign the request | TenantID | Authorization header ā username |
| PolarHub API Key | Authorization header ā signature | |
| š Point the request | PolarHub Endpoint | The request URL (Step 2) |
| š¦ Identify your agency | AgencyID / SalesBranchID | Request body ā Sender.TravelAgency |
ā ļø The signing values (header) and the agency values (body) are not interchangeable ā mixing them up is a common cause of auth errors. ( SalesBranchIDis the branch value set in Albus.)
POST {POLARHUB_ENDPOINT}/hub/polarpie/v2/airShoppingOptional ā AirShoppingPlus: {POLARHUB_ENDPOINT}/exp/polarhub/v2/airshoppingapplies response-side offer curation. For the shortest path, use the Default endpoint above; see the AirShopping page for AirShoppingPlus.
| Header | What to put in it |
|---|---|
x-date | Current timestamp in GMT, RFC1123 format |
Digest | SHA-512= + Base64( SHA-512 of the raw request body ) |
Authorization | See the format below |
Content-Type | application/json |
Authorization is built:Authorization: hmac username="YOUR_TENANT_ID", algorithm="hmac-sha512", headers="x-date digest", signature="BASE64_HMAC_SHA512_OF_XDATE_PLUS_DIGEST"username = your TenantIDsignature = HMAC-SHA512 of (x-date + digest), keyed with your PolarHub API Key, then Base64-encodedx-date: Tue, 26 Aug 2025 10:12:34 GMT
Digest: SHA-512=BASE64_SHA512_OF_BODY
Authorization: hmac username="YOUR_TENANT_ID", algorithm="hmac-sha512", headers="x-date digest", signature="BASE64_HMAC_SHA512_OF_XDATE_PLUS_DIGEST"
Content-Type: application/jsonš” Don't hand-build the signature string. Use the working sample code on the Authentication: HMAC Guide (Node.js, Python, Java, Postman) as the source of truth.
Sender, PointOfSale, TransactionID, Query.Query, only OriginDestList and PaxList are required ā Cabin and Criteria are optional (shown below for a typical search).š TransactionID is a body field, not a header. It's a unique 32-character value (a UUID with the hyphens removed) used as the internal log-tracking key. Generate one per AirShopping session, then reuse the same value for the OfferPrice and OrderCreate calls that follow.
{
"Sender": { "TravelAgency": { "AgencyID": "YOUR_AGENCY_ID", "SalesBranchID": "01" } },
"PointOfSale": "KR",
"TransactionID": "YOUR_TRANSACTION_ID_32HEX_UNIQUE",
"Query": {
"OriginDestList": [
{ "OriginCode": "ICN", "DestCode": "SIN", "DepartureDate": "2026-09-10" }
],
"PaxList": [ { "Ptc": "ADT", "PaxID": "PAX1" } ],
"Cabin": "Y",
"Criteria": { "Direct": false, "AirlinePreference": { "AirlineID": ["SQ"] } }
}
}ADT / CHD / INF, up to 9 passengers.Y / W / C / F.ResultMessage ā check this first: confirms success, or gives error details.Offer[] ā each offer holds its OfferItem[] (fares, baggage, fare rules). Iterate to find the one you want.DataLists ā flight details live here. Offers reference PaxJourney / PaxSegment entries by ID, which hold the actual segments, carriers, times, and equipment.TransactionID throughout:This AirShopping ā OfferPrice (same TransactionID) ā OrderCreate (same TransactionID)ā ļø Partial results: When MatchResult = Partial(e.g. LH, EK), per-leg offers must follow the combinability hints inAugmentationPointbefore being priced as a round trip. This is beyond the Quickstart ā see the AirShopping page.
š For BA, AF, KL, OrderCreate requires agency contact info ( ContactInfoRefID: email, plus address/phone depending on the carrier). A missing value returns an error.
š® Support ā Inquiries: email halosync_support@halocorp.kr, or check FAQ & Contact. To report a problem, follow Reporting an Issue.