API Authentication and Permissions

Guesty's platform API allows you to query the Guesty's API according to your token permissions.
The API enables integrator to create, update and delete data in various objects such as Users, Listings, Calendars, Reservations, Hooks, Guests and many more.
Integrator access is limited by permissions provided during the initial set up (between Guesty and the integrator).
This page covers the initial setup phase, API authentication process and available permissions in high level.

API Technical Documentation
In order to view the API technical documentation please visit Guesty's technical API documentation.

Initial Setup
Guesty provides two types of integrations:

  1. Internal integration: available to all of Guestys users via the dashboard. Allows users to create internal API tokens. To read more about internal integrations visit the API took kit help page
    Internal integration tokens has complete access to the Guesty API and therefore should never be shared with any external services.
  2. 3rd party services and partners: any integrator can start the setup phase by contacting Guesty at product@guesty.com. This phase includes adding the integrator to Guesty's marketplace and providing the required permissions.

Guesty's API uses basic auth which requires the integrator to authenticate requests using a token composed of an API key ID and an API key secret.

Guesty generates the token for each integrator when a user chooses to connect to a services available on the integration marketplace.

The flow for generating a token is simple:

  1. The user access the Guesty integration marketplace: Account -> Integration -> Marketplace
  2. A unique token is generated for the user and the chosen service.
  3. At this point it's the integrator responsibility to get the token from the user.
  4. The integrator uses the token in all API requests.
  5. As long as the token is valid (the user didn't disconnect from the service or created a new token) - Guesty will respond to API requests with the requested data.

Guesty provides each integrator with a specific permissions type. Each permission type defines which requests the integrator will be able to use in the Guesty API.
The permission type is provided to the integrator during the initial setup phase.
Internal integrations are provided with complete access to the API and therefore should only be used internally and should never be shared with external services.

Guesty API Permissions Matrix defines which parts of the API are available to each partner category.

Was this article helpful?
0 out of 0 found this helpful