Guides

Authentication

How to authenticate Booking Engine API requests.

Suggest Edits

📘

Contact our team

If you're having trouble, contact us at booking-engine-support@guesty.com for assistance!


Generating Client ID and Client Secret for your booking engine API instance


Step by step:


  1. Sign in to your Guesty account.
  2. In the top menu, hover over Growth.
  3. From the drop-down, select Distribution.
  4. Click the Booking Engine API thumbnail.
  5. Click Create a new API key.
  6. Fill in the required information: Learn more here.
  7. Click Save.
  8. Locate the relevant key pair, and use the copy icon to the right of each credential to copy your Client secret and Client ID and share them with your developer.

In the example request below, fill in your client_secret and client_id and send your request


curl --location --request POST 'https://booking.guesty.com/oauth2/token' \
--header 'accept: application/json' \
--header 'cache-control: no-cache,no-cache' \
--header 'content-type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'scope=booking_engine:api' \
--data-urlencode 'client_secret={application client SECRET}' \
--data-urlencode 'client_id={application client ID}'

The response will contain the access token, token type, expiration time in seconds, and the scope.


{
    "token_type": "Bearer",
    "expires_in": 86400,
    "access_token": "token body",
    "scope": "booking_engine:api"
}

Using Your Access Token


❗️

Proper Authentication

Booking Engine API (BEAPI) access keys are for authenticating BEAPI requests only. To authenticate requests to our Open API, please follow its authentication steps here.


The access_token expires every 24 hours, so it must be refreshed once a day using your client_id and client_secret.

To minimize the chance of errors, the best practice is to store the value of the expires_in field locally and ensure your token is refreshed before it expires.

To avoid the rate limits on the auth endpoint, we advise hitting the auth endpoint once a day and caching the token for 24 hours. Then reuse that same token for any other Guesty endpoint requests within that 24-hour period.

For example:

  1. Request auth token from auth endpoint
  2. Cache the token
  3. Request Listings (using the cached token)
  4. Request Listing Detail (using the same cached token)
  5. ... and so on for as many requests as needed ...
  6. 24 hours later: Request a new auth token
  7. Cache the new token
  8. Repeat steps 3-7

📘

Read more

You can read more about the booking engine API instance creation in our help center articles here.

Updated 23 days ago