How to authenticate Booking Engine API requests.


Contact our team

If you're having trouble, contact us at [email protected] for assistance!

Generating Client ID and Client Secret for your booking engine API instance

Step by step:

  1. Sign in to your Guesty account.
  2. In the top menu, hover over Integrations.
  3. From the drop-down, select Distribution.
  4. Click the Booking Engine API thumbnail.
  5. Click Create a booking engine API instance.
  6. Fill in the required information: Learn more here.
  7. Click Save.
  8. You will be redirected to a list of all Booking Engine API instances in your Guesty account: To the right of the relevant instance, click Show API tokens.
  9. Copy the "Client Secret credentials" and "Client ID credentials" and share them with your developer.

In the example request below, fill in your application Client ID and Client Secret and send your request

curl --location --request POST '' \
--header 'accept: application/json' \
--header 'cache-control: no-cache,no-cache' \
--header 'content-type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'scope=booking_engine:api' \
--data-urlencode 'client_secret={application client SECRET}' \
--data-urlencode 'client_id={application client ID}'

The response will contain the authentication token, token type, expiration time in seconds, and the scope.

    "token_type": "Bearer",
    "expires_in": 86400,
    "access_token": "token body",
    "scope": "booking_engine:api"

Using Your Access Token


Proper Authentication

Booking Engine API (BEAPI) access keys are for authenticating BEAPI requests only. To authenticate requests to our Open API, please follow its authentication steps here.

The Access Token expires every 24 hours, so it must be refreshed once a day using your Client ID and Client Secret.

To minimize the chance of errors, the best practice is to store the value of the expires_in field locally and ensure your token is refreshed before it expires.

To avoid the rate limits on the auth endpoint, we advise hitting the auth endpoint once a day and caching the token for 24 hours. Then reuse that same token for any other Guesty endpoint requests within that 24-hour period.

For example:

  1. Request auth token from auth endpoint
  2. Cache the token
  3. Request Listings (using the cached token)
  4. Request Listing Detail (using the same cached token)
  5. ... and so on for as many requests as needed ...
  6. 24 hours later: Request a new auth token
  7. Cache the new token
  8. Repeat steps 3-7


Read more

You can read more about the booking engine API instant creation on our help center articles here