Quickstart Guide for technology partners

Once you have access to your Partner Dev account, you can retrieve your API credentials and manage the settings on your App Details Page.

The below details will be required as part of the OAuth 2.0. authentication:

1. client_id - Client ID issued by Cloudbeds.
2. client_secret - You can click on 'Generate New Secret' to retrieve your client reset for the first time or to reset it.
3. redirect_uri  -  It is the predefined URL where the OAUth 2.0. authorization_code is forwarded to.
4. Permission scopes - Select the permission scopes required for the API endpoints you intend to use. You can find details on the scopes related to each endpoint in the API documentation.

Based on the User Authorization Flow Options implemented, the property user can find your App in Cloudbeds Marketplace.
When clicking on the Connect App option, the user is directed to your OAuth link (defined in the App Details page) to confirm your permission scopes and, upon successful authorization, they are redirected to your predefined redirect_uri  with the  authorization_code .

Once the user authorizes the integration with your App and is redirected to your redirect URI with the authorization_code, you need to send an access_token (grant_type: authorization_code) call to exchange the authorization_code for an access_token and refresh_token.

The access_token returned by /access_token may be used to access Cloudbeds API by including it in the authorization header of your requests (Authorization: Bearer vjsZOLa2tMazV09T01SlwIQGq8HC56LYL8kXcBBp).

The  access_token  is valid for 60 minutes and the refresh_token  is permanent and does not expire.
You can send a an access_token (grant_type: refresh_token) call to refresh the   access_token .

In the response, a new  access_token and the permanent refresh_token will be returned.