Articles in this section

Quickstart Guide for property-level API users

Avatar
Heather Stanley

This Quickstart Guide provides basic information on the OAuth 2.0. Authentification required to access Cloudbeds API resources.
For more detailed information, access our OAuth 2.0. article.

Quickstart guide for property-level API users

1. API access

Once you have finished onboarding and become familiar with Cloudbeds, navigate to  Accounts > Settings >  API Credentials.

Two scenarios will apply depending on your property package, please see full details here 

  1.  API Access is ready to be used as included in your package.
  2.  API Access is on request and for additional cost.

If you have a group account with multiple properties, send us an email to integrations@cloudbeds.com and we'll provide the next steps.

2. Create your API credentials

For single property API credentials,  Accounts > Settings >  API Credentials and click on New Credentials to generate your API credentials.

You will need to fill-in the below details:

  1. Name: It is a free text field. We recommend you enter the name of the tool you are connecting via the API. It should as specific as possible, as you may have multiple sets of credentials.
  2. Integration type: Select an option from the dropdown. 
  3. Redirect URI: It is the predefined URL where the OAUth 2.0. authorization_code is forwarded to.

For testing purposes, you can generate an endpoint in https://webhook.site/ and use it as a redirect URI.

Your  client_id  and  client_secret  are returned as soon as you click on Save. You can reset your  client_secret anytime.
It is possible to generate multiple sets of credentials for different integrations.  

In order to authenticate the API access, you need to create an OAuth link with the below format:

https://hotels.cloudbeds.com/api/v1.1/oauth?client_id=[client_id]&redirect_uri=[redirect_uri]&response_type=code

Once a user with role permission to manage the API credentials accesses the OAuth link above in their browser and approves the integration, the authorization_code is forwarded to the redirect URL.

This authorization_code is valid for 10 minutes, it can only be used once and it can be exchanged by an access_token to access the API resources.

The  authorization_code is also visible in the URL line of the browser:

4. Exchange your authorization_code for an access_token.

Once you authorize the integration and you are redirected to your redirect URI with the authorization_code, you need to send an access_token (grant_type: authorization_code) call to exchange the authorization_code for an access_token and refresh_token.

5. Access the property resources

The access_token returned by /access_token may be used to access Cloudbeds API by including it in the authorization header of your requests (Authorization: Bearer vjsZOLa2tMazV09T01SlwIQGq8HC56LYL8kXcBBp).

6. Refresh your access_token

The  access_token  is valid for 60 minutes and the refresh_token  is permanent and does not expire.
You can send a an access_token (grant_type: refresh_token) call to refresh the   access_token .

In the response, a new  access_token and the permanent refresh_token will be returned.

Related articles

Comments

0 comments

Please sign in to leave a comment.