This Quickstart Guide provides basic information on the API key Authentication required to access Cloudbeds API resources. This guide will help you to quickly get an API key to start using with your authentication.
For the OAuth 2.0 authentication method please see the article Alternative OAuth 2.0. authentication method.
Once you have access to your Partner Dev account, you can retrieve your API credentials and manage the settings on your App Details Page.
1. Log in into your Cloudbeds Partner account at https://hotels.cloudbeds.com and navigate to the API credentials page for your property by clicking Account > Apps & Marketplace in the upper right corner.
2. Use the menu on the top to navigate to the API Credentials Page.
3. Click the '+ New Credentials' button.
- You may also edit a previously created Client Credentials if you wish to convert that entry, skip to step 6
4. Fill in the details:
Enter the 'Name' of your integration or application
Select the category from the drop-down which best matches your application.
Because API-Key use does not require a functioning Redirect URL, you may enter “https://localhost” in the Redirect URI field
Click 'Save' in the lower right corner.
5. You will be presented with a modal containing Client Credentials in the form of a Client ID and Shared Secret. As these attributes are not required in the payload of an API-key enabled request, you can 'Close' this window and ignore these parameters.
6. Select the new entry from the API Credentials table and scroll to the right to reveal the 'API Key' column heading and click the Create button in your desired row.
7. Once you click the 'Create' button within the desired row, you will be presented with a list of API Scopes which you may select from.
Scope selections should align with the API endpoints you plan to leverage within your integration. You can find these in the Cloudbeds API documentation.
8. Select the required scopes by checking each permission and click the 'Create' button in the lower right.
9. You will be prompted to enter your Cloudbeds login details and to approve the selected permission scopes.
10. Then, you will be presented with the API key, which is only revealed during this process. You must copy the API Key and store it in a secure credential locker or as a secure property within your integration code. The API key cannot be viewed again after this dialogue is closed.
You can now use the API key to access the Cloudbeds API by including the API Key in the request header as x-api-key or as a bearer token
Here are some examples:
curl --location 'https://hotels.cloudbeds.com/api/v1.1/getHotels' \--header 'Authorization: Bearer cbat_EEUFqLgLf7Du0BwMxG4tiR4hcUqplPj5 ' \
curl --location 'https://hotels.cloudbeds.com/api/v1.1/getHotels' \--header 'x-api-key: cbat_EEUFqLgLf7Du0BwMxG4tiR4hcUqplPj5 ' \
You can remove or regenerate a key at any time, in the API Credentials table, in the API Key column you can click the regenerate or trash icons.
Be aware that when a key is removed or regenerated the old key will no longer be available to access the API.
Do API Keys expire?
How to add additional permission scopes after an API key is created?
You would need to access your API credentials tab, find the API Key column of the relevant API credentials and click on the Trash button to delete your API key.
Once deleted, you can proceed to create a new API key with the correct permission scopes.
How to add API keys in Postman?
You can include your API key in the Postman Authorization tab as 'API key' or 'Bearer token'
Organization users who would like to enable API access for all the properties in the organization would need to issue API keys for each property. We don't currently support API Keys for organizations.
As an alternative, we can issue OAuth 2.0. credentials for the organization that grant access to all the properties in the Organization with a single access_token. You simply need to email email@example.com to request the credentials.
Cloudbeds does take reasonable efforts to ensure that API keys are not exposed in any public facing repositories (Github, Gitlab, etc). Should an API key be compromised by public exposure we reserve the right to disable that key and require that you create a replacement Key and update any code to obscure the new key from exposure by unauthorized parties.