OAuth
Access token expires every 1 hour (3600 seconds).
Refresh token persists after every use and does not expire.
Authorization code is active for 10 minutes and can be used only once.
If you didn't save the access_token
, you still can use the refresh_token
to request a new access_token
.
If you didn't save your refresh_token
, then the app needs to be re-authorized, please see OAuth 2 flow from 1. Initiate OAuth .
Maximum 1 x an hour a token should be refreshed.
Redirect URI is needed for the OAuth 2.0 flow. We will be providing authorization codes to your preconfigured URI after the user authorities the connection.
It is outlined in our documentation here OAuth guide here.
Yes, we do accept sub domains as the OAuth redirect URL. Not a problem at all.
Yes there are some limitations.
- We do not accept redirect_uri with wildcards, for example, you can not register https://*.mydomain.com so that you could send any subdomain in parameter. SSL certificate (https://) is necessary and non-negotiable.
- Currently we cannot accept dynamic parameter in redirect URI
OAuth can be used to authenticate your desktop client into Cloudbeds API. OAuth authentication flow requires you to use an endpoint on your side (named redirect url) to which we'll redirect the user with an authorization code that can be used to retrieve access and refresh tokens that work as authentication credentials on all the other requests you may submit to Cloudbeds API. "localhost" can be used as such endpoint, but your desktop app should be able to render a HTML page in which your users will log into Cloudbeds account, and it also should be able to receive and parse HTTP (in dev stages) and HTTPS (beta and live stages) requests.
No, Cloudbeds can't be used as an identity provider and can't be used for SSO.
General
The Cloudbeds API has the following polling limits. While these are enforced, we do allow some margin of error. We encourage all to respect the following limits:
Properties and Group Properties: 5 requests per second
Tech Partners: 10 requests per second
Yes there is! We have recently began to send monthly newsletters with additions and modifications that have been done during the previous months. To register, see the footer of this page or click here. In case you missed any, all of the relevant updates can be found in our Changelog.
Our API is only open Technology Partners who wish to build to us and can offer a product to our clients. To become a technology partner tell us more here.
For Property Level API please refer to the following article.
Methods and parameters
We don't offer a test server, but we do offer a Technology Partner Test Accounts on our production server. It has dummy data and will allow you to try out your integration.
With the same account you will manage the details (app screenshots, app icon, copy) of your app in our App Directory.
Allowed values are property based. Possible strings are: visa
, master
, amex
, aura
, diners
, hiper
, elo
, Discover
, jcb
, maestro
, dan
, PostCard
, Eurocard
, union_pay
, visaelectron
, Bankcard
, cunion
, BANRICOMPRAS
Here is the list with their names and codes:
- English-en
- Brazilian Portuguese-pt-br
- Spanish-es
- Russian-ru
- Ukranian-ua
- Italian-it
- German-de
- French-fr
- Estonian-ee
- Polish-pl
- Dutch-nl
- Finnish-fi
- Greek-gr
- Japanese-jp
- Thai-th
- Chinese-ch
- Hebrew-il
- Korean-kr
- Swedish-se
- Norwegian-no
- Lithuanian-lt
- Vietnamese-vn
- Hungarian-hu
- Slovak-sk
- Czech-cz
- Romanian-ro
- Arabic-ae
Ideally, we allow up to 6 calls to be used for an integration. Depending on your use case additional 1-2 will be allowed.
We maintain a list of app blueprints explaining how an app could connect and use our calls in order to benefit from our API. See our Sample Use Cases/Blueprints for different app types.
To post a rate, it must be registered in MFD. It is possible to see all rates using /getRatesPlan. getRatesPlan returns all rates/plans, independent of it being applicable to the dates (sent in the request). The difference is, if the plan isn't applicable, it will send many fields with the value 0 (example: "roomsAvailable": 0). This means that the plan isn't applicable to the parameters given.
As said, the call must be registered in MFD. At the moment, there's no call that allows that to be done with the API.
It doesn't take into consideration any applicable rate plans or promos (especially because no promo code can be sent to the call).
No, getTransactions provides the list of transactions already posted into myfrontdesk folio.
For example, if you want to see all of the guests/reservations for February 26, 2021 use these filters: checkInTo=2021-02-26&checkOutFrom=2021-02-26
Testing
We require a minimum of 5 pilot properties and up to 10 for the official go-live.
We suggest using Postman (https://www.getpostman.com/) for testing and understanding the overall usage of our calls. Although we do not give support, we do offer our public API Collection of calls that can be used in Postman. See video in our Set up environment & test OAuth 2 in Postman article to get help.
Comments
0 comments
Please sign in to leave a comment.