Migrating to the new Guesty Open API

How to upgrade to the new Open API.

Guesty's new Open API offers enhanced security with Open Authorization 2.0 (OAuth 2.0), fewer flaws, better documentation, and specialized features for your needs.

In order to migrate from our legacy API to our new Open API, there are four main steps you need to complete.


Please note that this migration doesn't apply to Zapier, Misterbnb, or other Marketplace integrations that use the old API. These integrations should remain as is until further notice.


  1. Change API Base URL
  2. Generate your Client ID and Client Secret
  3. Retrieve Your Access Token
  4. Refresh your token every 24 hours



Some endpoints are deprecated with our new Open API. Please see the breaking changes for more information.

Changing Your API Base URL

The base URL for Guesty's new Open API is:




All Guesty APIs are served over HTTPS only for security reasons.

Please update your existing requests with the new base URL.

Generating Your Client ID and Client Secret

In OAuth 2.0, Client ID and Client Secret (Client Credentials) replace your legacy API key which existed in Guesty's old API. Follow the steps below to generate your Client Credentials for your application.

Step by step:

  1. Sign in to your Guesty account.
  2. In the top menu, click Integrations.
  3. From the drop-down, select OAuth Applications.
  4. In the OAuth Applications menu, click New Application.
  5. In the New Application section, fill in the required information.
  6. In the top right corner of this section, click Generate new secrets.
  7. In the pop-up, enter your password to confirm the action.

Your Client Credentials are now generated. Make sure to copy both your Client ID and Client Secret on this page.



Your Client Secret is only visible the first time you access it. After that, Guesty redacts the Client Secret for your security.



You should remove your legacy API key for a fresh start. Click here to learn how to remove your legacy token from your account.

Retrieving Your Access Token

With the enhanced security of Guesty's new Open API, you need to pass along your Client Credentials to authenticate yourself and get your Access Token. Follow the steps below.

Step by step:

  1. In the example request below, fill in your application Client ID and Client Secret.
curl --location --request POST 'https://open-api.guesty.com/oauth2/token' \
--header 'accept: application/json' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'scope=open-api' \
--data-urlencode 'client_secret={application client SECRET}'
--data-urlencode 'client_id={application client ID}' \
  1. Send your request.
  2. You will receive a response like below.
    "token_type": "Bearer",
    "expires_in": 86400,
    "access_token": "{access_token}",
    "scope": "open-api"
  1. Retrieve your Access Token from the response.

Your Access Token will be valid for 24 hours. You can use your Access Token token to send your requests to Guesty's Open API. You can take a look at the example request below to see how to send requests using your Access Token.

curl --location --request GET 'https://open-api.guesty.com/v1/listings' \
--header 'accept: application/json' \
--header 'Authorization: Bearer {access_token}'

Refreshing Your Access Token

The Access Token expires every 24 hours, so it must be refreshed once a day using your Client Credentials.

Please keep in mind that this expiration period is subject to change in the future. To minimize the chance of errors, the best practice is to store the value of the expires_in field locally and ensure your token is refreshed 30 minutes or one hour before it expires.

Alternatively, you can also adopt a reactive approach and choose to refresh your token after it expires. You will receive a 401 - Unauthorized error when your token is expired. You can handle the 401 errors and refresh your Access Token accordingly.