Migrating to the new Guesty Open API
How to upgrade to the new Open API.
Guesty's new Open API offers enhanced security with Open Authorization 2.0 (OAuth 2.0), fewer flaws, better documentation, and specialized features for your needs.
In order to migrate from our legacy API to our new Open API, there are four main steps you need to complete.
Important:
Please note that this migration doesn't apply to Zapier, Misterbnb, or other Marketplace integrations that use the old API. These integrations should remain as is until further notice.
Workflow
- Change API Base URL
- Generate your
Client IDandClient Secret - Retrieve Your
Access Token - Refresh your token every 24 hours
Important:
Some endpoints are deprecated with our new Open API. Please see the breaking changes for more information.
Changing Your API Base URL
The base URL for Guesty's new Open API is:
https://open-api.guesty.com/v1/
Note:
All Guesty APIs are served over HTTPS only for security reasons.
Please update your existing requests with the new base URL.
Generating Your Client ID and Client Secret
In OAuth 2.0, Client ID and Client Secret (Client Credentials) replace your legacy API key which existed in Guesty's old API. Follow the steps below to generate your Client Credentials for your application.
Step by step:
- Sign in to your Guesty account.
- In the top menu, click Integrations.
- From the drop-down, select OAuth Applications.
- In the OAuth Applications menu, click New Application.
- In the New Application section, fill in the required information.
- In the top right corner of this section, click Generate new secrets.
- In the pop-up, enter your password to confirm the action.
Your Client Credentials are now generated. Make sure to copy both your Client ID and Client Secret on this page.
Important:
Your
Client Secretis only visible the first time you access it. After that, Guesty redacts theClient Secretfor your security.
Note:
You should remove your legacy API key for a fresh start. Click here to learn how to remove your legacy token from your account.
Retrieving Your Access Token
With the enhanced security of Guesty's new Open API, you need to pass along your Client Credentials to authenticate yourself and get your Access Token. Follow the steps below.
Step by step:
- In the example request below, fill in your application
Client IDandClient Secret.
curl --location --request POST 'https://open-api.guesty.com/oauth2/token' \
--header 'accept: application/json' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'scope=open-api' \
--data-urlencode 'client_secret={application client SECRET}'
--data-urlencode 'client_id={application client ID}' \
- Send your request.
- You will receive a response like below.
{
"token_type": "Bearer",
"expires_in": 86400,
"access_token": "{access_token}",
"scope": "open-api"
}
- Retrieve your
Access Tokenfrom the response.
Your Access Token will be valid for 24 hours. You can use your Access Token token to send your requests to Guesty's Open API. You can take a look at the example request below to see how to send requests using your Access Token.
curl --location --request GET 'https://open-api.guesty.com/v1/listings' \
--header 'accept: application/json' \
--header 'Authorization: Bearer {access_token}'
Refreshing Your Access Token
The Access Token expires every 24 hours, so it must be refreshed once a day using your Client Credentials.
Please keep in mind that this expiration period is subject to change in the future. To minimize the chance of errors, the best practice is to store the value of the expires_in field locally and ensure your token is refreshed 30 minutes or one hour before it expires.
Alternatively, you can also adopt a reactive approach and choose to refresh your token after it expires. You will receive a 401 - Unauthorized error when your token is expired. You can handle the 401 errors and refresh your Access Token accordingly.
Updated over 1 year ago