Guides and Articles

Migration from Oauth 2.0 to API Keys for Technology Partners (Optional)

Suggest Edits

Get Started

Please contact [email protected] to request an additional set of API credentials - API Keys under your partner account to ensure that your flow works successfully. The team will guide you with the following steps. Please let us know when you are ready for Re-Certification, this can be coordinated via email or call.

Re-certification

A short certification will take place to test the new flow with API Keys, this will involve a connection to 2 test accounts with your dev/test API credentials with Oauth2.0 followed by the migration to API Keys Automatic Delivery to ensure that the process will be successful when performed in Production.

Recommended flow: API Keys Automatic delivery

Once the re-certification has been completed, you will be able to migrate all properties at once without the need for customer re-authorization, please see important considerations below:

  • You will need to coordinate with us and let us know when we should switch our setting from Oauth2.0 to API Keys Automatic Delivery for your Production Environment

    • (Internal Cloudbeds settings to be switched)

  • You must stop using Oauth2.0 flow as soon as the exchange is completed.

  • If you generate a new access token with the Refresh token with Oauth2.0, it will invalidate the new API key.

  • Failing to follow the below guidelines will involve each property having to re-authorize your new App with API Keys.

Exchange Refresh token for API Key

You will need to send an access_token (grant_type: refresh_token_exchange) call to exchange the refresh token for an API Key. The API Key will be returned to you in the access token field, the API key will always start with “cbat_”.

Request Example:
curl --location --request POST 'https://hotels.cloudbeds.com/api/v1.2/access\_token' \

--header 'Content-Type: application/x-www-form-urlencoded' \

--data-urlencode 'grant_type=refresh_token_exchange' \

--data-urlencode 'client_id=br**_xxxxx' \

--data-urlencode 'client_secret=123456abcd' \

--data-urlencode 'refresh_token=0987654edcba'

Request Response:
{
"access_token": "cbat_xyz123",

}

Access the property resources

The API key returned by /access_token will be used to access Cloudbeds API by including it in the authorization header of your requests (Authorization: Bearer cbat\_9T01SlwIQGq8HC56LYL8kXcBBp). Each key gives access to either the single property that requested it, or to all properties of an organization that requested it.

curl --location 'https://hotels.cloudbeds.com/api/v1.1/getHotels' \--header 'Authorization: Bearer cbat\_HgRtFd02sdU587LyW59zrtm3JV5Xc' \

Updated about 1 month ago