Guides and Articles

Quickstart Guide - API Authentication for property-level users

This Quickstart Guide provides basic information on the API key Authentication required to access Cloudbeds API resources. This guide will help you to quickly get an API key to start using with your authentication.

Suggest Edits

If you are a technology partner, you can create a property-level API key to get started with your development quickly.
However, you will need to implement the API Keys support at partner level according to our API Keys Authentication Guide for Technology Partnersbefore the certification process.

For the OAuth 2.0 authentication method please see the article Alternative OAuth 2.0. authentication method.

1. Creating API Credentials

Play this video to understand the process of creating API keys

Once you have API access, you can generate your API credentials by following the below steps:

  1. Log in into your Cloudbeds account at https://signin.cloudbeds.com/ and navigate to the API credentials page for your property by clicking Account > Apps & Marketplace in the upper right corner.

  2. Use the menu on the top to navigate to the API Credentials Page.

  3. Click the '+ New Credentials' button.

    1. You may also edit a previously created Client Credentials if you wish to convert that entry, skip to step 6

  4. Fill in the details:

    1. Enter the 'Name' of your integration or application

    2. Select the category from the drop-down which best matches your application.

    3. Because API-Key use does not require a functioning Redirect URL, you may enter “https://localhost” in the Redirect URI field

    4. Click 'Save' in the lower right corner.

  5. You will be presented with a modal containing Client Credentials in the form of a Client ID and Shared Secret. As these attributes are not required in the payload of an API-key enabled request, you can 'Close' this window and ignore these parameters.

  6. Select the new entry from the API Credentials table scroll to the right to reveal the 'API Key' column heading and click the Create button in your desired row.

  7. Once you click the 'Create' button within the desired row, you will be presented with a list of API Scopes which you may select from.

    1. Scope selections should align with the API endpoints you plan to leverage within your integration. You can find these in About Cloudbeds API documentation.

  8. Select the required scopes by checking each permission and click the 'Create' button in the lower right.

  9. You will be prompted to enter your Cloudbeds login details and to approve the selected permission scopes.

  10. Then, you will be presented with the API key, which is only revealed during this process. You must copy the API Key and store it in a secure credential locker or as a secure property within your integration code. The API key cannot be viewed again after this dialogue is closed.

2. Using your API Key

You can now use the API key to access the Cloudbeds API by including the API Key in the request header as x-api-key or as a bearer token

Here are some examples:

curl --location '<https://hotels.cloudbeds.com/api/v1.2/getHotels'> \--header 'Authorization: Bearer cbat_EE*** ' \

curl --location '<https://hotels.cloudbeds.com/api/v1.2/getHotels'> \--header 'x-api-key: cbat_EE*** ' \

3. Deleting or Replacing an API Key

You can remove or regenerate a key at any time, in the API Credentials table, in the API Key column you can click the regenerate or trash icons.

Be aware that when a key is removed or regenerated the old key will no longer be available to access the API.

4. FAQ

Do API Keys expire?

They won’t expire, as long as they are used at least once every 30 days.

How to add additional permission scopes after an API key is created?

You would need to access your API credentials tab, find the API Key column of the relevant API credentials, and click on the Trash button to delete your API key.

Once deleted, you can proceed to create a new API key with the correct permission scopes.

How to add API keys in Postman?

You can include your API key in the Postman Authorization tab as 'API key' or 'Bearer token'

Are API keys supported for organization/group accounts at property level?

Organization users who would like to enable API access for all the properties in the organization would need to issue API keys for each property. We don't currently support API Keys for organizations.
As an alternative, we can issue OAuth 2.0. credentials for the organization that grants access to all the properties in the Organization with a single access_token. You simply need to email [email protected] to request the credentials.

Cloudbeds does make reasonable efforts to ensure that API keys are not exposed in any public-facing repositories (Github, Gitlab, etc). Should an API key be compromised by public exposure we reserve the right to disable that key and require that you create a replacement Key and update any code to obscure the new key from exposure by unauthorized parties.

Updated 14 days ago

What’s Next