Authentication
All LodgeFlow REST APIs use Bearer token authentication.
Request headers
Authorization: Bearer sk_live_xxxxxxxx
Content-Type: application/jsonScopes
| Scope | Access |
|---|---|
bookings:read | List and retrieve reservations |
bookings:write | Create and modify reservations |
properties:read | Property metadata for embeds |
Key rotation
Rotate keys in the partner dashboard. Overlap old and new keys for up to 24 hours during migration.
iFrame vs API keys
iFrame embeds use property-scoped public embed tokens (property_id), not secret API keys. Never expose sk_live_ or sk_test_ keys in client-side HTML.
Last updated on