For testing BookingSync API v3 you must register an application on the BookinSync website.
While creating your test application to use in console, make sure to use the following redirect_uri:
urn:ietf:wg:oauth:2.0:oob
As a one time process, you will need to authorize your application by requesting the account owner to grant you access.
This process require user interaction but won’t be required any more, so you can perfectly run background jobs later on.
This authorization can only be revoked if the account owner uninstall your application.
Use the schema below with by replacing:
CLIENT ID: Application’s Client IDhttps://www.bookingsync.com/oauth/authorize?client_id=CLIENT_ID&redirect_uri=urn:ietf:wg:oauth:2.0:oob&response_type=code
Note: To request authorization for custom scopes,
add at the end of this URL, a space separated list like:
&scope=bookings_read%20rentals_read (%20 represent a space within URLs)
Visit the generated URL, and authorize access to your test Application for a BookingSync user.
Use the schema below with by replacing:
CLIENT ID: Application’s Client IDCLIENT_SECRET: Application’s Client Secret (do not share, same as password)
RETURNED_CODE: Displayed Authorization Codehttps://www.bookingsync.com/oauth/token?client_id=CLIENT_ID&client_secret=CLIENT_SECRET&code=RETURNED_CODE&grant_type=authorization_code&redirect_uri=urn:ietf:wg:oauth:2.0:oob
Make a POST request to this URL to get your Authentication Token.
Example with CURL:
curl -X POST -d "client_id=CLIENT_ID&client_secret=CLIENT_SECRET&code=RETURNED_CODE&grant_type=authorization_code&redirect_uri=urn:ietf:wg:oauth:2.0:oob" "https://www.bookingsync.com/oauth/token"Sample response:
{
"access_token": "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef",
"token_type": "bearer",
"expires_in": 7200,
"refresh_token": "fedcba9876543210fedcba9876543210fedcba9876543210fedcba9876543210",
"scope": "public"
}Note: Tokens (access_token) are only valid for 2 hours, you then need to use the
Refresh Token to regenerate and new set of Tokens or restart the flow you just used.
Once your application is authorized, you only need this single step to get a valid access_token if the one you have is expired.
API calls made with expired access_token will return an HTTP Status Code 401 (Unauthorized).
To prevent this from happening, you can request a new access_token using the refresh_token as demonstrated below before the access_token expiration.
You can find your token lifetime (in seconds), by checking the expires_in attribute in authorization response.
A refresh token is valid as long as it's used (or your application is uninstalled), therefore you can also request a new set of tokens after expiration of your access_token.
A new refresh_token will be generated after each refresh, therefore make sure to save it.
As the refresh token gives you lifelong access to an account, it must be stored securely.
Use the schema below with by replacing:
CLIENT ID: Application’s Client IDCLIENT_SECRET: Application’s Client Secret (do not share, same as password)
REFRESH_TOKEN: Refresh Token given when you got your Access Token in the previous stephttps://www.bookingsync.com/oauth/token?client_id=CLIENT_ID&client_secret=CLIENT_SECRET&refresh_token=REFRESH_TOKEN&grant_type=refresh_token&redirect_uri=urn:ietf:wg:oauth:2.0:oob
Make a POST request to this URL to get your refreshed Authentication Token.
Example with CURL:
curl -X POST -d "client_id=CLIENT_ID&client_secret=CLIENT_SECRET&refresh_token=REFRESH_TOKEN&grant_type=refresh_token&redirect_uri=urn:ietf:wg:oauth:2.0:oob" "https://www.bookingsync.com/oauth/token"Sample response:
{
"access_token": "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef",
"token_type": "bearer",
"expires_in": 7200,
"refresh_token": "fedcba9876543210fedcba9876543210fedcba9876543210fedcba9876543210",
"scope": "public"
}