= Authentication =
To use most API endpoints you will need to include a token headerThere are two kinds of tokens, long life tokens which have read only access, and refresh tokens which generate tokens that can read and make changes.
'''Step 1To use most API endpoints you will need to include a token header in the format "token: Get an invite code'''{token}"
== Invite codes and refresh tokens == '''Step 1: Get an invite code or long life token''' Invite codes and long life tokens can be generated here [https://beds24.com/control3.php?pagetype=apiv2 Invite Codes]
For more information about invite codes, [[API_V2.0#Invite_codes|see here]].
This step is the only one that must be done manually, all other steps can be performed and automated programmatically.
'''Step 2: Get If using an invite code, get a refresh token using the invite code''' Skip this step if using a long life token
You can use the invite code generated in step one with GET /authentication/setup.
This will return a ''token'' and a ''refresh token''.
<span style="color:#019cde; font-size: 150%;“ >{{#fas:info-circle}} </span> ''Tokens'' generated from refresh tokens expire after 24 hours.
'''Step 3: Use the token to authenticate calls'''
The ''token'' returned in step 2 (either a long life token or a token generated using a refresh token) can be included as a header to authenticate calls to other API endpoints. <span style="color:#019cde; font-size: 150%;“ >{{#fas:info-circle}} </span> ''Tokens'' expire after 24 hours.
'''Step 4: Use the refresh token to generate new tokens'''
The webhook payload sent to your URL from the booking webhook found here: Settings -> Properties -> Access -> Booking Webhook
== Channels - settings==
=== GET /channels/settings ===
== Channels - Stripe ==
You can collect the card directly with Stripe so you do not have any PCI DSS obligations.
The procedure would be like this:
1) Make the booking via API and get the new Booking ID.
2) Make a call to API V2 POST /channels/stripe with the booking ID and any charges you want to collect. The line_items should be in the Stripe format for their checkout.
https://docs.stripe.com/payments/checkout
3) POST /channels/stripe will return the session data required to instantly create a Stripe payment checkout you can show the booker and they can securely enter their card while on your site.
https://docs.stripe.com/api/checkout/sessions
4) After the booker enters their card, it is automatically connected to the booking ID and can be charged by API or manually from the control panel.
To use the Stripe endpoints, the process is basically the same as creating a normal Strip Checkout session, except by doing it via our API function it connects the payment to the booking.
Use our API to create the Stripe session and then follow Stripes instructions and use the Stripe API or widgets to create a payment checkout for your page.
The Stripe checkout session will create a Stripe checkout page for receiving payments into the properties Stripe account.
Pass the line_items, success_url and cancel_url in the format required by the Stripe API to create a checkout session.
The line_items format is defined in the Stripe documentation
If the booking already exists, pass it's booking ID as "bookId" and any payments to this checkout session will be added to the bookings invoice.
Setting "capture":false will authorize the amount but not collect the funds.
The Stripe session will be returned, the session id can be used to create the Stripe checkout in your App.
When initializing Stripe in your App, use this pk_live key and the stripe_account value (acct_) from the session response as follows:
<code>
var stripe = Stripe('pk_live_zWSW2ykzZoq4mYcKg9c8jmHS', {
stripeAccount: 'acct_stripe_acccont-value-from-response'
});
</code>
See here for more information https://stripe.com/docs/payments/checkout
=== POST /channels/stripe ===
Get charges for a booking from Stripe.
= Webhooks =
==How long do invite codes/tokens last?==
Invite codes expire after 15 minutes24 hours.
Refresh tokens last forever so long as they are being used. Unused refresh tokens expire after 30 days.
Long life tokens last forever so long as they are being used. Unused long life tokens expire after 90 days. Tokens generated from refresh tokens expire after 24 hours.
==How big are tokens?==