Experience the difference of "Elite".

Getting Started

Core Concepts

Overview

Bookings & Quotes

Damage Protection

Data Management

Deposits

Email Template Library

Fields

Guests

Integrations

Listing Site Integration

Messaging

My Account

Payment Processing

Privacy & Security

Properties

Property Management

Quotes

Rates

Renter Agreements

Reporting

Reviews

Rules

Security Deposits

Suppressed Email Addresses

Tags

Taxes

Team Access

Technical Stuff

Travel Insurance

Triggers

Verified Email Domains

Channel Management

Channel Management

API Integrations

Calendar Import/Export

Channel Bridge

Integrations

OwnerRez APIs

Payment Processing

Testing

Websites

Change Log

2024

2023

2022

2021

2020

2019

Staff Reference

API for Apps - Authentication

There are two ways to access the OwnerRez API, depending on what you're trying to accomplish: Personal Access Tokens and OAuth Apps. Personal Access Tokens let you access your own account via API while OAuth apps let other OwnerRez users grant you access to their accounts so you can access those accounts via API on their behalf.

Personal Access Tokens

A Personal Access Token allows you to access your own account via API. To create a new token, go to Developer/API Settings under the dropdown arrow in the top-right of your OwnerRez screen. The token will start with pt_. When you generate a token you'll get to see it once -- make sure to note down the token so you can use it later.

Personal Access Tokens are rate limited by IP Address -- any given IP address may only access two different user accounts within 24 hours. If you're developing an app that will integrate with many OwnerRez accounts, use the OAuth App method instead.

To make an API call using a Personal Access Token, use basic authentication where the username is your OwnerRez email address and the password is the token. For example, a call to lookup property availability via /api/properties/lookup for a user wylie@acme.com using a Personal Access Token of pt_faaaast would be something like:

curl -u wylie@acme.com:pt_faaaast -i -X GET https://secure.ownerrez.com/api/properties/lookup -H "Content-Type:application/json"

Note that the token-based API authentication is intended for private usage, and is not designed for partner use or wide deployment.  If you are a partner wishing to offer your services to OwnerRez clients in general, you need to use our more robust and secure OAuth API authentication.

OAuth Apps

An OAuth App allows you to access other OwnerRez user's accounts via API (after they have authorized your OAuth App). Follow the OAuth App Guide to create a new app and set up for users to be able to authorize your app into their account.

Once you've got a token for a user, use bearer token authentication to make API requests on behalf of the user. The token will start with at_. You also must send a User-Agent header identifying yourself which should contain your app name and client id, for example: User-Agent: My Awesome App/1.0 (c_51234234).

For example, given a token of at_foobarbaz, you'd make a call like:

Authorization: bearer at_foobarbaz
User-Agent: My Awesome App/1.0 (c_51234234)
Content-Type: application/json
GET https://secure.ownerrez.com/api/properties/lookup

Or in curl, you can set the Authorization header like this:

curl -H "Authorization: bearer at_foobarbaz" -A "My Awesome App/1.0 (c_51234234)" -i -X GET https://secure.ownerrez.com/api/properties/lookup -H "Content-Type: application/json"