There are two ways to access the OwnerRez API, depending on what you're trying to accomplish: Personal Access Tokens and OAuth Apps. Personal Access Tokens let you access your own account via API while OAuth apps let other OwnerRez users grant you access to their accounts so you can access those accounts via API on their behalf.
A Personal Access Token allows you to access your own account via API. To create a new token, go to Developer/API Settings under the dropdown arrow in the top-right of your OwnerRez screen. The token will start with
pt_. When you generate a token you'll get to see it once -- make sure to note down the token so you can use it later.
Personal Access Tokens are rate limited by IP Address -- any given IP address may only access two different user accounts within 24 hours. If you're developing an app that will integrate with many OwnerRez accounts, use the OAuth App method instead.
To make an API call using a Personal Access Token, use basic authentication where the username is your OwnerRez email address and the password is the token. For example, a call to lookup property availability via /api/properties/lookup for a user
email@example.com using a Personal Access Token of
pt_faaaast would be something like:
curl -u firstname.lastname@example.org:pt_faaaast -i -X GET https://secure.ownerreservations.com/api/properties/lookup -H "Content-Type:application/json"
Note that the token-based API authentication is intended for private usage, and is not designed for partner use or wide deployment. If you are a partner wishing to offer your services to OwnerRez clients in general, you need to use our more robust and secure OAuth API authentication.
An OAuth App allows you to access other OwnerRez user's accounts via API (after they have authorized your OAuth App). Follow the OAuth App Guide to create a new app and set up for users to be able to authorize your app into their account.
Once you've got a token for a user, use bearer token authentication to make API requests on behalf of the user. The token will start with
at_. You also must send a User-Agent header identifying yourself which should contain your app name and client id, for example:
User-Agent: My Awesome App/1.0 (c_51234234).
For example, given a token of
at_foobarbaz, you'd make a call like:
Authorization: bearer at_foobarbaz User-Agent: My Awesome App/1.0 (c_51234234) Content-Type: application/json GET https://secure.ownerreservations.com/api/properties/lookup
Or in curl, you can set the Authorization header like this:
curl -H "Authorization: bearer at_foobarbaz" -A "My Awesome App/1.0 (c_51234234)" -i -X GET https://secure.ownerreservations.com/api/properties/lookup -H "Content-Type: application/json"