hotelhero

Authentication

To access the various endpoints in the HotelHero API, you'll need to authenticate your requests. This guide provides an overview of the authentication process. The HotelHero API primarily uses API key authentication for securing its endpoints.

API Key Authentication

API key authentication is a simple and secure method to authenticate your requests. You'll be provided with an API key, which you should include in the header of your HTTP requests.

curl https://api.hotelhero.net/v2/hotels \
  -H "Content-Type: application/json" \
  -H "api_key: YOUR_API_KEY"

Always ensure that your API key remains confidential. Avoid exposing it in client-side code or public repositories. If you suspect that your API key has been compromised, contact us immediately.

Security Best Practices

When working with API keys, follow these best practices:

  1. Server-side Usage: Always keep your API key on your server and never expose it in client-side code.

  2. Environment Variables: Store your API key in environment variables rather than hardcoding it in your application code.

  3. Access Control: Limit access to your API key to only the necessary personnel.

  4. Regular Rotation: Consider rotating your API key periodically, especially after team changes.

  5. Minimal Scope: Use the API key only for the specific services and endpoints required.

Error Handling

When authentication fails, the API will return a 401 Unauthorized error. Here are some common authentication errors:

{
  "status": "error",
  "code": 401,
  "message": "Invalid API key. Please provide a valid API key."
}

Rate Limiting

Rate limits specify the maximum number of requests (GET, POST, PUT, or DELETE) a user can make in a given time period. If you exceed the rate limit, you'll receive a 429 Too Many Requests response. If you need a higher rate limit, contact us.

We apply rate limits at the IP address level.

{
  "status": "error",
  "code": 429,
  "message": "Rate limit exceeded. Please try again later.",
  "retry_after": 60
}

Troubleshooting

If you're experiencing authentication issues, try these troubleshooting steps:

  1. Verify API Key: Double-check that you're using the correct API key.

  2. Check Header Format: Ensure the api_key header is correctly formatted.

  3. Inspect Full Response: Look at the complete error response for specific details.

  4. Check for Whitespace: Verify that there's no accidental whitespace in your API key.

  5. Test with cURL: Use a simple cURL request to test authentication separately from your application code.

If you continue to experience issues, please contact our support team with details about your implementation and the specific errors you're encountering.