AIRBNB FRONTEND GUIDE FOR AI CODING AGENTS
This document is a rest api guide for the airbnb project. The document is designed for AI agents who will generate frontend code that will consume the project backend.
The project has got 1 auth service, 1 notification service, 1 bff service and business services. Each service is a separate microservice application and listens the HTTP request from different service urls.
The services may be in preview server, staging server or real production server. So each service have got 3 acess urls. Frontend application should support all deployemnt servers in the development phase, and user should be able to select the target api server in the login page.
Project Introduction
airbnb is a global platform enabling hosts to list properties and guests to book short-term stays with secure payments, messaging, and review systems. It connects hosts and guests through a robust travel/hospitality marketplace, handling authentication, bookings, payments, and moderation. The backend supports global operations with multi-language and multi-currency features...
API Structure
Object Structure of a Successfull Response
When the service processes requests successfully, it wraps the requested resource(s) within a JSON envelope. This envelope not only contains the data but also includes essential metadata, such as configuration details and pagination information, to enrich the response and provide context to the client.
HTTP Status Codes:
- 200 OK: This status code is returned for successful GET, LIST, UPDATE, or DELETE operations, indicating that the request has been processed successfully.
- 201 Created: This status code is specific to CREATE operations, signifying that the requested resource has been successfully created.
Success Response Format:
For successful operations, the response includes a
"status": "OK"
property, signaling the successful execution of the request. The
structure of a successful response is outlined below:
{
"status":"OK",
"statusCode": 200,
"elapsedMs":126,
"ssoTime":120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName":"products",
"method":"GET",
"action":"list",
"appVersion":"Version",
"rowCount":3,
"products":[{},{},{}],
"paging": {
"pageNumber":1,
"pageRowCount":25,
"totalRowCount":3,
"pageCount":1
},
"filters": [],
"uiPermissions": []
}
-
products: In this example, this key contains the actual response content, which may be a single object or an array of objects depending on the operation performed.
Additional Data
Each api may have include addtional data other than the main data object according to the business logic of the API. They will be given in each API's response signature.
Error Response
If a request encounters an issue, whether due to a logical fault or a technical problem, the service responds with a standardized JSON error structure. The HTTP status code within this response indicates the nature of the error, utilizing commonly recognized codes for clarity:
- 400 Bad Request: The request was improperly formatted or contained invalid parameters, preventing the server from processing it.
- 401 Unauthorized: The request lacked valid authentication token , login required
- 403 Forbidden Error Curent token provided do not grant access to the requested resource.
- 404 Not Found: The requested resource was not found on the server.
- 500 Internal Server Error: The server encountered an unexpected condition that prevented it from fulfilling the request.
Each error response is structured to provide meaningful insight into the problem, assisting in diagnosing and resolving issues efficiently.
{
"result": "ERR",
"status": 400,
"message": "errMsg_organizationIdisNotAValidID",
"errCode": 400,
"date": "2024-03-19T12:13:54.124Z",
"detail": "String"
}
Accessing the backend
Each service of the backend has got its own url according to the deployment environement. User may want to test the frontend in one of the 3 deployments of the application, preview, staging and production. Please ensure that register and login pages do have a deployemnt server selection option, so as the frontned coding agent you can arrange the base url path of all services.
The base url of the application in each environment is as follows:
-
Preview:
https://airbnb3.prw.mindbricks.com -
Staging:
https://airbnb3-stage.mindbricks.co -
Production:
https://airbnb3.mindbricks.co
For the auth service the base url is as follows:
-
Preview:
https://airbnb3.prw.mindbricks.com/auth-api -
Staging:
https://airbnb3-stage.mindbricks.co/auth-api -
Production:
https://airbnb3.mindbricks.co/auth-api
For each other service, the service base url will be given in service sections.
Any login requied request to the backend should have a valid
token, when a user makes a successfull login, the ressponse JSON
includes a JWT access token in the
accessTokenfields. In normal conditions, this token is also set to the
cookie and then consumed automatically, but since AI coding agents
preview options may fail to use cookies, please ensure that in
each request include the access token in the bearer auth header.
Registration Management
First of all please ensure that register and login pages do have a deployemnt server selection option, so as the frontned coding agent you can arrange the base url path of all services.
Start with a landing page and arranging register, verification and login flow. So at the first step, you need a general knowledge of the application to make a good landing page and the authetication flow.
How To Register
Using
registeruser
route of auth api, send the required fields to the backend in your
registration page.
The registerUser api in in
auth
service, is described with request and response structure below.
Note that since
registerUser
api is a business api, it has a version control, so please call it
with the given version like
/v1/registeruser
Register User
API
This api is used by public users to register themselves
Rest Route
The
registerUser
API REST controller can be triggered via the following route:
/v1/registeruser
Rest Request Parameters
The
registerUser
api has got 4 request parameters
| Parameter | Type | Required | Population |
|---|---|---|---|
| avatar | String | false | request.body?.avatar |
| password | String | true | request.body?.password |
| fullname | String | true | request.body?.fullname |
| String | true | request.body?.email | |
| avatar : The avatar url of the user. If not sent, a default random one will be generated. | |||
| password : The password defined by the the user that is being registered. | |||
| fullname : The fullname defined by the the user that is being registered. | |||
| email : The email defined by the the user that is being registered. |
REST Request To access the api you can use the REST controller with the path POST /v1/registeruser
axios({
method: 'POST',
url: '/v1/registeruser',
data: {
avatar:"String",
password:"String",
fullname:"String",
email:"String",
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "201",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "user",
"method": "POST",
"action": "create",
"appVersion": "Version",
"rowCount": 1,
"user": {
"id": "ID",
"email": "String",
"password": "String",
"fullname": "String",
"avatar": "String",
"roleId": "String",
"emailVerified": "Boolean",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
After a successful registration, frontend code should handle the
verification needs. The registration response will have a
user
object in the root envelope, this object will have user
information with an
id
parameter.
Email Verification
In the registration response, you should check the property
emailVerificationNeeded
in the reponse root, and if this property is true you should start
the email verification flow.
After login process, if you get an HTTP error status, and if there
is an
errCode
property in the response with
EmailVerificationNeeded
value, you should start the email verification flow.
-
Call the email verification
startroute of the backend (described below) with the user email, backend will send a secret code to the given email adresss. Backend can send the email message if the architect defined a real mail service or smtp server, so during the development time backend will send the secret code also to the frontend. You can get this secret code from the response within thesecretCodeproperty. - The secret code in the sent email message will be a 6 digits code , and you should arrange an input page so that the user can paste this code to the frontend application. Please navigate to this input page after you start the verification process. If the secretCode is sent to the frontend for test purposes, then you should show it as info in the input page, so that user can copy and paste it.
-
There is a
codeIndexproperty in the start response, please show it's value on the input page, so that user can match the index in the message with the one on the screen. -
When the user submits the code, please complete the email
verification using the
completeroute of the backend (described below) with the user email and the secret code. - After you get a successful response from email verification, you can navigate to the login page.
Here is the
startand
complete
routes of email verification. These are system routes , so they
dont have a version control.
POST /verification-services/email-verification/start
Purpose: Starts the email verification by generating and sending a secret code.
| Parameter | Type | Required | Description |
|---|---|---|---|
email
|
String | Yes | User’s email address to verify |
Example Request
{ "email": "user@example.com" }
Success Response
{
"status": "OK",
"codeIndex": 1,
// timeStamp : Milliseconds since Jan 1, 1970, 00:00:00.000 GMT
"timeStamp": 1784578660000,
"date": "Mon Jul 20 2026 23:17:40 GMT+0300 (GMT+03:00)",
// expireTime: in seconds
"expireTime": 86400,
"verificationType": "byLink",
// in testMode
"secretCode": "123456",
"userId": "user-uuid",
}
⚠️ In production,
secretCodeis not returned — only sent via email.
Error Responses
-
400 Bad Request: Already verified -
403 Forbidden: Too many attempts (rate limit)
POST /verification-services/email-verification/complete
Purpose: Completes the verification using the received code.
| Parameter | Type | Required | Description |
|---|---|---|---|
email
|
String | Yes | User’s email |
secretCode
|
String | Yes | Verification code |
Success Response
{
"status": "OK",
"isVerified": true,
"email": "user@email.com",
// in testMode
"userId": "user-uuid",
}
Error Responses
-
403 Forbidden: Code expired or mismatched -
404 Not Found: No verification in progress
Login Management
After a successfull login and completing required verifications, user can now login. Please make a fancy minimal login page where user can enter his email and password.
Bucket Management
This application has a bucket service and is used to store user or other objects related files. Bucket service is login agnostic, so when accessing for write or private read, you should insert a bucket token (given by services) to your request authorization header as bearer token.
User Bucket This bucket is used to store public user files for each user.
When a user logs in, or in /currentuser response there is
userBucketToken
to be used when sending user related public files to the bucket
service.
To upload
POST {baseUrl}/bucket/upload
Request body is form data which includes the bucketId and the file
as binary in
files
property.
{
bucketId: "{userId}-public-user-bucket",
files: {binary}
}
Response status is 200 on succesfull result, eg body:
{
"success": true,
"data": [
{
"fileId": "9da03f6d-0409-41ad-bb06-225a244ae408",
"originalName": "test (10).png",
"mimeType": "image/png",
"size": 604063,
"status": "uploaded",
"bucketName": "f7103b85-fcda-4dec-92c6-c336f71fd3a2-public-user-bucket",
"isPublic": true,
"downloadUrl": "https://babilcom.mindbricks.co/bucket/download/9da03f6d-0409-41ad-bb06-225a244ae408"
}
]
}
To download a file from the bucket, you should know its fileId, so if youupload an avatar or something else, be sure that the download url or the fileId is stored in backend.
Bucket is mostly used, in object creations where alos demands an addtional file like a product image or user avatar. So after you upload your image to the bucket, insert the returned download url to the related property in the related object creation.
Application Bucket
This Airbnb application alos has common public bucket which
everybody has a read access, but only users who have
superAdmin,
admin
or
saasAdmin
roles can write (upload) to the bucket.
The common public project bucket id is
"airbnb3-public-common-bucket"
and in certain areas like product image uploads, since the user will already have the admin bucket token, he will be able to upload realted object images.
Please make your UI arrangements as able to upload files to the bucket using these bucket tokens.
Object Buckets Some objects may return also a bucket token, to upload or access related files with object. For example, when you get a project's data in a project management application, if there is a public or private bucket token, this is provided mostly for uploading project related files or downloading them with the token.
These buckets will be used according to the descriptions given along with the object definitions.
Role Management
This Airbnb may have different role names defined fro different
business logic. But unless another case is asked by the user,
respect to the admin roles which may be
superAdmin,
admin
or
saasAdmin
in the currentuser or login response given with the
roleIdproperty.
{
// ...
"roleId":"superAdmin",
// ...
}
If the application needs an admin panel, or any admin related page, please use these roleId's to decide if the user can access those pages or not.
1. Authentication Routes
1.1
POST /login
— User Login
Purpose: Verifies user credentials and creates an authenticated session with a JWT access token.
Access Routes:
-
GET /login: Returns a minimal HTML login page (for browser-based testing). -
POST /login: Authenticates user credentials and returns an access token and session.
Request Parameters
| Parameter | Type | Required | Source |
|---|---|---|---|
username
|
String | Yes |
request.body.username
|
password
|
String | Yes |
request.body.password
|
Behavior
- Authenticates credentials and returns a session object.
-
Sets cookie:
projectname-access-token[-tenantCodename] - Adds the same token in response headers.
-
Accepts either
usernameoremailfields (if both exist,usernameis prioritized).
Example
axios.post("/login", {
username: "user@example.com",
password: "securePassword"
});
Success Response
{
"userId": "d92b9d4c-9b1e-4e95-842e-3fb9c8c1df38",
"email": "user@example.com",
"fullname": "John Doe",
//...
}
Error Responses
-
401 Unauthorized: Invalid credentials -
403 Forbidden: Email/mobile verification or 2FA pending -
400 Bad Request: Missing parameters
1.2
POST /logout
— User Logout
Purpose: Terminates the current session and clears associated authentication tokens.
Behavior
- Invalidates session (if exists).
-
Clears cookie
projectname-access-token[-tenantCodename]. -
Returns a confirmation response (always
200 OK).
Example
axios.post("/logout", {}, {
headers: { "Authorization": "Bearer your-jwt-token" }
});
Notes
- Can be called without a session (idempotent behavior).
- Works for both cookie-based and token-based sessions.
Success Response
{ "status": "OK", "message": "User logged out successfully" }
2. Verification Services Overview
All verification routes are grouped under the
/verification-services
base path. They follow a
two-step verification pattern:
start
→
complete.
3. Email Verification
3.1 Trigger Scenarios
-
After registration (
emailVerificationRequiredForLogin= true) - When updating email address
- When login fails due to unverified email
3.2 Flow Summary
-
/start→ Generate & send code via email. -
/complete→ Verify code and mark email as verified.
** PLEASE NOTE **
Email verification is a frontend triiggered process. After user registers, the frontend should start the email verification process and navigate to its code input page.
3.3
POST /verification-services/email-verification/start
Purpose: Starts the email verification by generating and sending a secret code.
| Parameter | Type | Required | Description |
|---|---|---|---|
email
|
String | Yes | User’s email address to verify |
Example Request
{ "email": "user@example.com" }
Success Response
{
"status": "OK",
"codeIndex": 1,
// timeStamp : Milliseconds since Jan 1, 1970, 00:00:00.000 GMT
"timeStamp": 1784578660000,
"date": "Mon Jul 20 2026 23:17:40 GMT+0300 (GMT+03:00)",
// expireTime: in seconds
"expireTime": 86400,
"verificationType": "byLink",
// in testMode
"secretCode": "123456",
"userId": "user-uuid",
}
⚠️ In production,
secretCodeis not returned — only sent via email.
Error Responses
-
400 Bad Request: Already verified -
403 Forbidden: Too many attempts (rate limit)
3.4
POST /verification-services/email-verification/complete
Purpose: Completes the verification using the received code.
| Parameter | Type | Required | Description |
|---|---|---|---|
email
|
String | Yes | User’s email |
secretCode
|
String | Yes | Verification code |
Success Response
{
"status": "OK",
"isVerified": true,
"email": "user@email.com",
// in testMode
"userId": "user-uuid",
}
Error Responses
-
403 Forbidden: Code expired or mismatched -
404 Not Found: No verification in progress
3.5 Behavioral Notes
-
Resend Cooldown:
resendTimeWindow(e.g. 60s) -
Expiration: Codes expire after
expireTimeWindow(e.g. 1 day) - Single Active Session: One verification per user
4. Mobile Verification
4.1 Trigger Scenarios
-
After registration (
mobileVerificationRequiredForLogin= true) - When updating phone number
- On login requiring mobile verification
4.2 Flow
-
/start→ Sends verification code via SMS -
/complete→ Validates code and confirms number
4.3
POST /verification-services/mobile-verification/start
| Parameter | Type | Required | Description |
|---|---|---|---|
email
|
String | Yes | User’s email to locate mobile record |
Success Response
{
"status": "OK",
"codeIndex": 1,
// timeStamp : Milliseconds since Jan 1, 1970, 00:00:00.000 GMT
"timeStamp": 1784578660000,
"date": "Mon Jul 20 2026 23:17:40 GMT+0300 (GMT+03:00)",
// expireTime: in seconds
"expireTime": 180,
"verificationType": "byCode",
// in testMode
"secretCode": "123456",
"userId": "user-uuid",
}
⚠️
secretCodereturned only in development.
Errors
-
400 Bad Request: Already verified -
403 Forbidden: Rate-limited
4.4
POST /verification-services/mobile-verification/complete
| Parameter | Type | Required | Description |
|---|---|---|---|
email
|
String | Yes | Associated email |
secretCode
|
String | Yes | Code received via SMS |
Success Response
{
"status": "OK",
"isVerified": true,
"mobile": "+1 333 ...",
// in testMode
"userId": "user-uuid",
}
4.5 Behavioral Notes
- Cooldown: One code per minute
- Expiration: Codes valid for 1 day
- One Session Per User
5. Two-Factor Authentication (2FA)
5.1 Email 2FA
Flow
-
/start→ Generates and sends email code -
/complete→ Verifies code and updates session
POST
/verification-services/email-2factor-verification/start
| Parameter | Type | Required | Description |
|---|---|---|---|
userId
|
String | Yes | User ID |
sessionId
|
String | Yes | Current session |
client
|
String | No | Optional context |
reason
|
String | No | Reason for 2FA |
Response
{
"status": "OK",
"sessionId": "user session id UUID",
"userId": "user-uuid",
"codeIndex": 1,
// timeStamp : Milliseconds since Jan 1, 1970, 00:00:00.000 GMT
"timeStamp": 1784578660000,
"date": "Mon Jul 20 2026 23:17:40 GMT+0300 (GMT+03:00)",
// expireTime: in seconds
"expireTime": 86400,
"verificationType": "byLink",
// in testMode
"secretCode": "123456",
}
POST
/verification-services/email-2factor-verification/complete
| Parameter | Type | Required | Description |
|---|---|---|---|
userId
|
String | Yes | User ID |
sessionId
|
String | Yes | Session ID |
secretCode
|
String | Yes | Code from email |
Response
{
// user session data
"sessionId": "session-uuid",
// ...
}
5.2 Mobile 2FA
Flow
-
/start→ Sends SMS code -
/complete→ Validates and finalizes session
POST
/verification-services/mobile-2factor-verification/start
| Parameter | Type | Required | Description |
|---|---|---|---|
userId
|
String | Yes | User ID |
sessionId
|
String | Yes | Session ID |
client
|
String | No | Context |
reason
|
String | No | Reason |
Response
{
"status": "OK",
"sessionId": "user session id UUID",
"userId": "user-uuid",
"codeIndex": 1,
// timeStamp : Milliseconds since Jan 1, 1970, 00:00:00.000 GMT
"timeStamp": 1784578660000,
"date": "Mon Jul 20 2026 23:17:40 GMT+0300 (GMT+03:00)",
// expireTime: in seconds
"expireTime": 86400,
"verificationType": "byLink",
// in testMode
"secretCode": "123456",
}
POST
/verification-services/mobile-2factor-verification/complete
| Parameter | Type | Required | Description |
|---|---|---|---|
userId
|
String | Yes | User ID |
sessionId
|
String | Yes | Session ID |
secretCode
|
String | Yes | Code via SMS |
Response
{
// user session data
"sessionId": "session-uuid",
// ...
}
5.3 2FA Behavioral Notes
- One active code per session
-
Cooldown:
resendTimeWindow(e.g., 60s) -
Expiration:
expireTimeWindow(e.g., 5m)
6. Password Reset
6.1 By Email
Flow
-
/start→ Sends verification code via email -
/complete→ Validates and resets password
POST /verification-services/password-reset-by-email/start
| Parameter | Type | Required | Description |
|---|---|---|---|
email
|
String | Yes | User email |
Response
{
"status": "OK",
"codeIndex": 1,
// timeStamp : Milliseconds since Jan 1, 1970, 00:00:00.000 GMT
"timeStamp": 1784578660000,
"date": "Mon Jul 20 2026 23:17:40 GMT+0300 (GMT+03:00)",
// expireTime: in seconds
"expireTime": 86400,
"verificationType": "byLink",
// in testMode
"secretCode": "123456",
"userId": "user-uuid",
}
POST
/verification-services/password-reset-by-email/complete
| Parameter | Type | Required | Description |
|---|---|---|---|
email
|
String | Yes | User email |
secretCode
|
String | Yes | Code received |
password
|
String | Yes | New password |
Response
{
"status": "OK",
"isVerified": true,
"email": "user@email.com",
// in testMode
"userId": "user-uuid",
}
6.2 By Mobile
Flow
-
/start→ Sends SMS code -
/complete→ Validates and resets password
POST
/verification-services/password-reset-by-mobile/start
| Parameter | Type | Required | Description |
|---|---|---|---|
mobile
|
String | Yes | Mobile number |
Response
{
"status": "OK",
"codeIndex": 1,
// timeStamp : Milliseconds since Jan 1, 1970, 00:00:00.000 GMT
"timeStamp": 1784578660000,
"date": "Mon Jul 20 2026 23:17:40 GMT+0300 (GMT+03:00)",
// expireTime: in seconds
"expireTime": 86400,
"verificationType": "byLink",
// in testMode
"secretCode": "123456",
"userId": "user-uuid",
}
POST
/verification-services/password-reset-by-mobile/complete
| Parameter | Type | Required | Description |
|---|---|---|---|
email
|
String | Yes | Associated email |
secretCode
|
String | Yes | Code via SMS |
password
|
String | Yes | New password |
Response
{
"status": "OK",
"isVerified": true,
"mobile": "+1 444 ....",
// in testMode
"userId": "user-uuid",
}
6.3 Behavioral Notes
- Cooldown: 60s resend
- Expiration: 24h
- One session per user
- Works without an active login session
7. Verification Method Types
7.1
byCode
User manually enters the 6-digit code in frontend.
7.2
byLink
Frontend handles a one-click verification via email/SMS link containing code parameters.
8)
GET /currentuser
— Current Session
Purpose Return the currently authenticated user’s session.
Route Type
sessionInfo
Authentication Requires a valid access token (header or cookie).
Request
No parameters.
Example
axios.get("/currentuser", {
headers: { Authorization: "Bearer <jwt>" }
});
Success (200)
Returns the session object (identity, tenancy, token metadata):
{
"sessionId": "9cf23fa8-07d4-4e7c-80a6-ec6d6ac96bb9",
"userId": "d92b9d4c-9b1e-4e95-842e-3fb9c8c1df38",
"email": "user@example.com",
"fullname": "John Doe",
"roleId": "user",
"tenantId": "abc123",
"accessToken": "jwt-token-string",
"...": "..."
}
Errors
-
401 Unauthorized — No active session/token
{ "status": "ERR", "message": "No login found" }
Notes
- Commonly called by web/mobile clients after login to hydrate session state.
- Includes key identity/tenant fields and a token reference (if applicable).
- Ensure a valid token is supplied to receive a 200 response.
9)
GET /permissions
— List Effective Permissions
Purpose Return all effective permission grants for the current user.
Route Type
permissionFetch
Authentication Requires a valid access token.
Request
No parameters.
Example
axios.get("/permissions", {
headers: { Authorization: "Bearer <jwt>" }
});
Success (200)
Array of permission grants (aligned with
givenPermissions):
[
{
"id": "perm1",
"permissionName": "adminPanel.access",
"roleId": "admin",
"subjectUserId": "d92b9d4c-9b1e-4e95-842e-3fb9c8c1df38",
"subjectUserGroupId": null,
"objectId": null,
"canDo": true,
"tenantCodename": "store123"
},
{
"id": "perm2",
"permissionName": "orders.manage",
"roleId": null,
"subjectUserId": "d92b9d4c-9b1e-4e95-842e-3fb9c8c1df38",
"subjectUserGroupId": null,
"objectId": null,
"canDo": true,
"tenantCodename": "store123"
}
]
Field meanings (per item):
-
permissionName: Granted permission key. -
roleId: Present if granted via role. -
subjectUserId: Present if granted directly to the user. -
subjectUserGroupId: Present if granted via group. -
objectId: Present if scoped to a specific object (OBAC). -
canDo:trueif enabled,falseif restricted.
Errors
-
401 Unauthorized — No active session
{ "status": "ERR", "message": "No login found" } -
500 Internal Server Error — Unexpected failure
Notes
- Available on all Mindbricks-generated services (not only Auth).
-
Auth service: Reads live
givenPermissionsfrom DB. - Other services: Typically respond from a cached/projected view (e.g., ElasticSearch) for faster checks.
Tip: Cache permission results client-side/server-side and refresh after login or permission updates.
10)
GET /permissions/:permissionName
— Check Permission Scope
Purpose Check whether the current user has a specific permission and return any scoped object exceptions/inclusions.
Route Type
permissionScopeCheck
Authentication Requires a valid access token.
Path Parameters
| Name | Type | Required | Source |
|---|---|---|---|
permissionName
|
String | Yes |
request.params.permissionName
|
Example
axios.get("/permissions/orders.manage", {
headers: { Authorization: "Bearer <jwt>" }
});
Success (200)
{
"canDo": true,
"exceptions": [
"a1f2e3d4-xxxx-yyyy-zzzz-object1",
"b2c3d4e5-xxxx-yyyy-zzzz-object2"
]
}
Interpretation
-
If
canDo: true: permission is generally granted except the listedexceptions(restrictions). -
If
canDo: false: permission is generally not granted, only allowed for the listedexceptions(selective overrides). -
exceptionscontains object IDs (UUID strings) from the relevant domain model.
Errors
- 401 Unauthorized — No active session/token.
Services And Data Object
Auth Service
Authentication service for the project
Auth Service Data Objects
User A data object that stores the user information and handles login settings.
UserGroup A data object that stores the user group information.
UserGroupMember A data object that stores the members of the user group.
Auth Service Access urls
This service is accessible via the following environment-specific URLs:
-
Preview:
https://airbnb3.prw.mindbricks.com/auth-api -
Staging:
https://airbnb3-stage.mindbricks.co/auth-api -
Production:
https://airbnb3.mindbricks.co/auth-api
Get User
API
This api is used by admin roles or the users themselves to get the user profile information.
Rest Route
The
getUser
API REST controller can be triggered via the following route:
/v1/users/:userId
Rest Request Parameters
The
getUser
api has got 1 request parameter
| Parameter | Type | Required | Population |
|---|---|---|---|
| userId | ID | true | request.params?.userId |
| userId : This id paremeter is used to query the required data object. |
REST Request To access the api you can use the REST controller with the path GET /v1/users/:userId
axios({
method: 'GET',
url: `/v1/users/${userId}`,
data: {
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "user",
"method": "GET",
"action": "get",
"appVersion": "Version",
"rowCount": 1,
"user": {
"id": "ID",
"email": "String",
"password": "String",
"fullname": "String",
"avatar": "String",
"roleId": "String",
"emailVerified": "Boolean",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
Update User
API
This route is used by admins to update user profiles.
Rest Route
The
updateUser
API REST controller can be triggered via the following route:
/v1/users/:userId
Rest Request Parameters
The
updateUser
api has got 3 request parameters
| Parameter | Type | Required | Population |
|---|---|---|---|
| userId | ID | true | request.params?.userId |
| fullname | String | false | request.body?.fullname |
| avatar | String | false | request.body?.avatar |
| userId : This id paremeter is used to select the required data object that will be updated | |||
| fullname : A string value to represent the fullname of the user | |||
| avatar : The avatar url of the user. A random avatar will be generated if not provided |
REST Request To access the api you can use the REST controller with the path PATCH /v1/users/:userId
axios({
method: 'PATCH',
url: `/v1/users/${userId}`,
data: {
fullname:"String",
avatar:"String",
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "user",
"method": "PATCH",
"action": "update",
"appVersion": "Version",
"rowCount": 1,
"user": {
"id": "ID",
"email": "String",
"password": "String",
"fullname": "String",
"avatar": "String",
"roleId": "String",
"emailVerified": "Boolean",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
Update Profile
API
This route is used by users to update their profiles.
Rest Route
The
updateProfile
API REST controller can be triggered via the following route:
/v1/profile/:userId
Rest Request Parameters
The
updateProfile
api has got 3 request parameters
| Parameter | Type | Required | Population |
|---|---|---|---|
| userId | ID | true | request.params?.userId |
| fullname | String | false | request.body?.fullname |
| avatar | String | false | request.body?.avatar |
| userId : This id paremeter is used to select the required data object that will be updated | |||
| fullname : A string value to represent the fullname of the user | |||
| avatar : The avatar url of the user. A random avatar will be generated if not provided |
REST Request To access the api you can use the REST controller with the path PATCH /v1/profile/:userId
axios({
method: 'PATCH',
url: `/v1/profile/${userId}`,
data: {
fullname:"String",
avatar:"String",
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "user",
"method": "PATCH",
"action": "update",
"appVersion": "Version",
"rowCount": 1,
"user": {
"id": "ID",
"email": "String",
"password": "String",
"fullname": "String",
"avatar": "String",
"roleId": "String",
"emailVerified": "Boolean",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
Create User
API
This api is used by admin roles to create a new user manually from admin panels
Rest Route
The
createUser
API REST controller can be triggered via the following route:
/v1/users
Rest Request Parameters
The
createUser
api has got 4 request parameters
| Parameter | Type | Required | Population |
|---|---|---|---|
| avatar | String | false | request.body?.avatar |
| String | true | request.body?.email | |
| password | String | true | request.body?.password |
| fullname | String | true | request.body?.fullname |
| avatar : The avatar url of the user. If not sent, a default random one will be generated. | |||
| email : A string value to represent the user's email. | |||
| password : A string value to represent the user's password. It will be stored as hashed. | |||
| fullname : A string value to represent the fullname of the user |
REST Request To access the api you can use the REST controller with the path POST /v1/users
axios({
method: 'POST',
url: '/v1/users',
data: {
avatar:"String",
email:"String",
password:"String",
fullname:"String",
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "201",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "user",
"method": "POST",
"action": "create",
"appVersion": "Version",
"rowCount": 1,
"user": {
"id": "ID",
"email": "String",
"password": "String",
"fullname": "String",
"avatar": "String",
"roleId": "String",
"emailVerified": "Boolean",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
Delete User
API
This api is used by admins to delete user profiles.
Rest Route
The
deleteUser
API REST controller can be triggered via the following route:
/v1/users/:userId
Rest Request Parameters
The
deleteUser
api has got 1 request parameter
| Parameter | Type | Required | Population |
|---|---|---|---|
| userId | ID | true | request.params?.userId |
| userId : This id paremeter is used to select the required data object that will be deleted |
REST Request To access the api you can use the REST controller with the path DELETE /v1/users/:userId
axios({
method: 'DELETE',
url: `/v1/users/${userId}`,
data: {
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "user",
"method": "DELETE",
"action": "delete",
"appVersion": "Version",
"rowCount": 1,
"user": {
"id": "ID",
"email": "String",
"password": "String",
"fullname": "String",
"avatar": "String",
"roleId": "String",
"emailVerified": "Boolean",
"isActive": false,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
Archive Profile
API
This api is used by users to archive their profiles.
Rest Route
The
archiveProfile
API REST controller can be triggered via the following route:
/v1/archiveprofile/:userId
Rest Request Parameters
The
archiveProfile
api has got 1 request parameter
| Parameter | Type | Required | Population |
|---|---|---|---|
| userId | ID | true | request.params?.userId |
| userId : This id paremeter is used to select the required data object that will be deleted |
REST Request To access the api you can use the REST controller with the path DELETE /v1/archiveprofile/:userId
axios({
method: 'DELETE',
url: `/v1/archiveprofile/${userId}`,
data: {
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "user",
"method": "DELETE",
"action": "delete",
"appVersion": "Version",
"rowCount": 1,
"user": {
"id": "ID",
"email": "String",
"password": "String",
"fullname": "String",
"avatar": "String",
"roleId": "String",
"emailVerified": "Boolean",
"isActive": false,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
List Users
API
The list of users is filtered by the tenantId.
Rest Route
The
listUsers
API REST controller can be triggered via the following route:
/v1/users
Rest Request Parameters The
listUsers
api has got no request parameters.
REST Request To access the api you can use the REST controller with the path GET /v1/users
axios({
method: 'GET',
url: '/v1/users',
data: {
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "users",
"method": "GET",
"action": "list",
"appVersion": "Version",
"rowCount": "\"Number\"",
"users": [
{
"id": "ID",
"email": "String",
"password": "String",
"fullname": "String",
"avatar": "String",
"roleId": "String",
"emailVerified": "Boolean",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
},
{},
{}
],
"paging": {
"pageNumber": "Number",
"pageRowCount": "NUmber",
"totalRowCount": "Number",
"pageCount": "Number"
},
"filters": [],
"uiPermissions": []
}
Search Users
API
The list of users is filtered by the tenantId.
Rest Route
The
searchUsers
API REST controller can be triggered via the following route:
/v1/searchusers
Rest Request Parameters
The
searchUsers
api has got 1 request parameter
| Parameter | Type | Required | Population |
|---|---|---|---|
| keyword | String | true | request.query?.keyword |
| keyword : |
REST Request To access the api you can use the REST controller with the path GET /v1/searchusers
axios({
method: 'GET',
url: '/v1/searchusers',
data: {
},
params: {
keyword:'"String"',
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "users",
"method": "GET",
"action": "list",
"appVersion": "Version",
"rowCount": "\"Number\"",
"users": [
{
"id": "ID",
"email": "String",
"password": "String",
"fullname": "String",
"avatar": "String",
"roleId": "String",
"emailVerified": "Boolean",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
},
{},
{}
],
"paging": {
"pageNumber": "Number",
"pageRowCount": "NUmber",
"totalRowCount": "Number",
"pageCount": "Number"
},
"filters": [],
"uiPermissions": []
}
Update Userrole
API
This route is used by admin roles to update the user role.The default role is user when a user is registered. A user's role can be updated by superAdmin or admin
Rest Route
The
updateUserRole
API REST controller can be triggered via the following route:
/v1/userrole/:userId
Rest Request Parameters
The
updateUserRole
api has got 2 request parameters
| Parameter | Type | Required | Population |
|---|---|---|---|
| userId | ID | true | request.params?.userId |
| roleId | String | true | request.body?.roleId |
| userId : This id paremeter is used to select the required data object that will be updated | |||
| roleId : The new roleId of the user to be updated |
REST Request To access the api you can use the REST controller with the path PATCH /v1/userrole/:userId
axios({
method: 'PATCH',
url: `/v1/userrole/${userId}`,
data: {
roleId:"String",
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "user",
"method": "PATCH",
"action": "update",
"appVersion": "Version",
"rowCount": 1,
"user": {
"id": "ID",
"email": "String",
"password": "String",
"fullname": "String",
"avatar": "String",
"roleId": "String",
"emailVerified": "Boolean",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
Update Userpassword
API
This route is used to update the password of users in the profile page by users themselves
Rest Route
The
updateUserPassword
API REST controller can be triggered via the following route:
/v1/userpassword/:userId
Rest Request Parameters
The
updateUserPassword
api has got 3 request parameters
| Parameter | Type | Required | Population |
|---|---|---|---|
| userId | ID | true | request.params?.userId |
| oldPassword | String | true | request.body?.oldPassword |
| newPassword | String | true | request.body?.newPassword |
| userId : This id paremeter is used to select the required data object that will be updated | |||
| oldPassword : The old password of the user that will be overridden bu the new one. Send for double check. | |||
| newPassword : The new password of the user to be updated |
REST Request To access the api you can use the REST controller with the path PATCH /v1/userpassword/:userId
axios({
method: 'PATCH',
url: `/v1/userpassword/${userId}`,
data: {
oldPassword:"String",
newPassword:"String",
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "user",
"method": "PATCH",
"action": "update",
"appVersion": "Version",
"rowCount": 1,
"user": {
"id": "ID",
"email": "String",
"password": "String",
"fullname": "String",
"avatar": "String",
"roleId": "String",
"emailVerified": "Boolean",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
Update Userpasswordbyadmin
API
This route is used to change any user password by admins only. Superadmin can chnage all passwords, admins can change only nonadmin passwords
Rest Route
The
updateUserPasswordByAdmin
API REST controller can be triggered via the following route:
/v1/userpasswordbyadmin/:userId
Rest Request Parameters
The
updateUserPasswordByAdmin
api has got 2 request parameters
| Parameter | Type | Required | Population |
|---|---|---|---|
| userId | ID | true | request.params?.userId |
| password | String | true | request.body?.password |
| userId : This id paremeter is used to select the required data object that will be updated | |||
| password : The new password of the user to be updated |
REST Request To access the api you can use the REST controller with the path PATCH /v1/userpasswordbyadmin/:userId
axios({
method: 'PATCH',
url: `/v1/userpasswordbyadmin/${userId}`,
data: {
password:"String",
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "user",
"method": "PATCH",
"action": "update",
"appVersion": "Version",
"rowCount": 1,
"user": {
"id": "ID",
"email": "String",
"password": "String",
"fullname": "String",
"avatar": "String",
"roleId": "String",
"emailVerified": "Boolean",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
Get Briefuser
API
This route is used by public to get simple user profile information.
Rest Route
The
getBriefUser
API REST controller can be triggered via the following route:
/v1/briefuser/:userId
Rest Request Parameters
The
getBriefUser
api has got 1 request parameter
| Parameter | Type | Required | Population |
|---|---|---|---|
| userId | ID | true | request.params?.userId |
| userId : This id paremeter is used to query the required data object. |
REST Request To access the api you can use the REST controller with the path GET /v1/briefuser/:userId
axios({
method: 'GET',
url: `/v1/briefuser/${userId}`,
data: {
},
params: {
}
});
REST Response
This route's response is constrained to a select list of properties, and therefore does not encompass all attributes of the resource.
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "user",
"method": "GET",
"action": "get",
"appVersion": "Version",
"rowCount": 1,
"user": {
"fullname": "String",
"avatar": "String",
"isActive": true
}
}
Register User
API
This api is used by public users to register themselves
Rest Route
The
registerUser
API REST controller can be triggered via the following route:
/v1/registeruser
Rest Request Parameters
The
registerUser
api has got 4 request parameters
| Parameter | Type | Required | Population |
|---|---|---|---|
| avatar | String | false | request.body?.avatar |
| password | String | true | request.body?.password |
| fullname | String | true | request.body?.fullname |
| String | true | request.body?.email | |
| avatar : The avatar url of the user. If not sent, a default random one will be generated. | |||
| password : The password defined by the the user that is being registered. | |||
| fullname : The fullname defined by the the user that is being registered. | |||
| email : The email defined by the the user that is being registered. |
REST Request To access the api you can use the REST controller with the path POST /v1/registeruser
axios({
method: 'POST',
url: '/v1/registeruser',
data: {
avatar:"String",
password:"String",
fullname:"String",
email:"String",
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "201",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "user",
"method": "POST",
"action": "create",
"appVersion": "Version",
"rowCount": 1,
"user": {
"id": "ID",
"email": "String",
"password": "String",
"fullname": "String",
"avatar": "String",
"roleId": "String",
"emailVerified": "Boolean",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
Create Usergroup
API
This route is used by admin roles to create a new usergroup manually from admin panels
Rest Route
The
createUserGroup
API REST controller can be triggered via the following route:
/v1/usergroups
Rest Request Parameters
The
createUserGroup
api has got 2 request parameters
| Parameter | Type | Required | Population |
|---|---|---|---|
| avatar | String | false | request.body?.avatar |
| groupName | String | true | request.body?.groupName |
| avatar : A string value to represent the groups icon. | |||
| groupName : A string value to represent the group name. |
REST Request To access the api you can use the REST controller with the path POST /v1/usergroups
axios({
method: 'POST',
url: '/v1/usergroups',
data: {
avatar:"String",
groupName:"String",
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "201",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "userGroup",
"method": "POST",
"action": "create",
"appVersion": "Version",
"rowCount": 1,
"userGroup": {
"id": "ID",
"groupName": "String",
"avatar": "String",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
Update Usergroup
API
This route is used by admin to update user groups.
Rest Route
The
updateUserGroup
API REST controller can be triggered via the following route:
/v1/usergroups/:userGroupId
Rest Request Parameters
The
updateUserGroup
api has got 3 request parameters
| Parameter | Type | Required | Population |
|---|---|---|---|
| userGroupId | ID | true | request.params?.userGroupId |
| groupName | String | false | request.body?.groupName |
| avatar | String | false | request.body?.avatar |
| userGroupId : This id paremeter is used to select the required data object that will be updated | |||
| groupName : A string value to represent the group name. | |||
| avatar : A string value to represent the groups icon. |
REST Request To access the api you can use the REST controller with the path PATCH /v1/usergroups/:userGroupId
axios({
method: 'PATCH',
url: `/v1/usergroups/${userGroupId}`,
data: {
groupName:"String",
avatar:"String",
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "userGroup",
"method": "PATCH",
"action": "update",
"appVersion": "Version",
"rowCount": 1,
"userGroup": {
"id": "ID",
"groupName": "String",
"avatar": "String",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
Delete Usergroup
API
This route is used by admin to delete a user group.
Rest Route
The
deleteUserGroup
API REST controller can be triggered via the following route:
/v1/usergroups/:userGroupId
Rest Request Parameters
The
deleteUserGroup
api has got 1 request parameter
| Parameter | Type | Required | Population |
|---|---|---|---|
| userGroupId | ID | true | request.params?.userGroupId |
| userGroupId : This id paremeter is used to select the required data object that will be deleted |
REST Request To access the api you can use the REST controller with the path DELETE /v1/usergroups/:userGroupId
axios({
method: 'DELETE',
url: `/v1/usergroups/${userGroupId}`,
data: {
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "userGroup",
"method": "DELETE",
"action": "delete",
"appVersion": "Version",
"rowCount": 1,
"userGroup": {
"id": "ID",
"groupName": "String",
"avatar": "String",
"isActive": false,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
Get Usergroup
API
This is a public route to get the user group information.
Rest Route
The
getUserGroup
API REST controller can be triggered via the following route:
/v1/usergroups/:userGroupId
Rest Request Parameters
The
getUserGroup
api has got 1 request parameter
| Parameter | Type | Required | Population |
|---|---|---|---|
| userGroupId | ID | true | request.params?.userGroupId |
| userGroupId : This id paremeter is used to query the required data object. |
REST Request To access the api you can use the REST controller with the path GET /v1/usergroups/:userGroupId
axios({
method: 'GET',
url: `/v1/usergroups/${userGroupId}`,
data: {
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "userGroup",
"method": "GET",
"action": "get",
"appVersion": "Version",
"rowCount": 1,
"userGroup": {
"id": "ID",
"groupName": "String",
"avatar": "String",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
List Usergroups
API
This is a public route to get the list of groups.
Rest Route
The
listUserGroups
API REST controller can be triggered via the following route:
/v1/usergroups
Rest Request Parameters The
listUserGroups
api has got no request parameters.
REST Request To access the api you can use the REST controller with the path GET /v1/usergroups
axios({
method: 'GET',
url: '/v1/usergroups',
data: {
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "userGroups",
"method": "GET",
"action": "list",
"appVersion": "Version",
"rowCount": "\"Number\"",
"userGroups": [
{
"id": "ID",
"groupName": "String",
"avatar": "String",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
},
{},
{}
],
"paging": {
"pageNumber": "Number",
"pageRowCount": "NUmber",
"totalRowCount": "Number",
"pageCount": "Number"
},
"filters": [],
"uiPermissions": []
}
Get Usergroupmember
API
This is a public route to get the user group member information.
Rest Route
The
getUserGroupMember
API REST controller can be triggered via the following route:
/v1/usergroupmembers/:userGroupMemberId
Rest Request Parameters
The
getUserGroupMember
api has got 1 request parameter
| Parameter | Type | Required | Population |
|---|---|---|---|
| userGroupMemberId | ID | true | request.params?.userGroupMemberId |
| userGroupMemberId : This id paremeter is used to query the required data object. |
REST Request To access the api you can use the REST controller with the path GET /v1/usergroupmembers/:userGroupMemberId
axios({
method: 'GET',
url: `/v1/usergroupmembers/${userGroupMemberId}`,
data: {
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "userGroupMember",
"method": "GET",
"action": "get",
"appVersion": "Version",
"rowCount": 1,
"userGroupMember": {
"id": "ID",
"groupId": "ID",
"userId": "ID",
"ownerId": "ID",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
Create Usergroupmember
API
This route is used by admin roles to add a user to a group.
Rest Route
The
createUserGroupMember
API REST controller can be triggered via the following route:
/v1/usergroupmembers
Rest Request Parameters
The
createUserGroupMember
api has got 2 request parameters
| Parameter | Type | Required | Population |
|---|---|---|---|
| groupId | ID | true | request.body?.groupId |
| userId | ID | true | request.body?.userId |
| groupId : An ID value to represent the group that the user is asssigned as a memeber to. | |||
| userId : An ID value to represent the user that is assgined as a member to the group. |
REST Request To access the api you can use the REST controller with the path POST /v1/usergroupmembers
axios({
method: 'POST',
url: '/v1/usergroupmembers',
data: {
groupId:"ID",
userId:"ID",
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "201",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "userGroupMember",
"method": "POST",
"action": "create",
"appVersion": "Version",
"rowCount": 1,
"userGroupMember": {
"id": "ID",
"groupId": "ID",
"userId": "ID",
"ownerId": "ID",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
Delete Usergroupmember
API
This route is used by admin to delete a member from a group.
Rest Route
The
deleteUserGroupMember
API REST controller can be triggered via the following route:
/v1/usergroupmembers/:userGroupMemberId
Rest Request Parameters
The
deleteUserGroupMember
api has got 1 request parameter
| Parameter | Type | Required | Population |
|---|---|---|---|
| userGroupMemberId | ID | true | request.params?.userGroupMemberId |
| userGroupMemberId : This id paremeter is used to select the required data object that will be deleted |
REST Request To access the api you can use the REST controller with the path DELETE /v1/usergroupmembers/:userGroupMemberId
axios({
method: 'DELETE',
url: `/v1/usergroupmembers/${userGroupMemberId}`,
data: {
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "userGroupMember",
"method": "DELETE",
"action": "delete",
"appVersion": "Version",
"rowCount": 1,
"userGroupMember": {
"id": "ID",
"groupId": "ID",
"userId": "ID",
"ownerId": "ID",
"isActive": false,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
List Usergroupmembers
API
This is a public route to get the list of group members of a group.
Rest Route
The
listUserGroupMembers
API REST controller can be triggered via the following route:
/v1/listusergroupmembers/:groupId
Rest Request Parameters
The
listUserGroupMembers
api has got 1 request parameter
| Parameter | Type | Required | Population |
|---|---|---|---|
| groupId | String | true | request.params?.groupId |
| groupId : This parameter will be used to select the data objects that want to be listed |
REST Request To access the api you can use the REST controller with the path GET /v1/listusergroupmembers/:groupId
axios({
method: 'GET',
url: `/v1/listusergroupmembers/${groupId}`,
data: {
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "userGroupMembers",
"method": "GET",
"action": "list",
"appVersion": "Version",
"rowCount": "\"Number\"",
"userGroupMembers": [
{
"id": "ID",
"groupId": "ID",
"userId": "ID",
"ownerId": "ID",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID",
"user": [
{
"email": "String",
"fullname": "String",
"avatar": "String"
},
{},
{}
]
},
{},
{}
],
"paging": {
"pageNumber": "Number",
"pageRowCount": "NUmber",
"totalRowCount": "Number",
"pageCount": "Number"
},
"filters": [],
"uiPermissions": []
}
Messaging Service
Enables secure in-app messaging between guests and hosts. Handles threads, messages (with text/media/system types), abuse flagging, and admin moderation for resolution..
Messaging Service Data Objects
MessageThread Thread/conversation between guest and host, optionally linked to a listing/reservation. Tracks participants, context, state, and stats.
MessageReport Report/in-app abuse complaint filed for a message by a user. Tracks status, admin handling, and resolution notes. Only visible to involved parties and admins.
Message Single message within a thread (text/media/system). Includes metadata for flagging/moderation. Linked to sender, thread, and content type.
Messaging Service Access urls
This service is accessible via the following environment-specific URLs:
-
Preview:
https://airbnb3.prw.mindbricks.com/messaging-api -
Staging:
https://airbnb3-stage.mindbricks.co/messaging-api -
Production:
https://airbnb3.mindbricks.co/messaging-api
Delete Message
API
Soft-delete (hide) a message. Sender or admin only. Message remains for logs/audit, only hidden for sender/recipient.
Rest Route
The
deleteMessage
API REST controller can be triggered via the following route:
/v1/messages/:messageId
Rest Request Parameters
The
deleteMessage
api has got 1 request parameter
| Parameter | Type | Required | Population |
|---|---|---|---|
| messageId | ID | true | request.params?.messageId |
| messageId : This id paremeter is used to select the required data object that will be deleted |
REST Request To access the api you can use the REST controller with the path DELETE /v1/messages/:messageId
axios({
method: 'DELETE',
url: `/v1/messages/${messageId}`,
data: {
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "message",
"method": "DELETE",
"action": "delete",
"appVersion": "Version",
"rowCount": 1,
"message": {
"id": "ID",
"threadId": "ID",
"content": "Text",
"senderId": "ID",
"sentAt": "Date",
"messageType": "Enum",
"messageType_idx": "Integer",
"mediaUrl": "String",
"isModerated": "Boolean",
"isFlagged": "Boolean",
"flaggedBy": "ID",
"flagReason": "String",
"isRead": "Boolean",
"isActive": false,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
Create Messagethread
API
Create a new message thread between a guest and host (optionally for specific listing/reservation). Users must be sender or recipient. Prevent duplicate open threads on same context with composite index.
Rest Route
The
createMessageThread
API REST controller can be triggered via the following route:
/v1/messagethreads
Rest Request Parameters
The
createMessageThread
api has got 7 request parameters
| Parameter | Type | Required | Population |
|---|---|---|---|
| messageCount | Integer | true | request.body?.messageCount |
| isOpen | Boolean | true | request.body?.isOpen |
| guestId | ID | true | request.body?.guestId |
| lastMessageAt | Date | true | request.body?.lastMessageAt |
| listingId | ID | false | request.body?.listingId |
| hostId | ID | true | request.body?.hostId |
| reservationId | ID | false | request.body?.reservationId |
| messageCount : Total number of messages in thread. | |||
| isOpen : Thread is open for messaging (not closed/archived). | |||
| guestId : Guest user in this thread. | |||
| lastMessageAt : Last message sent in thread. | |||
| listingId : Listing related to this thread if any. | |||
| hostId : Host user in this thread. | |||
| reservationId : Reservation related to thread if any. |
REST Request To access the api you can use the REST controller with the path POST /v1/messagethreads
axios({
method: 'POST',
url: '/v1/messagethreads',
data: {
messageCount:"Integer",
isOpen:"Boolean",
guestId:"ID",
lastMessageAt:"Date",
listingId:"ID",
hostId:"ID",
reservationId:"ID",
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "201",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "messageThread",
"method": "POST",
"action": "create",
"appVersion": "Version",
"rowCount": 1,
"messageThread": {
"id": "ID",
"messageCount": "Integer",
"isOpen": "Boolean",
"guestId": "ID",
"lastMessageAt": "Date",
"listingId": "ID",
"hostId": "ID",
"reservationId": "ID",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
Update Message
API
Allows sender or admin to edit a message (rare; only content/flag fields allowed). Use-case: correct typo, retract flag. Not for full message overwrite.
Rest Route
The
updateMessage
API REST controller can be triggered via the following route:
/v1/messages/:messageId
Rest Request Parameters
The
updateMessage
api has got 8 request parameters
| Parameter | Type | Required | Population |
|---|---|---|---|
| messageId | ID | true | request.params?.messageId |
| content | Text | false | request.body?.content |
| mediaUrl | String | false | request.body?.mediaUrl |
| isModerated | Boolean | false | request.body?.isModerated |
| isFlagged | Boolean | false | request.body?.isFlagged |
| flaggedBy | ID | false | request.body?.flaggedBy |
| flagReason | String | false | request.body?.flagReason |
| isRead | Boolean | false | request.body?.isRead |
| messageId : This id paremeter is used to select the required data object that will be updated | |||
| content : Message content (text or system message). | |||
| mediaUrl : URL of media if type=media (optional, else null). | |||
| isModerated : True if message reviewed by admin (can be marked in moderation). | |||
| isFlagged : Message flagged as abuse/inappropriate. | |||
| flaggedBy : User who flagged, if any. | |||
| flagReason : Reason for flagging, if provided. | |||
| isRead : marks a last array point if message is read or not |
REST Request To access the api you can use the REST controller with the path PATCH /v1/messages/:messageId
axios({
method: 'PATCH',
url: `/v1/messages/${messageId}`,
data: {
content:"Text",
mediaUrl:"String",
isModerated:"Boolean",
isFlagged:"Boolean",
flaggedBy:"ID",
flagReason:"String",
isRead:"Boolean",
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "message",
"method": "PATCH",
"action": "update",
"appVersion": "Version",
"rowCount": 1,
"message": {
"id": "ID",
"threadId": "ID",
"content": "Text",
"senderId": "ID",
"sentAt": "Date",
"messageType": "Enum",
"messageType_idx": "Integer",
"mediaUrl": "String",
"isModerated": "Boolean",
"isFlagged": "Boolean",
"flaggedBy": "ID",
"flagReason": "String",
"isRead": "Boolean",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
Update Messagethread
API
Update thread state (e.g. isOpen=false to close), only guest, host, or admin can update.
Rest Route
The
updateMessageThread
API REST controller can be triggered via the following route:
/v1/messagethreads/:messageThreadId
Rest Request Parameters
The
updateMessageThread
api has got 6 request parameters
| Parameter | Type | Required | Population |
|---|---|---|---|
| messageThreadId | ID | true | request.params?.messageThreadId |
| messageCount | Integer | false | request.body?.messageCount |
| isOpen | Boolean | false | request.body?.isOpen |
| lastMessageAt | Date | false | request.body?.lastMessageAt |
| listingId | ID | false | request.body?.listingId |
| reservationId | ID | false | request.body?.reservationId |
| messageThreadId : This id paremeter is used to select the required data object that will be updated | |||
| messageCount : Total number of messages in thread. | |||
| isOpen : Thread is open for messaging (not closed/archived). | |||
| lastMessageAt : Last message sent in thread. | |||
| listingId : Listing related to this thread if any. | |||
| reservationId : Reservation related to thread if any. |
REST Request To access the api you can use the REST controller with the path PATCH /v1/messagethreads/:messageThreadId
axios({
method: 'PATCH',
url: `/v1/messagethreads/${messageThreadId}`,
data: {
messageCount:"Integer",
isOpen:"Boolean",
lastMessageAt:"Date",
listingId:"ID",
reservationId:"ID",
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "messageThread",
"method": "PATCH",
"action": "update",
"appVersion": "Version",
"rowCount": 1,
"messageThread": {
"id": "ID",
"messageCount": "Integer",
"isOpen": "Boolean",
"guestId": "ID",
"lastMessageAt": "Date",
"listingId": "ID",
"hostId": "ID",
"reservationId": "ID",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
Delete Messagethread
API
Soft-delete (archive/close) a thread. Only allowed for guest/host or admin; marks isActive=false.
Rest Route
The
deleteMessageThread
API REST controller can be triggered via the following route:
/v1/messagethreads/:messageThreadId
Rest Request Parameters
The
deleteMessageThread
api has got 1 request parameter
| Parameter | Type | Required | Population |
|---|---|---|---|
| messageThreadId | ID | true | request.params?.messageThreadId |
| messageThreadId : This id paremeter is used to select the required data object that will be deleted |
REST Request To access the api you can use the REST controller with the path DELETE /v1/messagethreads/:messageThreadId
axios({
method: 'DELETE',
url: `/v1/messagethreads/${messageThreadId}`,
data: {
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "messageThread",
"method": "DELETE",
"action": "delete",
"appVersion": "Version",
"rowCount": 1,
"messageThread": {
"id": "ID",
"messageCount": "Integer",
"isOpen": "Boolean",
"guestId": "ID",
"lastMessageAt": "Date",
"listingId": "ID",
"hostId": "ID",
"reservationId": "ID",
"isActive": false,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
Create Message
API
Create/send a message to a thread (guest/host only, must be participant). Sets sentAt, and updates thread.lastMessageAt/messageCount atomically.
Rest Route
The
createMessage
API REST controller can be triggered via the following route:
/v1/messages
Rest Request Parameters
The
createMessage
api has got 10 request parameters
| Parameter | Type | Required | Population |
|---|---|---|---|
| threadId | ID | true | request.body?.threadId |
| content | Text | true | request.body?.content |
| senderId | ID | true | request.body?.senderId |
| sentAt | Date | true | request.body?.sentAt |
| messageType | Enum | true | request.body?.messageType |
| mediaUrl | String | false | request.body?.mediaUrl |
| isModerated | Boolean | true | request.body?.isModerated |
| isFlagged | Boolean | true | request.body?.isFlagged |
| flaggedBy | ID | false | request.body?.flaggedBy |
| flagReason | String | false | request.body?.flagReason |
| threadId : Thread this message belongs to. | |||
| content : Message content (text or system message). | |||
| senderId : User who sent this message (must be guest/host in thread). | |||
| sentAt : When this message was sent (from client/server). | |||
| messageType : Message type: text/media/system. | |||
| mediaUrl : URL of media if type=media (optional, else null). | |||
| isModerated : True if message reviewed by admin (can be marked in moderation). | |||
| isFlagged : Message flagged as abuse/inappropriate. | |||
| flaggedBy : User who flagged, if any. | |||
| flagReason : Reason for flagging, if provided. |
REST Request To access the api you can use the REST controller with the path POST /v1/messages
axios({
method: 'POST',
url: '/v1/messages',
data: {
threadId:"ID",
content:"Text",
senderId:"ID",
sentAt:"Date",
messageType:"Enum",
mediaUrl:"String",
isModerated:"Boolean",
isFlagged:"Boolean",
flaggedBy:"ID",
flagReason:"String",
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "201",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "message",
"method": "POST",
"action": "create",
"appVersion": "Version",
"rowCount": 1,
"message": {
"id": "ID",
"threadId": "ID",
"content": "Text",
"senderId": "ID",
"sentAt": "Date",
"messageType": "Enum",
"messageType_idx": "Integer",
"mediaUrl": "String",
"isModerated": "Boolean",
"isFlagged": "Boolean",
"flaggedBy": "ID",
"flagReason": "String",
"isRead": "Boolean",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
Get Messagethread
API
Get a message thread with participant/context enrichment. Only guest, host, or admin may view.
Rest Route
The
getMessageThread
API REST controller can be triggered via the following route:
/v1/messagethreads/:messageThreadId
Rest Request Parameters
The
getMessageThread
api has got 1 request parameter
| Parameter | Type | Required | Population |
|---|---|---|---|
| messageThreadId | ID | true | request.params?.messageThreadId |
| messageThreadId : This id paremeter is used to query the required data object. |
REST Request To access the api you can use the REST controller with the path GET /v1/messagethreads/:messageThreadId
axios({
method: 'GET',
url: `/v1/messagethreads/${messageThreadId}`,
data: {
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "messageThread",
"method": "GET",
"action": "get",
"appVersion": "Version",
"rowCount": 1,
"messageThread": {
"id": "ID",
"messageCount": "Integer",
"isOpen": "Boolean",
"guestId": "ID",
"lastMessageAt": "Date",
"listingId": "ID",
"hostId": "ID",
"reservationId": "ID",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
Get Message
API
Get a message (guest/host must be in thread, or admin). Enrich with sender info.
Rest Route
The
getMessage
API REST controller can be triggered via the following route:
/v1/messages/:messageId
Rest Request Parameters
The
getMessage
api has got 1 request parameter
| Parameter | Type | Required | Population |
|---|---|---|---|
| messageId | ID | true | request.params?.messageId |
| messageId : This id paremeter is used to query the required data object. |
REST Request To access the api you can use the REST controller with the path GET /v1/messages/:messageId
axios({
method: 'GET',
url: `/v1/messages/${messageId}`,
data: {
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "message",
"method": "GET",
"action": "get",
"appVersion": "Version",
"rowCount": 1,
"message": {
"id": "ID",
"threadId": "ID",
"content": "Text",
"senderId": "ID",
"sentAt": "Date",
"messageType": "Enum",
"messageType_idx": "Integer",
"mediaUrl": "String",
"isModerated": "Boolean",
"isFlagged": "Boolean",
"flaggedBy": "ID",
"flagReason": "String",
"isRead": "Boolean",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
List Messagethreads
API
List threads for user; only show where session user is guest or host, or admin role.
Rest Route
The
listMessageThreads
API REST controller can be triggered via the following route:
/v1/messagethreads
Rest Request Parameters The
listMessageThreads
api has got no request parameters.
REST Request To access the api you can use the REST controller with the path GET /v1/messagethreads
axios({
method: 'GET',
url: '/v1/messagethreads',
data: {
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "messageThreads",
"method": "GET",
"action": "list",
"appVersion": "Version",
"rowCount": "\"Number\"",
"messageThreads": [
{
"id": "ID",
"messageCount": "Integer",
"isOpen": "Boolean",
"guestId": "ID",
"lastMessageAt": "Date",
"listingId": "ID",
"hostId": "ID",
"reservationId": "ID",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID",
"listingDets": [
{
"title": "String",
"address": "String",
"propertyType": "Enum",
"propertyType_idx": "Integer",
"location": "Object"
},
{},
{}
],
"rezDets": [
{
"bookingStatus": "Enum",
"bookingStatus_idx": "Integer",
"checkOut": "Date",
"checkIn": "Date"
},
{},
{}
]
},
{},
{}
],
"paging": {
"pageNumber": "Number",
"pageRowCount": "NUmber",
"totalRowCount": "Number",
"pageCount": "Number"
},
"filters": [],
"uiPermissions": []
}
Get Threadmessages
API
List messages in a thread (participants only, or admin). Sorted by sentAt ASC. Includes sender info for display.
Rest Route
The
getThreadMessages
API REST controller can be triggered via the following route:
/v1/threadmessages/:threadId
Rest Request Parameters
The
getThreadMessages
api has got 1 request parameter
| Parameter | Type | Required | Population |
|---|---|---|---|
| threadId | ID | true | request.params?.threadId |
| threadId : |
REST Request To access the api you can use the REST controller with the path GET /v1/threadmessages/:threadId
axios({
method: 'GET',
url: `/v1/threadmessages/${threadId}`,
data: {
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "messages",
"method": "GET",
"action": "list",
"appVersion": "Version",
"rowCount": "\"Number\"",
"messages": [
{
"id": "ID",
"threadId": "ID",
"content": "Text",
"senderId": "ID",
"sentAt": "Date",
"messageType": "Enum",
"messageType_idx": "Integer",
"mediaUrl": "String",
"isModerated": "Boolean",
"isFlagged": "Boolean",
"flaggedBy": "ID",
"flagReason": "String",
"isRead": "Boolean",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
},
{},
{}
],
"paging": {
"pageNumber": "Number",
"pageRowCount": "NUmber",
"totalRowCount": "Number",
"pageCount": "Number"
},
"filters": [],
"uiPermissions": [],
"thread": {
"listingId": "ID"
},
"listing": {
"title": "String",
"amenityIds": "ID",
"mainPhoto": "String",
"photos": "String",
"address": "String",
"description": "Text"
},
"amenities": {}
}
Gotthread Messages
API
Rest Route
The
gotthreadMessages
API REST controller can be triggered via the following route:
/v1/gotthreadmessages/:threadId
Rest Request Parameters
The
gotthreadMessages
api has got 1 request parameter
| Parameter | Type | Required | Population |
|---|---|---|---|
| threadId | String | true | request.params?.threadId |
| threadId : This parameter will be used to select the data objects that want to be listed |
REST Request To access the api you can use the REST controller with the path GET /v1/gotthreadmessages/:threadId
axios({
method: 'GET',
url: `/v1/gotthreadmessages/${threadId}`,
data: {
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "messages",
"method": "GET",
"action": "list",
"appVersion": "Version",
"rowCount": "\"Number\"",
"messages": [
{
"id": "ID",
"threadId": "ID",
"content": "Text",
"senderId": "ID",
"sentAt": "Date",
"messageType": "Enum",
"messageType_idx": "Integer",
"mediaUrl": "String",
"isModerated": "Boolean",
"isFlagged": "Boolean",
"flaggedBy": "ID",
"flagReason": "String",
"isRead": "Boolean",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
},
{},
{}
],
"paging": {
"pageNumber": "Number",
"pageRowCount": "NUmber",
"totalRowCount": "Number",
"pageCount": "Number"
},
"filters": [],
"uiPermissions": []
}
List Messagereports
API
List message reports. Reporter, admin, or (involved) sender may see. Admin sees all, others see those they filed or are involved in. Intended for moderation/admin panel and user reporting history.
Rest Route
The
listMessageReports
API REST controller can be triggered via the following route:
/v1/messagereports
Rest Request Parameters The
listMessageReports
api has got no request parameters.
REST Request To access the api you can use the REST controller with the path GET /v1/messagereports
axios({
method: 'GET',
url: '/v1/messagereports',
data: {
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "messageReports",
"method": "GET",
"action": "list",
"appVersion": "Version",
"rowCount": "\"Number\"",
"messageReports": [
{
"id": "ID",
"reportedBy": "ID",
"reportReason": "String",
"moderationStatus": "Enum",
"moderationStatus_idx": "Integer",
"messageId": "ID",
"adminId": "ID",
"reportedAt": "Date",
"resolutionNotes": "Text",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
},
{},
{}
],
"paging": {
"pageNumber": "Number",
"pageRowCount": "NUmber",
"totalRowCount": "Number",
"pageCount": "Number"
},
"filters": [],
"uiPermissions": []
}
Create Messagereport
API
User files report on a message for abuse/moderation. Links to message & reporter. Sets status=pending, visible to reporter, admin, and message sender (for defense/appeal).
Rest Route
The
createMessageReport
API REST controller can be triggered via the following route:
/v1/messagereports
Rest Request Parameters
The
createMessageReport
api has got 7 request parameters
| Parameter | Type | Required | Population |
|---|---|---|---|
| reportedBy | ID | true | request.body?.reportedBy |
| reportReason | String | true | request.body?.reportReason |
| moderationStatus | Enum | true | request.body?.moderationStatus |
| messageId | ID | true | request.body?.messageId |
| adminId | ID | false | request.body?.adminId |
| reportedAt | Date | true | request.body?.reportedAt |
| resolutionNotes | Text | false | request.body?.resolutionNotes |
| reportedBy : User reporting this message. | |||
| reportReason : Reporter-supplied reason for report/abuse claim. | |||
| moderationStatus : Status of admin moderation/response. | |||
| messageId : Message being reported (abuse/inappropriate). | |||
| adminId : Admin assigned/reviewing this report (if any). | |||
| reportedAt : Datetime when report was filed. | |||
| resolutionNotes : Admin/moderator notes regarding outcome/resolution. |
REST Request To access the api you can use the REST controller with the path POST /v1/messagereports
axios({
method: 'POST',
url: '/v1/messagereports',
data: {
reportedBy:"ID",
reportReason:"String",
moderationStatus:"Enum",
messageId:"ID",
adminId:"ID",
reportedAt:"Date",
resolutionNotes:"Text",
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "201",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "messageReport",
"method": "POST",
"action": "create",
"appVersion": "Version",
"rowCount": 1,
"messageReport": {
"id": "ID",
"reportedBy": "ID",
"reportReason": "String",
"moderationStatus": "Enum",
"moderationStatus_idx": "Integer",
"messageId": "ID",
"adminId": "ID",
"reportedAt": "Date",
"resolutionNotes": "Text",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
Update Messagereport
API
Admin moderator updates report: assign adminId, update status, add resolution notes. Only admin role allowed.
Rest Route
The
updateMessageReport
API REST controller can be triggered via the following route:
/v1/messagereports/:messageReportId
Rest Request Parameters
The
updateMessageReport
api has got 4 request parameters
| Parameter | Type | Required | Population |
|---|---|---|---|
| messageReportId | ID | true | request.params?.messageReportId |
| moderationStatus | Enum | false | request.body?.moderationStatus |
| adminId | ID | false | request.body?.adminId |
| resolutionNotes | Text | false | request.body?.resolutionNotes |
| messageReportId : This id paremeter is used to select the required data object that will be updated | |||
| moderationStatus : Status of admin moderation/response. | |||
| adminId : Admin assigned/reviewing this report (if any). | |||
| resolutionNotes : Admin/moderator notes regarding outcome/resolution. |
REST Request To access the api you can use the REST controller with the path PATCH /v1/messagereports/:messageReportId
axios({
method: 'PATCH',
url: `/v1/messagereports/${messageReportId}`,
data: {
moderationStatus:"Enum",
adminId:"ID",
resolutionNotes:"Text",
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "messageReport",
"method": "PATCH",
"action": "update",
"appVersion": "Version",
"rowCount": 1,
"messageReport": {
"id": "ID",
"reportedBy": "ID",
"reportReason": "String",
"moderationStatus": "Enum",
"moderationStatus_idx": "Integer",
"messageId": "ID",
"adminId": "ID",
"reportedAt": "Date",
"resolutionNotes": "Text",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
Get Messagereport
API
Get a message report. Reporter, admin, or message sender may view report. Includes message, admin, and involved user info via selectJoins for moderation view.
Rest Route
The
getMessageReport
API REST controller can be triggered via the following route:
/v1/messagereports/:messageReportId
Rest Request Parameters
The
getMessageReport
api has got 1 request parameter
| Parameter | Type | Required | Population |
|---|---|---|---|
| messageReportId | ID | true | request.params?.messageReportId |
| messageReportId : This id paremeter is used to query the required data object. |
REST Request To access the api you can use the REST controller with the path GET /v1/messagereports/:messageReportId
axios({
method: 'GET',
url: `/v1/messagereports/${messageReportId}`,
data: {
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "messageReport",
"method": "GET",
"action": "get",
"appVersion": "Version",
"rowCount": 1,
"messageReport": {
"id": "ID",
"reportedBy": "ID",
"reportReason": "String",
"moderationStatus": "Enum",
"moderationStatus_idx": "Integer",
"messageId": "ID",
"adminId": "ID",
"reportedAt": "Date",
"resolutionNotes": "Text",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
PropertyCatalog Service
Service for management of property listings, calendars, amenities, and localization for a short-term rental marketplace. Hosts can manage listings, availability, multi-language descriptions, policies, pricing, and attributes, served for global search and discovery...
PropertyCatalog Service Data Objects
ListingCalendar Represents daily availability, pricing, and reservation state for a listing (i.e., a property calendar entry).
ListingAmenity Dictionary of possible amenities (wifi, pool, etc.) for hosts to reference in their listings.
Listing Represents a property or space offered for short-term rental by a host. Includes host ref, core attributes, pricing, location, seasonal pricing, media, and booking/policy properties...
ListingLocaleText Localized title & description texts for a property listing, per language.
PropertyCatalog Service Access urls
This service is accessible via the following environment-specific URLs:
-
Preview:
https://airbnb3.prw.mindbricks.com/propertycatalog-api -
Staging:
https://airbnb3-stage.mindbricks.co/propertycatalog-api -
Production:
https://airbnb3.mindbricks.co/propertycatalog-api
Update Listing
API
Update an existing listing owned by the host or admin.
Rest Route
The
updateListing
API REST controller can be triggered via the following route:
/v1/listings/:listingId
Rest Request Parameters
The
updateListing
api has got 21 request parameters
| Parameter | Type | Required | Population |
|---|---|---|---|
| listingId | ID | true | request.params?.listingId |
| title | String | false | request.body?.title |
| amenityIds | ID | false | request.body?.amenityIds |
| mainPhoto | String | false | request.body?.mainPhoto |
| photos | String | false | request.body?.photos |
| address | String | false | request.body?.address |
| pricePerNight | Double | false | request.body?.pricePerNight |
| description | Text | false | request.body?.description |
| propertyType | Enum | false | request.body?.propertyType |
| location | Object | false | request.body?.location |
| maxStay | Integer | false | request.body?.maxStay |
| minStay | Integer | false | request.body?.minStay |
| currency | String | false | request.body?.currency |
| seasonalPricing | Object | false | request.body?.seasonalPricing |
| approvalType | Enum | false | request.body?.approvalType |
| bookingPolicies | Object | false | request.body?.bookingPolicies |
| cancellationPolicy | Object | false | request.body?.cancellationPolicy |
| languagesSupported | String | false | request.body?.languagesSupported |
| houseRules | Text | false | request.body?.houseRules |
| isPublished | Boolean | false | request.body?.isPublished |
| cityTaxPercent | Double | false | request.body?.cityTaxPercent |
| listingId : This id paremeter is used to select the required data object that will be updated | |||
| title : Default listing title (host language)—localized titles in listingLocaleText. | |||
| amenityIds : Array of amenities from 'listingAmenity'. | |||
| mainPhoto : URL of the primary listing photo. | |||
| photos : Array of photo URLs. | |||
| address : Free-form address (not necessarily geo-coded). | |||
| pricePerNight : Base nightly price in platform currency. | |||
| description : Default listing description (host language)—localized via listingLocaleText. | |||
| propertyType : Type of property (e.g. apartment, house, villa, room). | |||
| location : Geo-location object (latitude and longitude). | |||
| maxStay : Maximum nights allowed for booking. | |||
| minStay : Minimum nights required for booking. | |||
| currency : Currency code (ISO 4217). | |||
| seasonalPricing : Objects defining season/date-specific price adjustments. | |||
| approvalType : Whether bookings require approval or are instant. | |||
| bookingPolicies : Object describing booking rules and platform-enforced restrictions. | |||
| cancellationPolicy : Object snapshot of cancellation policy details for this listing. | |||
| languagesSupported : Array of ISO codes for localized content supported in this listing. | |||
| houseRules : Free-form rules set by the host for this listing. | |||
| isPublished : If true, listing is public/discoverable. | |||
| cityTaxPercent : City or tourism tax as a percentage set for this listing's location/region. |
REST Request To access the api you can use the REST controller with the path PATCH /v1/listings/:listingId
axios({
method: 'PATCH',
url: `/v1/listings/${listingId}`,
data: {
title:"String",
amenityIds:"ID",
mainPhoto:"String",
photos:"String",
address:"String",
pricePerNight:"Double",
description:"Text",
propertyType:"Enum",
location:"Object",
maxStay:"Integer",
minStay:"Integer",
currency:"String",
seasonalPricing:"Object",
approvalType:"Enum",
bookingPolicies:"Object",
cancellationPolicy:"Object",
languagesSupported:"String",
houseRules:"Text",
isPublished:"Boolean",
cityTaxPercent:"Double",
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "listing",
"method": "PATCH",
"action": "update",
"appVersion": "Version",
"rowCount": 1,
"listing": {
"id": "ID",
"title": "String",
"amenityIds": "ID",
"hostId": "ID",
"mainPhoto": "String",
"photos": "String",
"address": "String",
"pricePerNight": "Double",
"description": "Text",
"propertyType": "Enum",
"propertyType_idx": "Integer",
"location": "Object",
"maxStay": "Integer",
"minStay": "Integer",
"currency": "String",
"seasonalPricing": "Object",
"approvalType": "Enum",
"approvalType_idx": "Integer",
"bookingPolicies": "Object",
"cancellationPolicy": "Object",
"languagesSupported": "String",
"houseRules": "Text",
"isPublished": "Boolean",
"cityTaxPercent": "Double",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
Create Listing
API
Create a new rental property listing. Host must be the owner (session user).
Rest Route
The
createListing
API REST controller can be triggered via the following route:
/v1/listings
Rest Request Parameters
The
createListing
api has got 20 request parameters
| Parameter | Type | Required | Population |
|---|---|---|---|
| title | String | true | request.body?.title |
| amenityIds | ID | false | request.body?.amenityIds |
| mainPhoto | String | false | request.body?.mainPhoto |
| photos | String | false | request.body?.photos |
| address | String | true | request.body?.address |
| pricePerNight | Double | true | request.body?.pricePerNight |
| description | Text | true | request.body?.description |
| propertyType | Enum | true | request.body?.propertyType |
| location | Object | true | request.body?.location |
| maxStay | Integer | false | request.body?.maxStay |
| minStay | Integer | false | request.body?.minStay |
| currency | String | true | request.body?.currency |
| seasonalPricing | Object | false | request.body?.seasonalPricing |
| approvalType | Enum | true | request.body?.approvalType |
| bookingPolicies | Object | false | request.body?.bookingPolicies |
| cancellationPolicy | Object | false | request.body?.cancellationPolicy |
| languagesSupported | String | false | request.body?.languagesSupported |
| houseRules | Text | false | request.body?.houseRules |
| isPublished | Boolean | true | request.body?.isPublished |
| cityTaxPercent | Double | false | request.body?.cityTaxPercent |
| title : Default listing title (host language)—localized titles in listingLocaleText. | |||
| amenityIds : Array of amenities from 'listingAmenity'. | |||
| mainPhoto : URL of the primary listing photo. | |||
| photos : Array of photo URLs. | |||
| address : Free-form address (not necessarily geo-coded). | |||
| pricePerNight : Base nightly price in platform currency. | |||
| description : Default listing description (host language)—localized via listingLocaleText. | |||
| propertyType : Type of property (e.g. apartment, house, villa, room). | |||
| location : Geo-location object (latitude and longitude). | |||
| maxStay : Maximum nights allowed for booking. | |||
| minStay : Minimum nights required for booking. | |||
| currency : Currency code (ISO 4217). | |||
| seasonalPricing : Objects defining season/date-specific price adjustments. | |||
| approvalType : Whether bookings require approval or are instant. | |||
| bookingPolicies : Object describing booking rules and platform-enforced restrictions. | |||
| cancellationPolicy : Object snapshot of cancellation policy details for this listing. | |||
| languagesSupported : Array of ISO codes for localized content supported in this listing. | |||
| houseRules : Free-form rules set by the host for this listing. | |||
| isPublished : If true, listing is public/discoverable. | |||
| cityTaxPercent : City or tourism tax as a percentage set for this listing's location/region. |
REST Request To access the api you can use the REST controller with the path POST /v1/listings
axios({
method: 'POST',
url: '/v1/listings',
data: {
title:"String",
amenityIds:"ID",
mainPhoto:"String",
photos:"String",
address:"String",
pricePerNight:"Double",
description:"Text",
propertyType:"Enum",
location:"Object",
maxStay:"Integer",
minStay:"Integer",
currency:"String",
seasonalPricing:"Object",
approvalType:"Enum",
bookingPolicies:"Object",
cancellationPolicy:"Object",
languagesSupported:"String",
houseRules:"Text",
isPublished:"Boolean",
cityTaxPercent:"Double",
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "201",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "listing",
"method": "POST",
"action": "create",
"appVersion": "Version",
"rowCount": 1,
"listing": {
"id": "ID",
"title": "String",
"amenityIds": "ID",
"hostId": "ID",
"mainPhoto": "String",
"photos": "String",
"address": "String",
"pricePerNight": "Double",
"description": "Text",
"propertyType": "Enum",
"propertyType_idx": "Integer",
"location": "Object",
"maxStay": "Integer",
"minStay": "Integer",
"currency": "String",
"seasonalPricing": "Object",
"approvalType": "Enum",
"approvalType_idx": "Integer",
"bookingPolicies": "Object",
"cancellationPolicy": "Object",
"languagesSupported": "String",
"houseRules": "Text",
"isPublished": "Boolean",
"cityTaxPercent": "Double",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
Delete Listing
API
Delete (soft-delete) a property listing. Host must be owner or admin.
Rest Route
The
deleteListing
API REST controller can be triggered via the following route:
/v1/listings/:listingId
Rest Request Parameters
The
deleteListing
api has got 1 request parameter
| Parameter | Type | Required | Population |
|---|---|---|---|
| listingId | ID | true | request.params?.listingId |
| listingId : This id paremeter is used to select the required data object that will be deleted |
REST Request To access the api you can use the REST controller with the path DELETE /v1/listings/:listingId
axios({
method: 'DELETE',
url: `/v1/listings/${listingId}`,
data: {
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "listing",
"method": "DELETE",
"action": "delete",
"appVersion": "Version",
"rowCount": 1,
"listing": {
"id": "ID",
"title": "String",
"amenityIds": "ID",
"hostId": "ID",
"mainPhoto": "String",
"photos": "String",
"address": "String",
"pricePerNight": "Double",
"description": "Text",
"propertyType": "Enum",
"propertyType_idx": "Integer",
"location": "Object",
"maxStay": "Integer",
"minStay": "Integer",
"currency": "String",
"seasonalPricing": "Object",
"approvalType": "Enum",
"approvalType_idx": "Integer",
"bookingPolicies": "Object",
"cancellationPolicy": "Object",
"languagesSupported": "String",
"houseRules": "Text",
"isPublished": "Boolean",
"cityTaxPercent": "Double",
"isActive": false,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
List Listings
API
List all property listings (optionally filtered). Includes amenities and locales as joins for display search cards.
Rest Route
The
listListings
API REST controller can be triggered via the following route:
/v1/listings
Rest Request Parameters The
listListings
api has got no request parameters.
REST Request To access the api you can use the REST controller with the path GET /v1/listings
axios({
method: 'GET',
url: '/v1/listings',
data: {
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "listings",
"method": "GET",
"action": "list",
"appVersion": "Version",
"rowCount": "\"Number\"",
"listings": [
{
"id": "ID",
"title": "String",
"amenityIds": "ID",
"hostId": "ID",
"mainPhoto": "String",
"photos": "String",
"address": "String",
"pricePerNight": "Double",
"description": "Text",
"propertyType": "Enum",
"propertyType_idx": "Integer",
"location": "Object",
"maxStay": "Integer",
"minStay": "Integer",
"currency": "String",
"seasonalPricing": "Object",
"approvalType": "Enum",
"approvalType_idx": "Integer",
"bookingPolicies": "Object",
"cancellationPolicy": "Object",
"languagesSupported": "String",
"houseRules": "Text",
"isPublished": "Boolean",
"cityTaxPercent": "Double",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID",
"reviews": {
"rating": "Integer",
"revieweeId": "ID"
},
"amenities": {
"iconUrl": "String",
"name": "String"
}
},
{},
{}
],
"paging": {
"pageNumber": "Number",
"pageRowCount": "NUmber",
"totalRowCount": "Number",
"pageCount": "Number"
},
"filters": [],
"uiPermissions": []
}
Update Listingcalendar
API
Update a calendar entry (availablity, pricing, reservation) for a listing date.
Rest Route
The
updateListingCalendar
API REST controller can be triggered via the following route:
/v1/listingcalendars/:listingCalendarId
Rest Request Parameters
The
updateListingCalendar
api has got 7 request parameters
| Parameter | Type | Required | Population |
|---|---|---|---|
| listingCalendarId | ID | true | request.params?.listingCalendarId |
| priceOverride | Double | false | request.body?.priceOverride |
| minStay | Integer | false | request.body?.minStay |
| bookedBy | ID | false | request.body?.bookedBy |
| iCalUrl | String | false | request.body?.iCalUrl |
| externalCalendarIds | String | false | request.body?.externalCalendarIds |
| isAvailable | Boolean | false | request.body?.isAvailable |
| listingCalendarId : This id paremeter is used to select the required data object that will be updated | |||
| priceOverride : Override price for this specific date (if exists). | |||
| minStay : Minimum stay enforced for this date (overrides listing value). | |||
| bookedBy : User ID who reserved this date, if any. | |||
| iCalUrl : iCal export URL for calendar sync (guest/owner use). | |||
| externalCalendarIds : IDs for synchronized (imported) external calendars. | |||
| isAvailable : If true, date is bookable (else is blocked/reserved). |
REST Request To access the api you can use the REST controller with the path PATCH /v1/listingcalendars/:listingCalendarId
axios({
method: 'PATCH',
url: `/v1/listingcalendars/${listingCalendarId}`,
data: {
priceOverride:"Double",
minStay:"Integer",
bookedBy:"ID",
iCalUrl:"String",
externalCalendarIds:"String",
isAvailable:"Boolean",
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "listingCalendar",
"method": "PATCH",
"action": "update",
"appVersion": "Version",
"rowCount": 1,
"listingCalendar": {
"id": "ID",
"priceOverride": "Double",
"date": "Date",
"minStay": "Integer",
"listingId": "ID",
"bookedBy": "ID",
"iCalUrl": "String",
"externalCalendarIds": "String",
"isAvailable": "Boolean",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
Create Listingcalendar
API
Add a calendar entry for a listing/date—controls availability or booking info for that day.
Rest Route
The
createListingCalendar
API REST controller can be triggered via the following route:
/v1/listingcalendars
Rest Request Parameters
The
createListingCalendar
api has got 8 request parameters
| Parameter | Type | Required | Population |
|---|---|---|---|
| priceOverride | Double | false | request.body?.priceOverride |
| date | Date | true | request.body?.date |
| minStay | Integer | false | request.body?.minStay |
| listingId | ID | true | request.body?.listingId |
| bookedBy | ID | false | request.body?.bookedBy |
| iCalUrl | String | false | request.body?.iCalUrl |
| externalCalendarIds | String | false | request.body?.externalCalendarIds |
| isAvailable | Boolean | true | request.body?.isAvailable |
| priceOverride : Override price for this specific date (if exists). | |||
| date : Specific date for this calendar entry (YYYY-MM-DD). | |||
| minStay : Minimum stay enforced for this date (overrides listing value). | |||
| listingId : Listing this calendar date belongs to. | |||
| bookedBy : User ID who reserved this date, if any. | |||
| iCalUrl : iCal export URL for calendar sync (guest/owner use). | |||
| externalCalendarIds : IDs for synchronized (imported) external calendars. | |||
| isAvailable : If true, date is bookable (else is blocked/reserved). |
REST Request To access the api you can use the REST controller with the path POST /v1/listingcalendars
axios({
method: 'POST',
url: '/v1/listingcalendars',
data: {
priceOverride:"Double",
date:"Date",
minStay:"Integer",
listingId:"ID",
bookedBy:"ID",
iCalUrl:"String",
externalCalendarIds:"String",
isAvailable:"Boolean",
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "201",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "listingCalendar",
"method": "POST",
"action": "create",
"appVersion": "Version",
"rowCount": 1,
"listingCalendar": {
"id": "ID",
"priceOverride": "Double",
"date": "Date",
"minStay": "Integer",
"listingId": "ID",
"bookedBy": "ID",
"iCalUrl": "String",
"externalCalendarIds": "String",
"isAvailable": "Boolean",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
Delete Listingcalendar
API
Delete (soft-delete) a listing calendar entry (by host/admin).
Rest Route
The
deleteListingCalendar
API REST controller can be triggered via the following route:
/v1/listingcalendars/:listingCalendarId
Rest Request Parameters
The
deleteListingCalendar
api has got 1 request parameter
| Parameter | Type | Required | Population |
|---|---|---|---|
| listingCalendarId | ID | true | request.params?.listingCalendarId |
| listingCalendarId : This id paremeter is used to select the required data object that will be deleted |
REST Request To access the api you can use the REST controller with the path DELETE /v1/listingcalendars/:listingCalendarId
axios({
method: 'DELETE',
url: `/v1/listingcalendars/${listingCalendarId}`,
data: {
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "listingCalendar",
"method": "DELETE",
"action": "delete",
"appVersion": "Version",
"rowCount": 1,
"listingCalendar": {
"id": "ID",
"priceOverride": "Double",
"date": "Date",
"minStay": "Integer",
"listingId": "ID",
"bookedBy": "ID",
"iCalUrl": "String",
"externalCalendarIds": "String",
"isAvailable": "Boolean",
"isActive": false,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
Get Listingcalendar
API
Get a calendar date entry for a listing.
Rest Route
The
getListingCalendar
API REST controller can be triggered via the following route:
/v1/listingcalendars/:listingCalendarId
Rest Request Parameters
The
getListingCalendar
api has got 1 request parameter
| Parameter | Type | Required | Population |
|---|---|---|---|
| listingCalendarId | ID | true | request.params?.listingCalendarId |
| listingCalendarId : This id paremeter is used to query the required data object. |
REST Request To access the api you can use the REST controller with the path GET /v1/listingcalendars/:listingCalendarId
axios({
method: 'GET',
url: `/v1/listingcalendars/${listingCalendarId}`,
data: {
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "listingCalendar",
"method": "GET",
"action": "get",
"appVersion": "Version",
"rowCount": 1,
"listingCalendar": {
"id": "ID",
"priceOverride": "Double",
"date": "Date",
"minStay": "Integer",
"listingId": "ID",
"bookedBy": "ID",
"iCalUrl": "String",
"externalCalendarIds": "String",
"isAvailable": "Boolean",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
List Listingcalendars
API
List calendar entries for one or more listings/dates. Used for display and availability search.
Rest Route
The
listListingCalendars
API REST controller can be triggered via the following route:
/v1/listingcalendars
Rest Request Parameters The
listListingCalendars
api has got no request parameters.
REST Request To access the api you can use the REST controller with the path GET /v1/listingcalendars
axios({
method: 'GET',
url: '/v1/listingcalendars',
data: {
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "listingCalendars",
"method": "GET",
"action": "list",
"appVersion": "Version",
"rowCount": "\"Number\"",
"listingCalendars": [
{
"id": "ID",
"priceOverride": "Double",
"date": "Date",
"minStay": "Integer",
"listingId": "ID",
"bookedBy": "ID",
"iCalUrl": "String",
"externalCalendarIds": "String",
"isAvailable": "Boolean",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
},
{},
{}
],
"paging": {
"pageNumber": "Number",
"pageRowCount": "NUmber",
"totalRowCount": "Number",
"pageCount": "Number"
},
"filters": [],
"uiPermissions": []
}
Get Listing
API
Get a property listing, including enriched amenities and available locales.
Rest Route
The
getListing
API REST controller can be triggered via the following route:
/v1/listings/:listingId
Rest Request Parameters
The
getListing
api has got 1 request parameter
| Parameter | Type | Required | Population |
|---|---|---|---|
| listingId | ID | true | request.params?.listingId |
| listingId : This id paremeter is used to query the required data object. |
REST Request To access the api you can use the REST controller with the path GET /v1/listings/:listingId
axios({
method: 'GET',
url: `/v1/listings/${listingId}`,
data: {
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "listing",
"method": "GET",
"action": "get",
"appVersion": "Version",
"rowCount": 1,
"listing": {
"id": "ID",
"title": "String",
"amenityIds": "ID",
"hostId": "ID",
"mainPhoto": "String",
"photos": "String",
"address": "String",
"pricePerNight": "Double",
"description": "Text",
"propertyType": "Enum",
"propertyType_idx": "Integer",
"location": "Object",
"maxStay": "Integer",
"minStay": "Integer",
"currency": "String",
"seasonalPricing": "Object",
"approvalType": "Enum",
"approvalType_idx": "Integer",
"bookingPolicies": "Object",
"cancellationPolicy": "Object",
"languagesSupported": "String",
"houseRules": "Text",
"isPublished": "Boolean",
"cityTaxPercent": "Double",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID",
"amenities": {
"iconUrl": "String",
"name": "String"
},
"reviews": {
"moderationStatus": "Enum",
"moderationStatus_idx": "Integer",
"isPublished": "Boolean",
"reviewText": "Text",
"rating": "Integer",
"revieweeId": "ID",
"reservationId": "ID",
"reviewerId": "ID",
"revieweeType": "Enum",
"revieweeType_idx": "Integer",
"createdAt": "Date",
"updatedAt": "Date"
},
"rezervations": [
{
"bookingStatus": "Enum",
"bookingStatus_idx": "Integer",
"guestId": "ID"
},
{},
{}
]
}
}
Create Listinglocaletext
API
Add a localized title & description for a listing/language pair.
Rest Route
The
createListingLocaleText
API REST controller can be triggered via the following route:
/v1/listinglocaletexts
Rest Request Parameters
The
createListingLocaleText
api has got 4 request parameters
| Parameter | Type | Required | Population |
|---|---|---|---|
| localizedDescription | Text | true | request.body?.localizedDescription |
| localizedTitle | String | true | request.body?.localizedTitle |
| listingId | ID | true | request.body?.listingId |
| languageCode | String | true | request.body?.languageCode |
| localizedDescription : Localized description for this language. | |||
| localizedTitle : Listing title translated for this language. | |||
| listingId : Listing this translation belongs to. | |||
| languageCode : ISO 639-1 or -2 code for language. |
REST Request To access the api you can use the REST controller with the path POST /v1/listinglocaletexts
axios({
method: 'POST',
url: '/v1/listinglocaletexts',
data: {
localizedDescription:"Text",
localizedTitle:"String",
listingId:"ID",
languageCode:"String",
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "201",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "listingLocaleText",
"method": "POST",
"action": "create",
"appVersion": "Version",
"rowCount": 1,
"listingLocaleText": {
"id": "ID",
"localizedDescription": "Text",
"localizedTitle": "String",
"listingId": "ID",
"languageCode": "String",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
List Listingamenities
API
List all amenity options (public for guests/hosts creating listings).
Rest Route
The
listListingAmenities
API REST controller can be triggered via the following route:
/v1/listingamenities
Rest Request Parameters The
listListingAmenities
api has got no request parameters.
REST Request To access the api you can use the REST controller with the path GET /v1/listingamenities
axios({
method: 'GET',
url: '/v1/listingamenities',
data: {
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "listingAmenities",
"method": "GET",
"action": "list",
"appVersion": "Version",
"rowCount": "\"Number\"",
"listingAmenities": [
{
"id": "ID",
"iconUrl": "String",
"name": "String",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
},
{},
{}
],
"paging": {
"pageNumber": "Number",
"pageRowCount": "NUmber",
"totalRowCount": "Number",
"pageCount": "Number"
},
"filters": [],
"uiPermissions": []
}
Delete Listinglocaletext
API
Delete (soft-delete) a locale text entry for a listing/language.
Rest Route
The
deleteListingLocaleText
API REST controller can be triggered via the following route:
/v1/listinglocaletexts/:listingLocaleTextId
Rest Request Parameters
The
deleteListingLocaleText
api has got 1 request parameter
| Parameter | Type | Required | Population |
|---|---|---|---|
| listingLocaleTextId | ID | true | request.params?.listingLocaleTextId |
| listingLocaleTextId : This id paremeter is used to select the required data object that will be deleted |
REST Request To access the api you can use the REST controller with the path DELETE /v1/listinglocaletexts/:listingLocaleTextId
axios({
method: 'DELETE',
url: `/v1/listinglocaletexts/${listingLocaleTextId}`,
data: {
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "listingLocaleText",
"method": "DELETE",
"action": "delete",
"appVersion": "Version",
"rowCount": 1,
"listingLocaleText": {
"id": "ID",
"localizedDescription": "Text",
"localizedTitle": "String",
"listingId": "ID",
"languageCode": "String",
"isActive": false,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
List Listinglocaletexts
API
List all localized texts for a given listing (multi-language support).
Rest Route
The
listListingLocaleTexts
API REST controller can be triggered via the following route:
/v1/listinglocaletexts
Rest Request Parameters The
listListingLocaleTexts
api has got no request parameters.
REST Request To access the api you can use the REST controller with the path GET /v1/listinglocaletexts
axios({
method: 'GET',
url: '/v1/listinglocaletexts',
data: {
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "listingLocaleTexts",
"method": "GET",
"action": "list",
"appVersion": "Version",
"rowCount": "\"Number\"",
"listingLocaleTexts": [
{
"id": "ID",
"localizedDescription": "Text",
"localizedTitle": "String",
"listingId": "ID",
"languageCode": "String",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
},
{},
{}
],
"paging": {
"pageNumber": "Number",
"pageRowCount": "NUmber",
"totalRowCount": "Number",
"pageCount": "Number"
},
"filters": [],
"uiPermissions": []
}
Update Listinglocaletext
API
Update a localized title/description for a listing/language.
Rest Route
The
updateListingLocaleText
API REST controller can be triggered via the following route:
/v1/listinglocaletexts/:listingLocaleTextId
Rest Request Parameters
The
updateListingLocaleText
api has got 3 request parameters
| Parameter | Type | Required | Population |
|---|---|---|---|
| listingLocaleTextId | ID | true | request.params?.listingLocaleTextId |
| localizedDescription | Text | false | request.body?.localizedDescription |
| localizedTitle | String | false | request.body?.localizedTitle |
| listingLocaleTextId : This id paremeter is used to select the required data object that will be updated | |||
| localizedDescription : Localized description for this language. | |||
| localizedTitle : Listing title translated for this language. |
REST Request To access the api you can use the REST controller with the path PATCH /v1/listinglocaletexts/:listingLocaleTextId
axios({
method: 'PATCH',
url: `/v1/listinglocaletexts/${listingLocaleTextId}`,
data: {
localizedDescription:"Text",
localizedTitle:"String",
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "listingLocaleText",
"method": "PATCH",
"action": "update",
"appVersion": "Version",
"rowCount": 1,
"listingLocaleText": {
"id": "ID",
"localizedDescription": "Text",
"localizedTitle": "String",
"listingId": "ID",
"languageCode": "String",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
Update Listingamenity
API
Update an amenity (admin only).
Rest Route
The
updateListingAmenity
API REST controller can be triggered via the following route:
/v1/listingamenities/:listingAmenityId
Rest Request Parameters
The
updateListingAmenity
api has got 2 request parameters
| Parameter | Type | Required | Population |
|---|---|---|---|
| listingAmenityId | ID | true | request.params?.listingAmenityId |
| iconUrl | String | false | request.body?.iconUrl |
| listingAmenityId : This id paremeter is used to select the required data object that will be updated | |||
| iconUrl : URL of amenity icon. |
REST Request To access the api you can use the REST controller with the path PATCH /v1/listingamenities/:listingAmenityId
axios({
method: 'PATCH',
url: `/v1/listingamenities/${listingAmenityId}`,
data: {
iconUrl:"String",
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "listingAmenity",
"method": "PATCH",
"action": "update",
"appVersion": "Version",
"rowCount": 1,
"listingAmenity": {
"id": "ID",
"iconUrl": "String",
"name": "String",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
Get Listingamenity
API
Get information for a listed amenity (public).
Rest Route
The
getListingAmenity
API REST controller can be triggered via the following route:
/v1/listingamenities/:listingAmenityId
Rest Request Parameters
The
getListingAmenity
api has got 1 request parameter
| Parameter | Type | Required | Population |
|---|---|---|---|
| listingAmenityId | ID | true | request.params?.listingAmenityId |
| listingAmenityId : This id paremeter is used to query the required data object. |
REST Request To access the api you can use the REST controller with the path GET /v1/listingamenities/:listingAmenityId
axios({
method: 'GET',
url: `/v1/listingamenities/${listingAmenityId}`,
data: {
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "listingAmenity",
"method": "GET",
"action": "get",
"appVersion": "Version",
"rowCount": 1,
"listingAmenity": {
"id": "ID",
"iconUrl": "String",
"name": "String",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
Get Listinglocaletext
API
Get localized listing title/description (by listing/language).
Rest Route
The
getListingLocaleText
API REST controller can be triggered via the following route:
/v1/listinglocaletexts/:listingLocaleTextId
Rest Request Parameters
The
getListingLocaleText
api has got 1 request parameter
| Parameter | Type | Required | Population |
|---|---|---|---|
| listingLocaleTextId | ID | true | request.params?.listingLocaleTextId |
| listingLocaleTextId : This id paremeter is used to query the required data object. |
REST Request To access the api you can use the REST controller with the path GET /v1/listinglocaletexts/:listingLocaleTextId
axios({
method: 'GET',
url: `/v1/listinglocaletexts/${listingLocaleTextId}`,
data: {
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "listingLocaleText",
"method": "GET",
"action": "get",
"appVersion": "Version",
"rowCount": 1,
"listingLocaleText": {
"id": "ID",
"localizedDescription": "Text",
"localizedTitle": "String",
"listingId": "ID",
"languageCode": "String",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
Create Listingamenity
API
Add a new amenity to the master amenity list.
Rest Route
The
createListingAmenity
API REST controller can be triggered via the following route:
/v1/listingamenities
Rest Request Parameters
The
createListingAmenity
api has got 2 request parameters
| Parameter | Type | Required | Population |
|---|---|---|---|
| iconUrl | String | false | request.body?.iconUrl |
| name | String | true | request.body?.name |
| iconUrl : URL of amenity icon. | |||
| name : Amenity name (pool, wifi, etc). |
REST Request To access the api you can use the REST controller with the path POST /v1/listingamenities
axios({
method: 'POST',
url: '/v1/listingamenities',
data: {
iconUrl:"String",
name:"String",
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "201",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "listingAmenity",
"method": "POST",
"action": "create",
"appVersion": "Version",
"rowCount": 1,
"listingAmenity": {
"id": "ID",
"iconUrl": "String",
"name": "String",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
Delete Listingamenity
API
Delete (soft-delete) an amenity (admin only).
Rest Route
The
deleteListingAmenity
API REST controller can be triggered via the following route:
/v1/listingamenities/:listingAmenityId
Rest Request Parameters
The
deleteListingAmenity
api has got 1 request parameter
| Parameter | Type | Required | Population |
|---|---|---|---|
| listingAmenityId | ID | true | request.params?.listingAmenityId |
| listingAmenityId : This id paremeter is used to select the required data object that will be deleted |
REST Request To access the api you can use the REST controller with the path DELETE /v1/listingamenities/:listingAmenityId
axios({
method: 'DELETE',
url: `/v1/listingamenities/${listingAmenityId}`,
data: {
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "listingAmenity",
"method": "DELETE",
"action": "delete",
"appVersion": "Version",
"rowCount": 1,
"listingAmenity": {
"id": "ID",
"iconUrl": "String",
"name": "String",
"isActive": false,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
AdminPanel Service
Administrative and compliance management backend for moderation, audit, dispute, financial oversight, localization, and GDPR in the Airbnb-style rental platform...
AdminPanel Service Data Objects
LocalizationSetting Admin-configured valid languages/currencies for site usage and preference.
AdminDisputeAction Record of an admin's moderation/decision action on a dispute.
ApiKey Admin-generated API key for internal/external integration—has revocation, audit trail.
FinancialReport System-generated or admin-generated report snapshots of platform financials for a given period (GDPR/tax).
AuditLog Immutable audit log for recording sensitive admin actions and platform changes.
GdprAction Record of individual user GDPR/consent/export/delete request flow. Used for logs, compliance, and controls.
AdminPanel Service Access urls
This service is accessible via the following environment-specific URLs:
-
Preview:
https://airbnb3.prw.mindbricks.com/adminpanel-api -
Staging:
https://airbnb3-stage.mindbricks.co/adminpanel-api -
Production:
https://airbnb3.mindbricks.co/adminpanel-api
Get Auditlog
API
Fetch audit log entry by ID (admin only).
Rest Route
The
getAuditLog
API REST controller can be triggered via the following route:
/v1/auditlogs/:auditLogId
Rest Request Parameters
The
getAuditLog
api has got 1 request parameter
| Parameter | Type | Required | Population |
|---|---|---|---|
| auditLogId | ID | true | request.params?.auditLogId |
| auditLogId : This id paremeter is used to query the required data object. |
REST Request To access the api you can use the REST controller with the path GET /v1/auditlogs/:auditLogId
axios({
method: 'GET',
url: `/v1/auditlogs/${auditLogId}`,
data: {
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "auditLog",
"method": "GET",
"action": "get",
"appVersion": "Version",
"rowCount": 1,
"auditLog": {
"id": "ID",
"performedBy": "ID",
"objectId": "ID",
"details": "Object",
"ipAddress": "String",
"actionObject": "String",
"occurredAt": "Date",
"actionType": "String",
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID",
"isActive": true
}
}
Get Financialreport
API
Retrieve financial/tax report snapshot by ID (admin only).
Rest Route
The
getFinancialReport
API REST controller can be triggered via the following route:
/v1/financialreports/:financialReportId
Rest Request Parameters
The
getFinancialReport
api has got 1 request parameter
| Parameter | Type | Required | Population |
|---|---|---|---|
| financialReportId | ID | true | request.params?.financialReportId |
| financialReportId : This id paremeter is used to query the required data object. |
REST Request To access the api you can use the REST controller with the path GET /v1/financialreports/:financialReportId
axios({
method: 'GET',
url: `/v1/financialreports/${financialReportId}`,
data: {
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "financialReport",
"method": "GET",
"action": "get",
"appVersion": "Version",
"rowCount": 1,
"financialReport": {
"id": "ID",
"period": "String",
"cityTaxByLocation": "Object",
"totalPayouts": "Double",
"createdBy": "ID",
"totalRefunds": "Double",
"currency": "String",
"generatedAt": "Date",
"totalRevenue": "Double",
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID",
"isActive": true
}
}
Create Financialreport
API
Snapshot financial and tax data for a period. Immutable after creation.
Rest Route
The
createFinancialReport
API REST controller can be triggered via the following route:
/v1/financialreports
Rest Request Parameters
The
createFinancialReport
api has got 7 request parameters
| Parameter | Type | Required | Population |
|---|---|---|---|
| period | String | true | request.body?.period |
| cityTaxByLocation | Object | false | request.body?.cityTaxByLocation |
| totalPayouts | Double | true | request.body?.totalPayouts |
| createdBy | ID | true | request.body?.createdBy |
| totalRefunds | Double | true | request.body?.totalRefunds |
| currency | String | true | request.body?.currency |
| totalRevenue | Double | true | request.body?.totalRevenue |
| period : Reporting period (e.g., '2025-Q1', '2025-05') | |||
| cityTaxByLocation : Breakdown object for city/local/tourism taxes within period (e.g., {"Paris": 1200, "New York": 940}). | |||
| totalPayouts : Total host payouts (for report currency/period). | |||
| createdBy : Admin/automated process that created the report. | |||
| totalRefunds : Total amount refunded during report period (currency match report). | |||
| currency : ISO 4217 currency code for report (e.g., 'USD', 'EUR'). | |||
| totalRevenue : Total gross revenue (in report currency) for period. |
REST Request To access the api you can use the REST controller with the path POST /v1/financialreports
axios({
method: 'POST',
url: '/v1/financialreports',
data: {
period:"String",
cityTaxByLocation:"Object",
totalPayouts:"Double",
createdBy:"ID",
totalRefunds:"Double",
currency:"String",
totalRevenue:"Double",
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "201",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "financialReport",
"method": "POST",
"action": "create",
"appVersion": "Version",
"rowCount": 1,
"financialReport": {
"id": "ID",
"period": "String",
"cityTaxByLocation": "Object",
"totalPayouts": "Double",
"createdBy": "ID",
"totalRefunds": "Double",
"currency": "String",
"generatedAt": "Date",
"totalRevenue": "Double",
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID",
"isActive": true
}
}
List Auditlogs
API
List audit log entries (admin only). Filterable by type, performer, object, date.
Rest Route
The
listAuditLogs
API REST controller can be triggered via the following route:
/v1/auditlogs
Rest Request Parameters The
listAuditLogs
api has got no request parameters.
REST Request To access the api you can use the REST controller with the path GET /v1/auditlogs
axios({
method: 'GET',
url: '/v1/auditlogs',
data: {
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "auditLogs",
"method": "GET",
"action": "list",
"appVersion": "Version",
"rowCount": "\"Number\"",
"auditLogs": [
{
"id": "ID",
"performedBy": "ID",
"objectId": "ID",
"details": "Object",
"ipAddress": "String",
"actionObject": "String",
"occurredAt": "Date",
"actionType": "String",
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID",
"isActive": true
},
{},
{}
],
"paging": {
"pageNumber": "Number",
"pageRowCount": "NUmber",
"totalRowCount": "Number",
"pageCount": "Number"
},
"filters": [],
"uiPermissions": []
}
List Financialreports
API
List period financial/tax reports for admin/AUDIT purposes.
Rest Route
The
listFinancialReports
API REST controller can be triggered via the following route:
/v1/financialreports
Rest Request Parameters The
listFinancialReports
api has got no request parameters.
REST Request To access the api you can use the REST controller with the path GET /v1/financialreports
axios({
method: 'GET',
url: '/v1/financialreports',
data: {
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "financialReports",
"method": "GET",
"action": "list",
"appVersion": "Version",
"rowCount": "\"Number\"",
"financialReports": [
{
"id": "ID",
"period": "String",
"cityTaxByLocation": "Object",
"totalPayouts": "Double",
"createdBy": "ID",
"totalRefunds": "Double",
"currency": "String",
"generatedAt": "Date",
"totalRevenue": "Double",
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID",
"isActive": true
},
{},
{}
],
"paging": {
"pageNumber": "Number",
"pageRowCount": "NUmber",
"totalRowCount": "Number",
"pageCount": "Number"
},
"filters": [],
"uiPermissions": []
}
Create Auditlog
API
Record an admin/platform action/event in the audit log. Called from side-effect flows, not direct user.
Rest Route
The
createAuditLog
API REST controller can be triggered via the following route:
/v1/auditlogs
Rest Request Parameters
The
createAuditLog
api has got 6 request parameters
| Parameter | Type | Required | Population |
|---|---|---|---|
| performedBy | ID | true | request.body?.performedBy |
| objectId | ID | false | request.body?.objectId |
| details | Object | false | request.body?.details |
| ipAddress | String | false | request.body?.ipAddress |
| actionObject | String | true | request.body?.actionObject |
| actionType | String | true | request.body?.actionType |
| performedBy : User (usually admin) who performed the action. | |||
| objectId : ID of the affected object (e.g., reviewId, disputeId, apiKeyId). | |||
| details : Free-form object containing action details, parameters, or change snapshot. | |||
| ipAddress : IP address/address metadata of performer (for compliance tracing). | |||
| actionObject : Object/type this action refers to (e.g. 'review', 'dispute', 'apiKey'). | |||
| actionType : Type of action (e.g., 'approveDispute', 'financialExport', 'updateReviewStatus'). |
REST Request To access the api you can use the REST controller with the path POST /v1/auditlogs
axios({
method: 'POST',
url: '/v1/auditlogs',
data: {
performedBy:"ID",
objectId:"ID",
details:"Object",
ipAddress:"String",
actionObject:"String",
actionType:"String",
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "201",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "auditLog",
"method": "POST",
"action": "create",
"appVersion": "Version",
"rowCount": 1,
"auditLog": {
"id": "ID",
"performedBy": "ID",
"objectId": "ID",
"details": "Object",
"ipAddress": "String",
"actionObject": "String",
"occurredAt": "Date",
"actionType": "String",
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID",
"isActive": true
}
}
Create Localizationsetting
API
Add a supported language/currency for global usage.
Rest Route
The
createLocalizationSetting
API REST controller can be triggered via the following route:
/v1/localizationsettings
Rest Request Parameters
The
createLocalizationSetting
api has got 5 request parameters
| Parameter | Type | Required | Population |
|---|---|---|---|
| languageCode | String | true | request.body?.languageCode |
| effectiveFrom | Date | false | request.body?.effectiveFrom |
| effectiveTo | Date | false | request.body?.effectiveTo |
| currencyCode | String | true | request.body?.currencyCode |
| isCurrencyActive | Boolean | true | request.body?.isCurrencyActive |
| languageCode : ISO 639-1 language code (e.g., 'en', 'fr'). | |||
| effectiveFrom : Start datetime this setting becomes effective. | |||
| effectiveTo : End datetime this setting is valid (null=open ended). | |||
| currencyCode : ISO 4217 currency code (e.g., 'USD', 'EUR'). | |||
| isCurrencyActive : Is currency enabled for offer/usage? |
REST Request To access the api you can use the REST controller with the path POST /v1/localizationsettings
axios({
method: 'POST',
url: '/v1/localizationsettings',
data: {
languageCode:"String",
effectiveFrom:"Date",
effectiveTo:"Date",
currencyCode:"String",
isCurrencyActive:"Boolean",
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "201",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "localizationSetting",
"method": "POST",
"action": "create",
"appVersion": "Version",
"rowCount": 1,
"localizationSetting": {
"id": "ID",
"languageCode": "String",
"effectiveFrom": "Date",
"effectiveTo": "Date",
"currencyCode": "String",
"isCurrencyActive": "Boolean",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
List Admindisputeactions
API
List all moderation/decision records by admins for disputes. Filter by disputeId/adminId.
Rest Route
The
listAdminDisputeActions
API REST controller can be triggered via the following route:
/v1/admindisputeactions
Rest Request Parameters The
listAdminDisputeActions
api has got no request parameters.
REST Request To access the api you can use the REST controller with the path GET /v1/admindisputeactions
axios({
method: 'GET',
url: '/v1/admindisputeactions',
data: {
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "adminDisputeActions",
"method": "GET",
"action": "list",
"appVersion": "Version",
"rowCount": "\"Number\"",
"adminDisputeActions": [
{
"id": "ID",
"disputeId": "ID",
"actionTaken": "String",
"notes": "Text",
"adminId": "ID",
"outcome": "String",
"actionDate": "Date",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
},
{},
{}
],
"paging": {
"pageNumber": "Number",
"pageRowCount": "NUmber",
"totalRowCount": "Number",
"pageCount": "Number"
},
"filters": [],
"uiPermissions": []
}
Create Admindisputeaction
API
Admin records moderation/decision action on a dispute (creates audit log as side effect).
Rest Route
The
createAdminDisputeAction
API REST controller can be triggered via the following route:
/v1/admindisputeactions
Rest Request Parameters
The
createAdminDisputeAction
api has got 5 request parameters
| Parameter | Type | Required | Population |
|---|---|---|---|
| disputeId | ID | true | request.body?.disputeId |
| actionTaken | String | true | request.body?.actionTaken |
| notes | Text | false | request.body?.notes |
| adminId | ID | true | request.body?.adminId |
| outcome | String | false | request.body?.outcome |
| disputeId : Dispute (from bookingManagement:dispute) referenced by this action. | |||
| actionTaken : Action performed (e.g., 'approvedRefund', 'requestedEvidence', 'closedDispute'). | |||
| notes : Admin notes or reasoning for this action (for audit trail/auditLog). | |||
| adminId : Admin user performing action. | |||
| outcome : Outcome, summary, or state after action (e.g., 'refund_issued', 'rejected', 'dispute_closed'). |
REST Request To access the api you can use the REST controller with the path POST /v1/admindisputeactions
axios({
method: 'POST',
url: '/v1/admindisputeactions',
data: {
disputeId:"ID",
actionTaken:"String",
notes:"Text",
adminId:"ID",
outcome:"String",
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "201",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "adminDisputeAction",
"method": "POST",
"action": "create",
"appVersion": "Version",
"rowCount": 1,
"adminDisputeAction": {
"id": "ID",
"disputeId": "ID",
"actionTaken": "String",
"notes": "Text",
"adminId": "ID",
"outcome": "String",
"actionDate": "Date",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
Update Localizationsetting
API
Update a localization setting. Admin only.
Rest Route
The
updateLocalizationSetting
API REST controller can be triggered via the following route:
/v1/localizationsettings/:localizationSettingId
Rest Request Parameters
The
updateLocalizationSetting
api has got 6 request parameters
| Parameter | Type | Required | Population |
|---|---|---|---|
| localizationSettingId | ID | true | request.params?.localizationSettingId |
| languageCode | String | true | request.body?.languageCode |
| effectiveFrom | Date | false | request.body?.effectiveFrom |
| effectiveTo | Date | false | request.body?.effectiveTo |
| currencyCode | String | true | request.body?.currencyCode |
| isCurrencyActive | Boolean | true | request.body?.isCurrencyActive |
| localizationSettingId : This id paremeter is used to select the required data object that will be updated | |||
| languageCode : ISO 639-1 language code (e.g., 'en', 'fr'). | |||
| effectiveFrom : Start datetime this setting becomes effective. | |||
| effectiveTo : End datetime this setting is valid (null=open ended). | |||
| currencyCode : ISO 4217 currency code (e.g., 'USD', 'EUR'). | |||
| isCurrencyActive : Is currency enabled for offer/usage? |
REST Request To access the api you can use the REST controller with the path PATCH /v1/localizationsettings/:localizationSettingId
axios({
method: 'PATCH',
url: `/v1/localizationsettings/${localizationSettingId}`,
data: {
languageCode:"String",
effectiveFrom:"Date",
effectiveTo:"Date",
currencyCode:"String",
isCurrencyActive:"Boolean",
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "localizationSetting",
"method": "PATCH",
"action": "update",
"appVersion": "Version",
"rowCount": 1,
"localizationSetting": {
"id": "ID",
"languageCode": "String",
"effectiveFrom": "Date",
"effectiveTo": "Date",
"currencyCode": "String",
"isCurrencyActive": "Boolean",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
Update Gdpraction
API
Compliance admin records status of a GDPR request (pending/complete/failed). No delete allowed for compliance records.
Rest Route
The
updateGdprAction
API REST controller can be triggered via the following route:
/v1/gdpractions/:gdprActionId
Rest Request Parameters
The
updateGdprAction
api has got 3 request parameters
| Parameter | Type | Required | Population |
|---|---|---|---|
| gdprActionId | ID | true | request.params?.gdprActionId |
| status | Enum | true | request.body?.status |
| processedAt | Date | false | request.body?.processedAt |
| gdprActionId : This id paremeter is used to select the required data object that will be updated | |||
| status : GDPR request status: pending, complete, or failed. | |||
| processedAt : Datetime when handled or process complete/logged. |
REST Request To access the api you can use the REST controller with the path PATCH /v1/gdpractions/:gdprActionId
axios({
method: 'PATCH',
url: `/v1/gdpractions/${gdprActionId}`,
data: {
status:"Enum",
processedAt:"Date",
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "gdprAction",
"method": "PATCH",
"action": "update",
"appVersion": "Version",
"rowCount": 1,
"gdprAction": {
"id": "ID",
"requestedAt": "Date",
"status": "Enum",
"status_idx": "Integer",
"actionType": "String",
"userId": "ID",
"processedAt": "Date",
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID",
"isActive": true
}
}
List Gdpractions
API
List all GDPR/compliance records with status for audit/compliance purposes.
Rest Route
The
listGdprActions
API REST controller can be triggered via the following route:
/v1/gdpractions
Rest Request Parameters The
listGdprActions
api has got no request parameters.
REST Request To access the api you can use the REST controller with the path GET /v1/gdpractions
axios({
method: 'GET',
url: '/v1/gdpractions',
data: {
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "gdprActions",
"method": "GET",
"action": "list",
"appVersion": "Version",
"rowCount": "\"Number\"",
"gdprActions": [
{
"id": "ID",
"requestedAt": "Date",
"status": "Enum",
"status_idx": "Integer",
"actionType": "String",
"userId": "ID",
"processedAt": "Date",
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID",
"isActive": true
},
{},
{}
],
"paging": {
"pageNumber": "Number",
"pageRowCount": "NUmber",
"totalRowCount": "Number",
"pageCount": "Number"
},
"filters": [],
"uiPermissions": []
}
Create Apikey
API
Create/administer an API key (for integrations, partners, automation). Key is hashed at rest.
Rest Route
The
createApiKey
API REST controller can be triggered via the following route:
/v1/apikeys
Rest Request Parameters
The
createApiKey
api has got 5 request parameters
| Parameter | Type | Required | Population |
|---|---|---|---|
| key | String | true | request.body?.key |
| active | Boolean | true | request.body?.active |
| description | String | false | request.body?.description |
| revokedAt | Date | false | request.body?.revokedAt |
| createdBy | ID | true | request.body?.createdBy |
| key : API key string (generated, unique). | |||
| active : Is the API key currently active? | |||
| description : Description/label for the API key/purpose. | |||
| revokedAt : UTC time this key was revoked. | |||
| createdBy : Admin user who generated the key. |
REST Request To access the api you can use the REST controller with the path POST /v1/apikeys
axios({
method: 'POST',
url: '/v1/apikeys',
data: {
key:"String",
active:"Boolean",
description:"String",
revokedAt:"Date",
createdBy:"ID",
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "201",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "apiKey",
"method": "POST",
"action": "create",
"appVersion": "Version",
"rowCount": 1,
"apiKey": {
"id": "ID",
"key": "String",
"active": "Boolean",
"description": "String",
"revokedAt": "Date",
"createdBy": "ID",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
List Apikeys
API
Show all API keys with status (hash only, never show the sensitive key string itself).
Rest Route
The
listApiKeys
API REST controller can be triggered via the following route:
/v1/apikeys
Rest Request Parameters The
listApiKeys
api has got no request parameters.
REST Request To access the api you can use the REST controller with the path GET /v1/apikeys
axios({
method: 'GET',
url: '/v1/apikeys',
data: {
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "apiKeys",
"method": "GET",
"action": "list",
"appVersion": "Version",
"rowCount": "\"Number\"",
"apiKeys": [
{
"id": "ID",
"key": "String",
"active": "Boolean",
"description": "String",
"revokedAt": "Date",
"createdBy": "ID",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
},
{},
{}
],
"paging": {
"pageNumber": "Number",
"pageRowCount": "NUmber",
"totalRowCount": "Number",
"pageCount": "Number"
},
"filters": [],
"uiPermissions": []
}
Update Apikey
API
Update API key metadata or deactivate (e.g. revoke). Only admin allowed.
Rest Route
The
updateApiKey
API REST controller can be triggered via the following route:
/v1/apikeys/:apiKeyId
Rest Request Parameters
The
updateApiKey
api has got 4 request parameters
| Parameter | Type | Required | Population |
|---|---|---|---|
| apiKeyId | ID | true | request.params?.apiKeyId |
| active | Boolean | true | request.body?.active |
| description | String | false | request.body?.description |
| revokedAt | Date | false | request.body?.revokedAt |
| apiKeyId : This id paremeter is used to select the required data object that will be updated | |||
| active : Is the API key currently active? | |||
| description : Description/label for the API key/purpose. | |||
| revokedAt : UTC time this key was revoked. |
REST Request To access the api you can use the REST controller with the path PATCH /v1/apikeys/:apiKeyId
axios({
method: 'PATCH',
url: `/v1/apikeys/${apiKeyId}`,
data: {
active:"Boolean",
description:"String",
revokedAt:"Date",
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "apiKey",
"method": "PATCH",
"action": "update",
"appVersion": "Version",
"rowCount": 1,
"apiKey": {
"id": "ID",
"key": "String",
"active": "Boolean",
"description": "String",
"revokedAt": "Date",
"createdBy": "ID",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
List Localizationsettings
API
Show all currently configured languages/currencies.
Rest Route
The
listLocalizationSettings
API REST controller can be triggered via the following route:
/v1/localizationsettings
Rest Request Parameters The
listLocalizationSettings
api has got no request parameters.
REST Request To access the api you can use the REST controller with the path GET /v1/localizationsettings
axios({
method: 'GET',
url: '/v1/localizationsettings',
data: {
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "localizationSettings",
"method": "GET",
"action": "list",
"appVersion": "Version",
"rowCount": "\"Number\"",
"localizationSettings": [
{
"id": "ID",
"languageCode": "String",
"effectiveFrom": "Date",
"effectiveTo": "Date",
"currencyCode": "String",
"isCurrencyActive": "Boolean",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
},
{},
{}
],
"paging": {
"pageNumber": "Number",
"pageRowCount": "NUmber",
"totalRowCount": "Number",
"pageCount": "Number"
},
"filters": [],
"uiPermissions": []
}
Create Gdpraction
API
User/admin submits GDPR request (export/delete/consent). Logged for compliance; status may be updated by compliance admin only.
Rest Route
The
createGdprAction
API REST controller can be triggered via the following route:
/v1/gdpractions
Rest Request Parameters
The
createGdprAction
api has got 3 request parameters
| Parameter | Type | Required | Population |
|---|---|---|---|
| actionType | String | true | request.body?.actionType |
| userId | ID | true | request.body?.userId |
| processedAt | Date | false | request.body?.processedAt |
| actionType : Type of GDPR request: export, delete, consent-change. | |||
| userId : User who submitted this request. | |||
| processedAt : Datetime when handled or process complete/logged. |
REST Request To access the api you can use the REST controller with the path POST /v1/gdpractions
axios({
method: 'POST',
url: '/v1/gdpractions',
data: {
actionType:"String",
userId:"ID",
processedAt:"Date",
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "201",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "gdprAction",
"method": "POST",
"action": "create",
"appVersion": "Version",
"rowCount": 1,
"gdprAction": {
"id": "ID",
"requestedAt": "Date",
"status": "Enum",
"status_idx": "Integer",
"actionType": "String",
"userId": "ID",
"processedAt": "Date",
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID",
"isActive": true
}
}
BookingManagement Service
Orchestrates booking, payment, calendar, changewsand dispute flows for Airbnb-style short-term rental marketplace...test Handles reservations, approval, Stripe payments, iCal sync, payment records, and the dispute/refund lifecycle with host/guest/admin visibility.
BookingManagement Service Data Objects
Reservation Represents a guest's booking for a property listing, including dates, participants, approval/payment/dispute status, and iCal sync info...
PaymentRecord Stores payment and payout records (Stripe-driven) linked to a reservation (guest booking), including platform fees, taxes, host payouts, and status updates. Immutable after creation, never hard deleted.
Dispute Represents a dispute, refund request, or booking issue reported by guest/host/admin for a reservation. Flows to admin for handling, resolves with resolutionStatus and reference to any refund/payment involved.
Sys_reservationPayment A payment storage object to store the payment life cyle of orders based on reservation object. It is autocreated based on the source object's checkout config
Sys_paymentCustomer A payment storage object to store the customer values of the payment platform
Sys_paymentMethod A payment storage object to store the payment methods of the platform customers
BookingManagement Service Access urls
This service is accessible via the following environment-specific URLs:
-
Preview:
https://airbnb3.prw.mindbricks.com/bookingmanagement-api -
Staging:
https://airbnb3-stage.mindbricks.co/bookingmanagement-api -
Production:
https://airbnb3.mindbricks.co/bookingmanagement-api
Update Dispute
API
Updates dispute fields like status, admin assignment, resolution notes. Only admin or assigned party can update (enforced by membership/role checks).
Rest Route
The
updateDispute
API REST controller can be triggered via the following route:
/v1/disputes/:disputeId
Rest Request Parameters
The
updateDispute
api has got 7 request parameters
| Parameter | Type | Required | Population |
|---|---|---|---|
| disputeId | ID | true | request.params?.disputeId |
| adminId | ID | false | request.body?.adminId |
| issueType | String | false | request.body?.issueType |
| description | Text | false | request.body?.description |
| resolutionStatus | Enum | false | request.body?.resolutionStatus |
| resolvedAt | Date | false | request.body?.resolvedAt |
| refundApproved | Boolean | false | request.body?.refundApproved |
| disputeId : This id paremeter is used to select the required data object that will be updated | |||
| adminId : Admin assigned for resolution, if any. | |||
| issueType : Free-form or predefined dispute/refund type (e.g. refund, property damage, host no-show). | |||
| description : Dispute description for admin review, evidence, etc. | |||
| resolutionStatus : Dispute resolution state (0: pending, 1: reviewing, 2: resolved, 3: rejected). | |||
| resolvedAt : When the dispute was resolved (populated if resolutionStatus changed to resolved/rejected). | |||
| refundApproved : If a refund has been approved by admin for this dispute. |
REST Request To access the api you can use the REST controller with the path PATCH /v1/disputes/:disputeId
axios({
method: 'PATCH',
url: `/v1/disputes/${disputeId}`,
data: {
adminId:"ID",
issueType:"String",
description:"Text",
resolutionStatus:"Enum",
resolvedAt:"Date",
refundApproved:"Boolean",
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "dispute",
"method": "PATCH",
"action": "update",
"appVersion": "Version",
"rowCount": 1,
"dispute": {
"id": "ID",
"reportedAt": "Date",
"reservationId": "ID",
"raisedBy": "ID",
"adminId": "ID",
"issueType": "String",
"description": "Text",
"relatedPaymentId": "ID",
"resolutionStatus": "Enum",
"resolutionStatus_idx": "Integer",
"resolvedAt": "Date",
"refundApproved": "Boolean",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
Get Paymentrecord
API
Get a payment record by ID (owner or admin only). No selectJoin for privacy. Returned for auditing or user view.
Rest Route
The
getPaymentRecord
API REST controller can be triggered via the following route:
/v1/paymentrecords/:paymentRecordId
Rest Request Parameters
The
getPaymentRecord
api has got 1 request parameter
| Parameter | Type | Required | Population |
|---|---|---|---|
| paymentRecordId | ID | true | request.params?.paymentRecordId |
| paymentRecordId : This id paremeter is used to query the required data object. |
REST Request To access the api you can use the REST controller with the path GET /v1/paymentrecords/:paymentRecordId
axios({
method: 'GET',
url: `/v1/paymentrecords/${paymentRecordId}`,
data: {
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "paymentRecord",
"method": "GET",
"action": "get",
"appVersion": "Version",
"rowCount": 1,
"paymentRecord": {
"id": "ID",
"reservationId": "ID",
"stripeChargeId": "String",
"payoutAmountHost": "Double",
"paymentIntentId": "String",
"currency": "String",
"cityTax": "Double",
"refundAmount": "Double",
"amountPaid": "Double",
"paymentStatus": "Enum",
"paymentStatus_idx": "Integer",
"platformFee": "Double",
"paymentDate": "Date",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
Get Reservation
API
Fetch a single reservation (for guest, host, or admin). Auto-includes related listing and payments via selectJoin.
Rest Route
The
getReservation
API REST controller can be triggered via the following route:
/v1/reservations/:reservationId
Rest Request Parameters
The
getReservation
api has got 1 request parameter
| Parameter | Type | Required | Population |
|---|---|---|---|
| reservationId | ID | true | request.params?.reservationId |
| reservationId : This id paremeter is used to query the required data object. |
REST Request To access the api you can use the REST controller with the path GET /v1/reservations/:reservationId
axios({
method: 'GET',
url: `/v1/reservations/${reservationId}`,
data: {
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "reservation",
"method": "GET",
"action": "get",
"appVersion": "Version",
"rowCount": 1,
"reservation": {
"id": "ID",
"listingId": "ID",
"approvalType": "Enum",
"approvalType_idx": "Integer",
"bookingStatus": "Enum",
"bookingStatus_idx": "Integer",
"hostId": "ID",
"checkOut": "Date",
"guestId": "ID",
"checkIn": "Date",
"currency": "String",
"guestCount": "Integer",
"totalPrice": "Double",
"iCalExportUrl": "String",
"disputeStatus": "Enum",
"disputeStatus_idx": "Integer",
"bookingPoliciesSnapshot": "Object",
"iCalImportSource": "String",
"cancellationPolicySnapshot": "Object",
"_paymentConfirmation": "Enum",
"_paymentConfirmation_idx": "Integer",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
Create Dispute
API
Guest/host opens a formal dispute related to a reservation. Admin is only assigned after initial review. Can only be created by guest/host of reservation (enforced in logic).
Rest Route
The
createDispute
API REST controller can be triggered via the following route:
/v1/disputes
Rest Request Parameters
The
createDispute
api has got 10 request parameters
| Parameter | Type | Required | Population |
|---|---|---|---|
| reportedAt | Date | true | request.body?.reportedAt |
| reservationId | ID | true | request.body?.reservationId |
| raisedBy | ID | true | request.body?.raisedBy |
| adminId | ID | false | request.body?.adminId |
| issueType | String | true | request.body?.issueType |
| description | Text | true | request.body?.description |
| relatedPaymentId | ID | false | request.body?.relatedPaymentId |
| resolutionStatus | Enum | true | request.body?.resolutionStatus |
| resolvedAt | Date | false | request.body?.resolvedAt |
| refundApproved | Boolean | false | request.body?.refundApproved |
| reportedAt : Datetime when dispute was initiated. | |||
| reservationId : Reservation being disputed. | |||
| raisedBy : User who reported or opened dispute (guest/host). | |||
| adminId : Admin assigned for resolution, if any. | |||
| issueType : Free-form or predefined dispute/refund type (e.g. refund, property damage, host no-show). | |||
| description : Dispute description for admin review, evidence, etc. | |||
| relatedPaymentId : Linked payment record (for referencing refund or adjustment). | |||
| resolutionStatus : Dispute resolution state (0: pending, 1: reviewing, 2: resolved, 3: rejected). | |||
| resolvedAt : When the dispute was resolved (populated if resolutionStatus changed to resolved/rejected). | |||
| refundApproved : If a refund has been approved by admin for this dispute. |
REST Request To access the api you can use the REST controller with the path POST /v1/disputes
axios({
method: 'POST',
url: '/v1/disputes',
data: {
reportedAt:"Date",
reservationId:"ID",
raisedBy:"ID",
adminId:"ID",
issueType:"String",
description:"Text",
relatedPaymentId:"ID",
resolutionStatus:"Enum",
resolvedAt:"Date",
refundApproved:"Boolean",
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "201",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "dispute",
"method": "POST",
"action": "create",
"appVersion": "Version",
"rowCount": 1,
"dispute": {
"id": "ID",
"reportedAt": "Date",
"reservationId": "ID",
"raisedBy": "ID",
"adminId": "ID",
"issueType": "String",
"description": "Text",
"relatedPaymentId": "ID",
"resolutionStatus": "Enum",
"resolutionStatus_idx": "Integer",
"resolvedAt": "Date",
"refundApproved": "Boolean",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
List Reservations
API
List reservations (bookings) for guest, host, or admin. Includes selectJoin for listing/guest/host info. Filterable by guestId, hostId, status, etc.
Rest Route
The
listReservations
API REST controller can be triggered via the following route:
/v1/reservations
Rest Request Parameters The
listReservations
api has got no request parameters.
REST Request To access the api you can use the REST controller with the path GET /v1/reservations
axios({
method: 'GET',
url: '/v1/reservations',
data: {
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "reservations",
"method": "GET",
"action": "list",
"appVersion": "Version",
"rowCount": "\"Number\"",
"reservations": [
{
"id": "ID",
"listingId": "ID",
"approvalType": "Enum",
"approvalType_idx": "Integer",
"bookingStatus": "Enum",
"bookingStatus_idx": "Integer",
"hostId": "ID",
"checkOut": "Date",
"guestId": "ID",
"checkIn": "Date",
"currency": "String",
"guestCount": "Integer",
"totalPrice": "Double",
"iCalExportUrl": "String",
"disputeStatus": "Enum",
"disputeStatus_idx": "Integer",
"bookingPoliciesSnapshot": "Object",
"iCalImportSource": "String",
"cancellationPolicySnapshot": "Object",
"_paymentConfirmation": "Enum",
"_paymentConfirmation_idx": "Integer",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID",
"listingJoins": [
{
"title": "String",
"amenityIds": "ID",
"hostId": "ID",
"mainPhoto": "String",
"photos": "String",
"address": "String",
"propertyType": "Enum",
"propertyType_idx": "Integer",
"location": "Object"
},
{},
{}
],
"hostDetails": [
{
"email": "String",
"fullname": "String",
"avatar": "String"
},
{},
{}
]
},
{},
{}
],
"paging": {
"pageNumber": "Number",
"pageRowCount": "NUmber",
"totalRowCount": "Number",
"pageCount": "Number"
},
"filters": [],
"uiPermissions": []
}
Create Reservation
API
Guest initiates a reservation for a listing (instant or manual). Handles calendar check, approvalType, payment intent, and booking policies. Triggers Stripe checkout. Only allowed if dates are available and not conflicting. Guest is current user.
Rest Route
The
createReservation
API REST controller can be triggered via the following route:
/v1/reservations
Rest Request Parameters
The
createReservation
api has got 14 request parameters
| Parameter | Type | Required | Population |
|---|---|---|---|
| listingId | ID | true | request.body?.listingId |
| approvalType | Enum | true | request.body?.approvalType |
| bookingStatus | Enum | true | request.body?.bookingStatus |
| hostId | ID | true | request.body?.hostId |
| checkOut | Date | true | request.body?.checkOut |
| checkIn | Date | true | request.body?.checkIn |
| currency | String | true | request.body?.currency |
| guestCount | Integer | true | request.body?.guestCount |
| totalPrice | Double | true | request.body?.totalPrice |
| iCalExportUrl | String | false | request.body?.iCalExportUrl |
| disputeStatus | Enum | true | request.body?.disputeStatus |
| bookingPoliciesSnapshot | Object | true | request.body?.bookingPoliciesSnapshot |
| iCalImportSource | String | false | request.body?.iCalImportSource |
| cancellationPolicySnapshot | Object | true | request.body?.cancellationPolicySnapshot |
| listingId : Property being booked. | |||
| approvalType : Reservation requires instant approval (0) or host/manual (1). | |||
| bookingStatus : Current status of reservation (0: pending, 1: confirmed, 2: complete, 3: cancelled, 4: declined). | |||
| hostId : Host user for the property (listing owner at booking creation). | |||
| checkOut : Check-out date (YYYY-MM-DD, exclusive). | |||
| checkIn : Check-in date (YYYY-MM-DD). | |||
| currency : Currency code (ISO 4217). | |||
| guestCount : Number of guests for this reservation. | |||
| totalPrice : Total price for reservation (including fees/taxes). | |||
| iCalExportUrl : URL for iCal .ics export for guest/host calendar sync. | |||
| disputeStatus : Current dispute status on reservation (0: none, 1: requested, 2: active, 3: resolved). | |||
| bookingPoliciesSnapshot : Snapshot of listing booking policies at booking time (for dispute/reference). | |||
| iCalImportSource : (Optional) iCal import source URL for syncing external calendars. | |||
| cancellationPolicySnapshot : Snapshot of listing cancellation policy at booking time. |
REST Request To access the api you can use the REST controller with the path POST /v1/reservations
axios({
method: 'POST',
url: '/v1/reservations',
data: {
listingId:"ID",
approvalType:"Enum",
bookingStatus:"Enum",
hostId:"ID",
checkOut:"Date",
checkIn:"Date",
currency:"String",
guestCount:"Integer",
totalPrice:"Double",
iCalExportUrl:"String",
disputeStatus:"Enum",
bookingPoliciesSnapshot:"Object",
iCalImportSource:"String",
cancellationPolicySnapshot:"Object",
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "201",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "reservation",
"method": "POST",
"action": "create",
"appVersion": "Version",
"rowCount": 1,
"reservation": {
"id": "ID",
"listingId": "ID",
"approvalType": "Enum",
"approvalType_idx": "Integer",
"bookingStatus": "Enum",
"bookingStatus_idx": "Integer",
"hostId": "ID",
"checkOut": "Date",
"guestId": "ID",
"checkIn": "Date",
"currency": "String",
"guestCount": "Integer",
"totalPrice": "Double",
"iCalExportUrl": "String",
"disputeStatus": "Enum",
"disputeStatus_idx": "Integer",
"bookingPoliciesSnapshot": "Object",
"iCalImportSource": "String",
"cancellationPolicySnapshot": "Object",
"_paymentConfirmation": "Enum",
"_paymentConfirmation_idx": "Integer",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
Create Paymentrecord
API
Creates or logs payment record for a reservation (from payment success or admin/manual trigger). Populates from Stripe events/webhooks. Only creates; no update/delete (for compliance/audit).
Rest Route
The
createPaymentRecord
API REST controller can be triggered via the following route:
/v1/paymentrecords
Rest Request Parameters
The
createPaymentRecord
api has got 11 request parameters
| Parameter | Type | Required | Population |
|---|---|---|---|
| reservationId | ID | true | request.body?.reservationId |
| stripeChargeId | String | false | request.body?.stripeChargeId |
| payoutAmountHost | Double | false | request.body?.payoutAmountHost |
| paymentIntentId | String | true | request.body?.paymentIntentId |
| currency | String | true | request.body?.currency |
| cityTax | Double | false | request.body?.cityTax |
| refundAmount | Double | false | request.body?.refundAmount |
| amountPaid | Double | true | request.body?.amountPaid |
| paymentStatus | Enum | true | request.body?.paymentStatus |
| platformFee | Double | false | request.body?.platformFee |
| paymentDate | Date | false | request.body?.paymentDate |
| reservationId : Reservation this payment refers to. | |||
| stripeChargeId : Stripe charge object ID, if payment succeeded. | |||
| payoutAmountHost : Amount paid out to host user (after platform fees/taxes). | |||
| paymentIntentId : Payment intent ID from Stripe (for validation, refunds, disputes). | |||
| currency : Currency (ISO 4217) of payment. | |||
| cityTax : City/locality tax portion for the booking. | |||
| refundAmount : Refunded amount, if booking is cancelled/disputed. | |||
| amountPaid : Total amount paid by guest (including fees/taxes, in cents). | |||
| paymentStatus : Status of payment (0: pending, 1: paid, 2: refunded, 3: failed). | |||
| platformFee : Platform fee deducted from amount paid by guest. | |||
| paymentDate : UTC datetime of payment/refund event. |
REST Request To access the api you can use the REST controller with the path POST /v1/paymentrecords
axios({
method: 'POST',
url: '/v1/paymentrecords',
data: {
reservationId:"ID",
stripeChargeId:"String",
payoutAmountHost:"Double",
paymentIntentId:"String",
currency:"String",
cityTax:"Double",
refundAmount:"Double",
amountPaid:"Double",
paymentStatus:"Enum",
platformFee:"Double",
paymentDate:"Date",
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "201",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "paymentRecord",
"method": "POST",
"action": "create",
"appVersion": "Version",
"rowCount": 1,
"paymentRecord": {
"id": "ID",
"reservationId": "ID",
"stripeChargeId": "String",
"payoutAmountHost": "Double",
"paymentIntentId": "String",
"currency": "String",
"cityTax": "Double",
"refundAmount": "Double",
"amountPaid": "Double",
"paymentStatus": "Enum",
"paymentStatus_idx": "Integer",
"platformFee": "Double",
"paymentDate": "Date",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
List Paymentrecords
API
List payment records (reservation/guest/host or admin, includes filters if needed). Used for financial histories/exports. No selectJoin, for privacy and performance.
Rest Route
The
listPaymentRecords
API REST controller can be triggered via the following route:
/v1/paymentrecords
Rest Request Parameters The
listPaymentRecords
api has got no request parameters.
REST Request To access the api you can use the REST controller with the path GET /v1/paymentrecords
axios({
method: 'GET',
url: '/v1/paymentrecords',
data: {
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "paymentRecords",
"method": "GET",
"action": "list",
"appVersion": "Version",
"rowCount": "\"Number\"",
"paymentRecords": [
{
"id": "ID",
"reservationId": "ID",
"stripeChargeId": "String",
"payoutAmountHost": "Double",
"paymentIntentId": "String",
"currency": "String",
"cityTax": "Double",
"refundAmount": "Double",
"amountPaid": "Double",
"paymentStatus": "Enum",
"paymentStatus_idx": "Integer",
"platformFee": "Double",
"paymentDate": "Date",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
},
{},
{}
],
"paging": {
"pageNumber": "Number",
"pageRowCount": "NUmber",
"totalRowCount": "Number",
"pageCount": "Number"
},
"filters": [],
"uiPermissions": []
}
Delete Reservation
API
Cancels or removes a reservation (soft-delete). Guest, host or admin may delete (ownership enforced). Used for cancellations before stay begins or admin moderation.
Rest Route
The
deleteReservation
API REST controller can be triggered via the following route:
/v1/reservations/:reservationId
Rest Request Parameters
The
deleteReservation
api has got 1 request parameter
| Parameter | Type | Required | Population |
|---|---|---|---|
| reservationId | ID | true | request.params?.reservationId |
| reservationId : This id paremeter is used to select the required data object that will be deleted |
REST Request To access the api you can use the REST controller with the path DELETE /v1/reservations/:reservationId
axios({
method: 'DELETE',
url: `/v1/reservations/${reservationId}`,
data: {
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "reservation",
"method": "DELETE",
"action": "delete",
"appVersion": "Version",
"rowCount": 1,
"reservation": {
"id": "ID",
"listingId": "ID",
"approvalType": "Enum",
"approvalType_idx": "Integer",
"bookingStatus": "Enum",
"bookingStatus_idx": "Integer",
"hostId": "ID",
"checkOut": "Date",
"guestId": "ID",
"checkIn": "Date",
"currency": "String",
"guestCount": "Integer",
"totalPrice": "Double",
"iCalExportUrl": "String",
"disputeStatus": "Enum",
"disputeStatus_idx": "Integer",
"bookingPoliciesSnapshot": "Object",
"iCalImportSource": "String",
"cancellationPolicySnapshot": "Object",
"_paymentConfirmation": "Enum",
"_paymentConfirmation_idx": "Integer",
"isActive": false,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
Update Reservation
API
Update an existing reservation (allowed fields: only those which do not affect core identity/relations—e.g., guestCount if update allowed, NOT dates/listingId). Used for confirming cancellation, updating status by host/guest, or marking as completed. Permission: must be guest, host, or admin.
Rest Route
The
updateReservation
API REST controller can be triggered via the following route:
/v1/reservations/:reservationId
Rest Request Parameters
The
updateReservation
api has got 5 request parameters
| Parameter | Type | Required | Population |
|---|---|---|---|
| reservationId | ID | true | request.params?.reservationId |
| bookingStatus | Enum | false | request.body?.bookingStatus |
| iCalExportUrl | String | false | request.body?.iCalExportUrl |
| disputeStatus | Enum | false | request.body?.disputeStatus |
| iCalImportSource | String | false | request.body?.iCalImportSource |
| reservationId : This id paremeter is used to select the required data object that will be updated | |||
| bookingStatus : Current status of reservation (0: pending, 1: confirmed, 2: complete, 3: cancelled, 4: declined). | |||
| iCalExportUrl : URL for iCal .ics export for guest/host calendar sync. | |||
| disputeStatus : Current dispute status on reservation (0: none, 1: requested, 2: active, 3: resolved). | |||
| iCalImportSource : (Optional) iCal import source URL for syncing external calendars. |
REST Request To access the api you can use the REST controller with the path PATCH /v1/reservations/:reservationId
axios({
method: 'PATCH',
url: `/v1/reservations/${reservationId}`,
data: {
bookingStatus:"Enum",
iCalExportUrl:"String",
disputeStatus:"Enum",
iCalImportSource:"String",
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "reservation",
"method": "PATCH",
"action": "update",
"appVersion": "Version",
"rowCount": 1,
"reservation": {
"id": "ID",
"listingId": "ID",
"approvalType": "Enum",
"approvalType_idx": "Integer",
"bookingStatus": "Enum",
"bookingStatus_idx": "Integer",
"hostId": "ID",
"checkOut": "Date",
"guestId": "ID",
"checkIn": "Date",
"currency": "String",
"guestCount": "Integer",
"totalPrice": "Double",
"iCalExportUrl": "String",
"disputeStatus": "Enum",
"disputeStatus_idx": "Integer",
"bookingPoliciesSnapshot": "Object",
"iCalImportSource": "String",
"cancellationPolicySnapshot": "Object",
"_paymentConfirmation": "Enum",
"_paymentConfirmation_idx": "Integer",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
List Disputes
API
List disputes visible to the user (as guest, host, or admin). Used for admin screening and user support view. No joins for privacy. Filterable by reservationId, raisedBy, status, etc.
Rest Route
The
listDisputes
API REST controller can be triggered via the following route:
/v1/disputes
Rest Request Parameters The
listDisputes
api has got no request parameters.
REST Request To access the api you can use the REST controller with the path GET /v1/disputes
axios({
method: 'GET',
url: '/v1/disputes',
data: {
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "disputes",
"method": "GET",
"action": "list",
"appVersion": "Version",
"rowCount": "\"Number\"",
"disputes": [
{
"id": "ID",
"reportedAt": "Date",
"reservationId": "ID",
"raisedBy": "ID",
"adminId": "ID",
"issueType": "String",
"description": "Text",
"relatedPaymentId": "ID",
"resolutionStatus": "Enum",
"resolutionStatus_idx": "Integer",
"resolvedAt": "Date",
"refundApproved": "Boolean",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
},
{},
{}
],
"paging": {
"pageNumber": "Number",
"pageRowCount": "NUmber",
"totalRowCount": "Number",
"pageCount": "Number"
},
"filters": [],
"uiPermissions": []
}
Get Dispute
API
Fetch a dispute by ID (guest, host, assigned admin, or admin role). No joins for privacy. Used for support/moderation flows.
Rest Route
The
getDispute
API REST controller can be triggered via the following route:
/v1/disputes/:disputeId
Rest Request Parameters
The
getDispute
api has got 1 request parameter
| Parameter | Type | Required | Population |
|---|---|---|---|
| disputeId | ID | true | request.params?.disputeId |
| disputeId : This id paremeter is used to query the required data object. |
REST Request To access the api you can use the REST controller with the path GET /v1/disputes/:disputeId
axios({
method: 'GET',
url: `/v1/disputes/${disputeId}`,
data: {
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "dispute",
"method": "GET",
"action": "get",
"appVersion": "Version",
"rowCount": 1,
"dispute": {
"id": "ID",
"reportedAt": "Date",
"reservationId": "ID",
"raisedBy": "ID",
"adminId": "ID",
"issueType": "String",
"description": "Text",
"relatedPaymentId": "ID",
"resolutionStatus": "Enum",
"resolutionStatus_idx": "Integer",
"resolvedAt": "Date",
"refundApproved": "Boolean",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
Get Reservationpayment2
API
This route is used to get the payment information by ID.
Rest Route
The
getReservationPayment2
API REST controller can be triggered via the following route:
/v1/reservationpayment2/:sys_reservationPaymentId
Rest Request Parameters
The
getReservationPayment2
api has got 1 request parameter
| Parameter | Type | Required | Population |
|---|---|---|---|
| sys_reservationPaymentId | ID | true | request.params?.sys_reservationPaymentId |
| sys_reservationPaymentId : This id paremeter is used to query the required data object. |
REST Request To access the api you can use the REST controller with the path GET /v1/reservationpayment2/:sys_reservationPaymentId
axios({
method: 'GET',
url: `/v1/reservationpayment2/${sys_reservationPaymentId}`,
data: {
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "sys_reservationPayment",
"method": "GET",
"action": "get",
"appVersion": "Version",
"rowCount": 1,
"sys_reservationPayment": {
"id": "ID",
"ownerId": "ID",
"orderId": "ID",
"paymentId": "String",
"paymentStatus": "String",
"statusLiteral": "String",
"redirectUrl": "String",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
List Reservationpayments2
API
This route is used to list all payments.
Rest Route
The
listReservationPayments2
API REST controller can be triggered via the following route:
/v1/reservationpayments2
Rest Request Parameters The
listReservationPayments2
api has got no request parameters.
REST Request To access the api you can use the REST controller with the path GET /v1/reservationpayments2
axios({
method: 'GET',
url: '/v1/reservationpayments2',
data: {
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "sys_reservationPayments",
"method": "GET",
"action": "list",
"appVersion": "Version",
"rowCount": "\"Number\"",
"sys_reservationPayments": [
{
"id": "ID",
"ownerId": "ID",
"orderId": "ID",
"paymentId": "String",
"paymentStatus": "String",
"statusLiteral": "String",
"redirectUrl": "String",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
},
{},
{}
],
"paging": {
"pageNumber": "Number",
"pageRowCount": "NUmber",
"totalRowCount": "Number",
"pageCount": "Number"
},
"filters": [],
"uiPermissions": []
}
Create Reservationpayment
API
This route is used to create a new payment.
Rest Route
The
createReservationPayment
API REST controller can be triggered via the following route:
/v1/reservationpayment
Rest Request Parameters
The
createReservationPayment
api has got 5 request parameters
| Parameter | Type | Required | Population |
|---|---|---|---|
| orderId | ID | true | request.body?.orderId |
| paymentId | String | true | request.body?.paymentId |
| paymentStatus | String | true | request.body?.paymentStatus |
| statusLiteral | String | true | request.body?.statusLiteral |
| redirectUrl | String | false | request.body?.redirectUrl |
| orderId : an ID value to represent the orderId which is the ID parameter of the source reservation object | |||
| paymentId : A String value to represent the paymentId which is generated on the Stripe gateway. This id may represent different objects due to the payment gateway and the chosen flow type | |||
| paymentStatus : A string value to represent the payment status which belongs to the lifecyle of a Stripe payment. | |||
| statusLiteral : A string value to represent the logical payment status which belongs to the application lifecycle itself. | |||
| redirectUrl : A string value to represent return page of the frontend to show the result of the payment, this is used when the callback is made to server not the client. |
REST Request To access the api you can use the REST controller with the path POST /v1/reservationpayment
axios({
method: 'POST',
url: '/v1/reservationpayment',
data: {
orderId:"ID",
paymentId:"String",
paymentStatus:"String",
statusLiteral:"String",
redirectUrl:"String",
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "201",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "sys_reservationPayment",
"method": "POST",
"action": "create",
"appVersion": "Version",
"rowCount": 1,
"sys_reservationPayment": {
"id": "ID",
"ownerId": "ID",
"orderId": "ID",
"paymentId": "String",
"paymentStatus": "String",
"statusLiteral": "String",
"redirectUrl": "String",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
Update Reservationpayment
API
This route is used to update an existing payment.
Rest Route
The
updateReservationPayment
API REST controller can be triggered via the following route:
/v1/reservationpayment/:sys_reservationPaymentId
Rest Request Parameters
The
updateReservationPayment
api has got 5 request parameters
| Parameter | Type | Required | Population |
|---|---|---|---|
| sys_reservationPaymentId | ID | true | request.params?.sys_reservationPaymentId |
| paymentId | String | false | request.body?.paymentId |
| paymentStatus | String | false | request.body?.paymentStatus |
| statusLiteral | String | false | request.body?.statusLiteral |
| redirectUrl | String | false | request.body?.redirectUrl |
| sys_reservationPaymentId : This id paremeter is used to select the required data object that will be updated | |||
| paymentId : A String value to represent the paymentId which is generated on the Stripe gateway. This id may represent different objects due to the payment gateway and the chosen flow type | |||
| paymentStatus : A string value to represent the payment status which belongs to the lifecyle of a Stripe payment. | |||
| statusLiteral : A string value to represent the logical payment status which belongs to the application lifecycle itself. | |||
| redirectUrl : A string value to represent return page of the frontend to show the result of the payment, this is used when the callback is made to server not the client. |
REST Request To access the api you can use the REST controller with the path PATCH /v1/reservationpayment/:sys_reservationPaymentId
axios({
method: 'PATCH',
url: `/v1/reservationpayment/${sys_reservationPaymentId}`,
data: {
paymentId:"String",
paymentStatus:"String",
statusLiteral:"String",
redirectUrl:"String",
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "sys_reservationPayment",
"method": "PATCH",
"action": "update",
"appVersion": "Version",
"rowCount": 1,
"sys_reservationPayment": {
"id": "ID",
"ownerId": "ID",
"orderId": "ID",
"paymentId": "String",
"paymentStatus": "String",
"statusLiteral": "String",
"redirectUrl": "String",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
Delete Reservationpayment
API
This route is used to delete a payment.
Rest Route
The
deleteReservationPayment
API REST controller can be triggered via the following route:
/v1/reservationpayment/:sys_reservationPaymentId
Rest Request Parameters
The
deleteReservationPayment
api has got 1 request parameter
| Parameter | Type | Required | Population |
|---|---|---|---|
| sys_reservationPaymentId | ID | true | request.params?.sys_reservationPaymentId |
| sys_reservationPaymentId : This id paremeter is used to select the required data object that will be deleted |
REST Request To access the api you can use the REST controller with the path DELETE /v1/reservationpayment/:sys_reservationPaymentId
axios({
method: 'DELETE',
url: `/v1/reservationpayment/${sys_reservationPaymentId}`,
data: {
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "sys_reservationPayment",
"method": "DELETE",
"action": "delete",
"appVersion": "Version",
"rowCount": 1,
"sys_reservationPayment": {
"id": "ID",
"ownerId": "ID",
"orderId": "ID",
"paymentId": "String",
"paymentStatus": "String",
"statusLiteral": "String",
"redirectUrl": "String",
"isActive": false,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
List Reservationpayments2
API
This route is used to list all payments.
Rest Route
The
listReservationPayments2
API REST controller can be triggered via the following route:
/v1/reservationpayments2
Rest Request Parameters The
listReservationPayments2
api has got no request parameters.
REST Request To access the api you can use the REST controller with the path GET /v1/reservationpayments2
axios({
method: 'GET',
url: '/v1/reservationpayments2',
data: {
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "sys_reservationPayments",
"method": "GET",
"action": "list",
"appVersion": "Version",
"rowCount": "\"Number\"",
"sys_reservationPayments": [
{
"id": "ID",
"ownerId": "ID",
"orderId": "ID",
"paymentId": "String",
"paymentStatus": "String",
"statusLiteral": "String",
"redirectUrl": "String",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
},
{},
{}
],
"paging": {
"pageNumber": "Number",
"pageRowCount": "NUmber",
"totalRowCount": "Number",
"pageCount": "Number"
},
"filters": [],
"uiPermissions": []
}
Get Reservationpaymentbyorderid
API
This route is used to get the payment information by order id.
Rest Route
The
getReservationPaymentByOrderId
API REST controller can be triggered via the following route:
/v1/reservationpaymentbyorderid/:orderId
Rest Request Parameters
The
getReservationPaymentByOrderId
api has got 2 request parameters
| Parameter | Type | Required | Population |
|---|---|---|---|
| sys_reservationPaymentId | ID | true | request.params?.sys_reservationPaymentId |
| orderId | String | true | request.params?.orderId |
| sys_reservationPaymentId : This id paremeter is used to query the required data object. | |||
| orderId : This parameter will be used to select the data object that is queried |
REST Request To access the api you can use the REST controller with the path GET /v1/reservationpaymentbyorderid/:orderId
axios({
method: 'GET',
url: `/v1/reservationpaymentbyorderid/${orderId}`,
data: {
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "sys_reservationPayment",
"method": "GET",
"action": "get",
"appVersion": "Version",
"rowCount": 1,
"sys_reservationPayment": {
"id": "ID",
"ownerId": "ID",
"orderId": "ID",
"paymentId": "String",
"paymentStatus": "String",
"statusLiteral": "String",
"redirectUrl": "String",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
Get Reservationpaymentbypaymentid
API
This route is used to get the payment information by payment id.
Rest Route
The
getReservationPaymentByPaymentId
API REST controller can be triggered via the following route:
/v1/reservationpaymentbypaymentid/:paymentId
Rest Request Parameters
The
getReservationPaymentByPaymentId
api has got 2 request parameters
| Parameter | Type | Required | Population |
|---|---|---|---|
| sys_reservationPaymentId | ID | true | request.params?.sys_reservationPaymentId |
| paymentId | String | true | request.params?.paymentId |
| sys_reservationPaymentId : This id paremeter is used to query the required data object. | |||
| paymentId : This parameter will be used to select the data object that is queried |
REST Request To access the api you can use the REST controller with the path GET /v1/reservationpaymentbypaymentid/:paymentId
axios({
method: 'GET',
url: `/v1/reservationpaymentbypaymentid/${paymentId}`,
data: {
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "sys_reservationPayment",
"method": "GET",
"action": "get",
"appVersion": "Version",
"rowCount": 1,
"sys_reservationPayment": {
"id": "ID",
"ownerId": "ID",
"orderId": "ID",
"paymentId": "String",
"paymentStatus": "String",
"statusLiteral": "String",
"redirectUrl": "String",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
Get Reservationpayment2
API
This route is used to get the payment information by ID.
Rest Route
The
getReservationPayment2
API REST controller can be triggered via the following route:
/v1/reservationpayment2/:sys_reservationPaymentId
Rest Request Parameters
The
getReservationPayment2
api has got 1 request parameter
| Parameter | Type | Required | Population |
|---|---|---|---|
| sys_reservationPaymentId | ID | true | request.params?.sys_reservationPaymentId |
| sys_reservationPaymentId : This id paremeter is used to query the required data object. |
REST Request To access the api you can use the REST controller with the path GET /v1/reservationpayment2/:sys_reservationPaymentId
axios({
method: 'GET',
url: `/v1/reservationpayment2/${sys_reservationPaymentId}`,
data: {
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "sys_reservationPayment",
"method": "GET",
"action": "get",
"appVersion": "Version",
"rowCount": 1,
"sys_reservationPayment": {
"id": "ID",
"ownerId": "ID",
"orderId": "ID",
"paymentId": "String",
"paymentStatus": "String",
"statusLiteral": "String",
"redirectUrl": "String",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
Start Reservationpayment
API
Start payment for reservation
Rest Route
The
startReservationPayment
API REST controller can be triggered via the following route:
/v1/startreservationpayment/:reservationId
Rest Request Parameters
The
startReservationPayment
api has got 2 request parameters
| Parameter | Type | Required | Population |
|---|---|---|---|
| reservationId | ID | true | request.params?.reservationId |
| paymentUserParams | Object | false | request.body?.paymentUserParams |
| reservationId : This id paremeter is used to select the required data object that will be updated | |||
| paymentUserParams : The user parameters that should be defined to start a stripe payment process |
REST Request To access the api you can use the REST controller with the path PATCH /v1/startreservationpayment/:reservationId
axios({
method: 'PATCH',
url: `/v1/startreservationpayment/${reservationId}`,
data: {
paymentUserParams:"Object",
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "reservation",
"method": "PATCH",
"action": "update",
"appVersion": "Version",
"rowCount": 1,
"reservation": {
"id": "ID",
"listingId": "ID",
"approvalType": "Enum",
"approvalType_idx": "Integer",
"bookingStatus": "Enum",
"bookingStatus_idx": "Integer",
"hostId": "ID",
"checkOut": "Date",
"guestId": "ID",
"checkIn": "Date",
"currency": "String",
"guestCount": "Integer",
"totalPrice": "Double",
"iCalExportUrl": "String",
"disputeStatus": "Enum",
"disputeStatus_idx": "Integer",
"bookingPoliciesSnapshot": "Object",
"iCalImportSource": "String",
"cancellationPolicySnapshot": "Object",
"_paymentConfirmation": "Enum",
"_paymentConfirmation_idx": "Integer",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
},
"paymentResult": {
"paymentTicketId": "ID",
"orderId": "ID",
"paymentId": "String",
"paymentStatus": "Enum",
"paymentIntentInfo": "Object",
"statusLiteral": "String",
"amount": "Double",
"currency": "String",
"success": true,
"description": "String",
"metadata": "Object",
"paymentUserParams": "Object"
}
}
Refresh Reservationpayment
API
Refresh payment info for reservation from Stripe
Rest Route
The
refreshReservationPayment
API REST controller can be triggered via the following route:
/v1/refreshreservationpayment/:reservationId
Rest Request Parameters
The
refreshReservationPayment
api has got 2 request parameters
| Parameter | Type | Required | Population |
|---|---|---|---|
| reservationId | ID | true | request.params?.reservationId |
| paymentUserParams | Object | false | request.body?.paymentUserParams |
| reservationId : This id paremeter is used to select the required data object that will be updated | |||
| paymentUserParams : The user parameters that should be defined to refresh a stripe payment process |
REST Request To access the api you can use the REST controller with the path PATCH /v1/refreshreservationpayment/:reservationId
axios({
method: 'PATCH',
url: `/v1/refreshreservationpayment/${reservationId}`,
data: {
paymentUserParams:"Object",
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "reservation",
"method": "PATCH",
"action": "update",
"appVersion": "Version",
"rowCount": 1,
"reservation": {
"id": "ID",
"listingId": "ID",
"approvalType": "Enum",
"approvalType_idx": "Integer",
"bookingStatus": "Enum",
"bookingStatus_idx": "Integer",
"hostId": "ID",
"checkOut": "Date",
"guestId": "ID",
"checkIn": "Date",
"currency": "String",
"guestCount": "Integer",
"totalPrice": "Double",
"iCalExportUrl": "String",
"disputeStatus": "Enum",
"disputeStatus_idx": "Integer",
"bookingPoliciesSnapshot": "Object",
"iCalImportSource": "String",
"cancellationPolicySnapshot": "Object",
"_paymentConfirmation": "Enum",
"_paymentConfirmation_idx": "Integer",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
},
"paymentResult": {
"paymentTicketId": "ID",
"orderId": "ID",
"paymentId": "String",
"paymentStatus": "Enum",
"paymentIntentInfo": "Object",
"statusLiteral": "String",
"amount": "Double",
"currency": "String",
"success": true,
"description": "String",
"metadata": "Object",
"paymentUserParams": "Object"
}
}
Callback Reservationpayment
API
Refresh payment values by gateway webhook call for reservation
Rest Route
The
callbackReservationPayment
API REST controller can be triggered via the following route:
/v1/callbackreservationpayment
Rest Request Parameters
The
callbackReservationPayment
api has got 1 request parameter
| Parameter | Type | Required | Population |
|---|---|---|---|
| reservationId | ID | true | request.body?.reservationId |
| reservationId : The order id parameter that will be read from webhook callback params |
REST Request To access the api you can use the REST controller with the path POST /v1/callbackreservationpayment
axios({
method: 'POST',
url: '/v1/callbackreservationpayment',
data: {
reservationId:"ID",
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "reservation",
"method": "POST",
"action": "update",
"appVersion": "Version",
"rowCount": 1,
"reservation": {
"id": "ID",
"listingId": "ID",
"approvalType": "Enum",
"approvalType_idx": "Integer",
"bookingStatus": "Enum",
"bookingStatus_idx": "Integer",
"hostId": "ID",
"checkOut": "Date",
"guestId": "ID",
"checkIn": "Date",
"currency": "String",
"guestCount": "Integer",
"totalPrice": "Double",
"iCalExportUrl": "String",
"disputeStatus": "Enum",
"disputeStatus_idx": "Integer",
"bookingPoliciesSnapshot": "Object",
"iCalImportSource": "String",
"cancellationPolicySnapshot": "Object",
"_paymentConfirmation": "Enum",
"_paymentConfirmation_idx": "Integer",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
},
"paymentResult": {
"paymentTicketId": "ID",
"orderId": "ID",
"paymentId": "String",
"paymentStatus": "Enum",
"paymentIntentInfo": "Object",
"statusLiteral": "String",
"amount": "Double",
"currency": "String",
"success": true,
"description": "String",
"metadata": "Object",
"paymentUserParams": "Object"
}
}
Get Paymentcustomerbyuserid
API
This route is used to get the payment customer information by user id.
Rest Route
The
getPaymentCustomerByUserId
API REST controller can be triggered via the following route:
/v1/paymentcustomers/:userId
Rest Request Parameters
The
getPaymentCustomerByUserId
api has got 2 request parameters
| Parameter | Type | Required | Population |
|---|---|---|---|
| sys_paymentCustomerId | ID | true | request.params?.sys_paymentCustomerId |
| userId | String | true | request.params?.userId |
| sys_paymentCustomerId : This id paremeter is used to query the required data object. | |||
| userId : This parameter will be used to select the data object that is queried |
REST Request To access the api you can use the REST controller with the path GET /v1/paymentcustomers/:userId
axios({
method: 'GET',
url: `/v1/paymentcustomers/${userId}`,
data: {
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "sys_paymentCustomer",
"method": "GET",
"action": "get",
"appVersion": "Version",
"rowCount": 1,
"sys_paymentCustomer": {
"id": "ID",
"userId": "ID",
"customerId": "String",
"platform": "String",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
List Paymentcustomers
API
This route is used to list all payment customers.
Rest Route
The
listPaymentCustomers
API REST controller can be triggered via the following route:
/v1/paymentcustomers
Rest Request Parameters The
listPaymentCustomers
api has got no request parameters.
REST Request To access the api you can use the REST controller with the path GET /v1/paymentcustomers
axios({
method: 'GET',
url: '/v1/paymentcustomers',
data: {
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "sys_paymentCustomers",
"method": "GET",
"action": "list",
"appVersion": "Version",
"rowCount": "\"Number\"",
"sys_paymentCustomers": [
{
"id": "ID",
"userId": "ID",
"customerId": "String",
"platform": "String",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
},
{},
{}
],
"paging": {
"pageNumber": "Number",
"pageRowCount": "NUmber",
"totalRowCount": "Number",
"pageCount": "Number"
},
"filters": [],
"uiPermissions": []
}
List Paymentcustomermethods
API
This route is used to list all payment customer methods.
Rest Route
The
listPaymentCustomerMethods
API REST controller can be triggered via the following route:
/v1/paymentcustomermethods/:userId
Rest Request Parameters
The
listPaymentCustomerMethods
api has got 1 request parameter
| Parameter | Type | Required | Population |
|---|---|---|---|
| userId | String | true | request.params?.userId |
| userId : This parameter will be used to select the data objects that want to be listed |
REST Request To access the api you can use the REST controller with the path GET /v1/paymentcustomermethods/:userId
axios({
method: 'GET',
url: `/v1/paymentcustomermethods/${userId}`,
data: {
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "sys_paymentMethods",
"method": "GET",
"action": "list",
"appVersion": "Version",
"rowCount": "\"Number\"",
"sys_paymentMethods": [
{
"id": "ID",
"paymentMethodId": "String",
"userId": "ID",
"customerId": "String",
"cardHolderName": "String",
"cardHolderZip": "String",
"platform": "String",
"cardInfo": "Object",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
},
{},
{}
],
"paging": {
"pageNumber": "Number",
"pageRowCount": "NUmber",
"totalRowCount": "Number",
"pageCount": "Number"
},
"filters": [],
"uiPermissions": []
}
ReviewSystem Service
Handles double-blind, moderated reviews and rating aggregation for stays. Allows guests/hosts to review each other and listings, supports moderation, and exposes aggregate stats for listings/profiles...
ReviewSystem Service Data Objects
ReviewAggregate Cached aggregate rating stats for a listing, host, or guest. Used for fast lookup and display of averages, counts, etc.
Review Review submitted by a guest or host after a completed stay. Enables double-blind, supports moderation, and links to reservation/listing and users.
ReviewSystem Service Access urls
This service is accessible via the following environment-specific URLs:
-
Preview:
https://airbnb3.prw.mindbricks.com/reviewsystem-api -
Staging:
https://airbnb3-stage.mindbricks.co/reviewsystem-api -
Production:
https://airbnb3.mindbricks.co/reviewsystem-api
Get Review
API
Retrieve a review and, if double-blind complete, return full info. Enrich with reviewer/reviewee & reservation if allowed by publish and moderation/business rules.
Rest Route
The
getReview
API REST controller can be triggered via the following route:
/v1/reviews/:reviewId
Rest Request Parameters
The
getReview
api has got 1 request parameter
| Parameter | Type | Required | Population |
|---|---|---|---|
| reviewId | ID | true | request.params?.reviewId |
| reviewId : This id paremeter is used to query the required data object. |
REST Request To access the api you can use the REST controller with the path GET /v1/reviews/:reviewId
axios({
method: 'GET',
url: `/v1/reviews/${reviewId}`,
data: {
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "review",
"method": "GET",
"action": "get",
"appVersion": "Version",
"rowCount": 1,
"review": {
"id": "ID",
"moderationStatus": "Enum",
"moderationStatus_idx": "Integer",
"isPublished": "Boolean",
"reviewText": "Text",
"rating": "Integer",
"blindSubmissionCode": "String",
"revieweeId": "ID",
"reservationId": "ID",
"reviewerId": "ID",
"revieweeType": "Enum",
"revieweeType_idx": "Integer",
"submittedAt": "Date",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
List Reviewaggregates
API
List aggregate rating stats for listings or user profiles (cache-friendly, e.g., for search results or admin export).
Rest Route
The
listReviewAggregates
API REST controller can be triggered via the following route:
/v1/reviewaggregates
Rest Request Parameters The
listReviewAggregates
api has got no request parameters.
REST Request To access the api you can use the REST controller with the path GET /v1/reviewaggregates
axios({
method: 'GET',
url: '/v1/reviewaggregates',
data: {
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "reviewAggregates",
"method": "GET",
"action": "list",
"appVersion": "Version",
"rowCount": "\"Number\"",
"reviewAggregates": [
{
"id": "ID",
"revieweeId": "ID",
"revieweeType": "Enum",
"revieweeType_idx": "Integer",
"averageRating": "Double",
"reviewCount": "Integer",
"visibilityStatus": "Enum",
"visibilityStatus_idx": "Integer",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
},
{},
{}
],
"paging": {
"pageNumber": "Number",
"pageRowCount": "NUmber",
"totalRowCount": "Number",
"pageCount": "Number"
},
"filters": [],
"uiPermissions": []
}
Create Review
API
Guest or host submits review for completed reservation. Double-blind: published after both reviews or expiry. Moderation applies. Only allowed if session.user is guest/host of reservation and not already reviewed.
Rest Route
The
createReview
API REST controller can be triggered via the following route:
/v1/reviews
Rest Request Parameters
The
createReview
api has got 7 request parameters
| Parameter | Type | Required | Population |
|---|---|---|---|
| moderationStatus | Enum | true | request.body?.moderationStatus |
| isPublished | Boolean | true | request.body?.isPublished |
| reviewText | Text | true | request.body?.reviewText |
| rating | Integer | true | request.body?.rating |
| revieweeId | ID | true | request.body?.revieweeId |
| reservationId | ID | true | request.body?.reservationId |
| revieweeType | Enum | true | request.body?.revieweeType |
| moderationStatus : Review moderation status: pending, approved, rejected. | |||
| isPublished : True if review is visible (published by double-blind business logic and moderation). | |||
| reviewText : Full review content written by reviewer. | |||
| rating : Numeric rating (e.g. 1-5 stars or 1-10 scale). | |||
| revieweeId : User or listing being reviewed (host/guest or listing). | |||
| reservationId : Booking this review is about. | |||
| revieweeType : Entity being reviewed: host, guest, or listing. |
REST Request To access the api you can use the REST controller with the path POST /v1/reviews
axios({
method: 'POST',
url: '/v1/reviews',
data: {
moderationStatus:"Enum",
isPublished:"Boolean",
reviewText:"Text",
rating:"Integer",
revieweeId:"ID",
reservationId:"ID",
revieweeType:"Enum",
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "201",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "review",
"method": "POST",
"action": "create",
"appVersion": "Version",
"rowCount": 1,
"review": {
"id": "ID",
"moderationStatus": "Enum",
"moderationStatus_idx": "Integer",
"isPublished": "Boolean",
"reviewText": "Text",
"rating": "Integer",
"blindSubmissionCode": "String",
"revieweeId": "ID",
"reservationId": "ID",
"reviewerId": "ID",
"revieweeType": "Enum",
"revieweeType_idx": "Integer",
"submittedAt": "Date",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
Delete Review
API
Allows hard or soft-delete of review pre-publish (reviewer) or at any time (admin/moderator). Deletion triggers aggregate recalc.
Rest Route
The
deleteReview
API REST controller can be triggered via the following route:
/v1/reviews/:reviewId
Rest Request Parameters
The
deleteReview
api has got 1 request parameter
| Parameter | Type | Required | Population |
|---|---|---|---|
| reviewId | ID | true | request.params?.reviewId |
| reviewId : This id paremeter is used to select the required data object that will be deleted |
REST Request To access the api you can use the REST controller with the path DELETE /v1/reviews/:reviewId
axios({
method: 'DELETE',
url: `/v1/reviews/${reviewId}`,
data: {
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "review",
"method": "DELETE",
"action": "delete",
"appVersion": "Version",
"rowCount": 1,
"review": {
"id": "ID",
"moderationStatus": "Enum",
"moderationStatus_idx": "Integer",
"isPublished": "Boolean",
"reviewText": "Text",
"rating": "Integer",
"blindSubmissionCode": "String",
"revieweeId": "ID",
"reservationId": "ID",
"reviewerId": "ID",
"revieweeType": "Enum",
"revieweeType_idx": "Integer",
"submittedAt": "Date",
"isActive": false,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
Get Reviewaggregate
API
Get aggregate rating stats for listing or user profile (fast lookup cache for UI display).
Rest Route
The
getReviewAggregate
API REST controller can be triggered via the following route:
/v1/reviewaggregates/:reviewAggregateId
Rest Request Parameters
The
getReviewAggregate
api has got 1 request parameter
| Parameter | Type | Required | Population |
|---|---|---|---|
| reviewAggregateId | ID | true | request.params?.reviewAggregateId |
| reviewAggregateId : This id paremeter is used to query the required data object. |
REST Request To access the api you can use the REST controller with the path GET /v1/reviewaggregates/:reviewAggregateId
axios({
method: 'GET',
url: `/v1/reviewaggregates/${reviewAggregateId}`,
data: {
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "reviewAggregate",
"method": "GET",
"action": "get",
"appVersion": "Version",
"rowCount": 1,
"reviewAggregate": {
"id": "ID",
"revieweeId": "ID",
"revieweeType": "Enum",
"revieweeType_idx": "Integer",
"averageRating": "Double",
"reviewCount": "Integer",
"visibilityStatus": "Enum",
"visibilityStatus_idx": "Integer",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
List Reviews
API
List published/approved reviews for listing, host, or guest profile. Double-blind: only list reviews when available (both submitted or timer expired & published). Optional filters: revieweeId, revieweeType, reservationId.
Rest Route
The
listReviews
API REST controller can be triggered via the following route:
/v1/reviews
Rest Request Parameters The
listReviews
api has got no request parameters.
REST Request To access the api you can use the REST controller with the path GET /v1/reviews
axios({
method: 'GET',
url: '/v1/reviews',
data: {
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "reviews",
"method": "GET",
"action": "list",
"appVersion": "Version",
"rowCount": "\"Number\"",
"reviews": [
{
"id": "ID",
"moderationStatus": "Enum",
"moderationStatus_idx": "Integer",
"isPublished": "Boolean",
"reviewText": "Text",
"rating": "Integer",
"blindSubmissionCode": "String",
"revieweeId": "ID",
"reservationId": "ID",
"reviewerId": "ID",
"revieweeType": "Enum",
"revieweeType_idx": "Integer",
"submittedAt": "Date",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
},
{},
{}
],
"paging": {
"pageNumber": "Number",
"pageRowCount": "NUmber",
"totalRowCount": "Number",
"pageCount": "Number"
},
"filters": [],
"uiPermissions": []
}
Update Review
API
Allows reviewer to edit own review before publish OR admin/mod to update moderation fields. Enforces state business rules.
Rest Route
The
updateReview
API REST controller can be triggered via the following route:
/v1/reviews/:reviewId
Rest Request Parameters
The
updateReview
api has got 4 request parameters
| Parameter | Type | Required | Population |
|---|---|---|---|
| reviewId | ID | true | request.params?.reviewId |
| moderationStatus | Enum | false | request.body?.moderationStatus |
| isPublished | Boolean | false | request.body?.isPublished |
| reviewText | Text | false | request.body?.reviewText |
| reviewId : This id paremeter is used to select the required data object that will be updated | |||
| moderationStatus : Review moderation status: pending, approved, rejected. | |||
| isPublished : True if review is visible (published by double-blind business logic and moderation). | |||
| reviewText : Full review content written by reviewer. |
REST Request To access the api you can use the REST controller with the path PATCH /v1/reviews/:reviewId
axios({
method: 'PATCH',
url: `/v1/reviews/${reviewId}`,
data: {
moderationStatus:"Enum",
isPublished:"Boolean",
reviewText:"Text",
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "review",
"method": "PATCH",
"action": "update",
"appVersion": "Version",
"rowCount": 1,
"review": {
"id": "ID",
"moderationStatus": "Enum",
"moderationStatus_idx": "Integer",
"isPublished": "Boolean",
"reviewText": "Text",
"rating": "Integer",
"blindSubmissionCode": "String",
"revieweeId": "ID",
"reservationId": "ID",
"reviewerId": "ID",
"revieweeType": "Enum",
"revieweeType_idx": "Integer",
"submittedAt": "Date",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}