Skip to main content

Overview

The BookingShake API uses Bearer token authentication to secure all endpoints. You’ll need to include your API key in the Authorization header of every request.

Getting Your API Key

1

Log in to BookingShake

Access your BookingShake account at crm.bookingshake.com
2

Navigate to Settings

Click on Settings in the main navigation menu
3

Open Integrations

Select Integrations from the settings sidebar
4

Copy Your API Key

Find your API key in the Integrations section and copy it to your clipboard
Keep your API key secret! Never commit API keys to version control or expose them in client-side code. Always use environment variables or secure credential storage.

Authentication Method

Include your API key in the Authorization header using the Bearer scheme: 
Authorization: Bearer YOUR_API_KEY

Code Examples

curl -X GET 'https://api.bookingshake.io/api/sources' \
  -H 'Authorization: Bearer YOUR_API_KEY' \
  -H 'Content-Type: application/json'

Testing Authentication

You can quickly test your authentication by making a simple request to retrieve your booking sources: 
curl -X GET 'https://api.bookingshake.io/api/sources' \
  -H 'Authorization: Bearer YOUR_API_KEY'
If authentication is successful, you’ll receive a 200 OK response with your booking sources.

Common Authentication Errors

Cause: The Authorization header is missing from your request.Solution: Ensure you’re including the Authorization header with every request:
Authorization: Bearer YOUR_API_KEY
Cause: The API key you provided is incorrect or has been revoked.Solution:
  • Verify you copied the complete API key without extra spaces
  • Check that you’re using the correct API key from Settings > Integrations
  • Generate a new API key if the old one has been compromised
Cause: The API key format is incorrect or malformed.Solution: Ensure you’re using the Bearer authentication scheme correctly:
Authorization: Bearer YOUR_API_KEY
Not:
Authorization: YOUR_API_KEY

Security Best Practices

Use Environment Variables

Store API keys in environment variables, not in your source code.
export BOOKINGSHAKE_API_KEY=your_api_key_here

Rotate Keys Regularly

Generate new API keys periodically and revoke old ones to minimize security risks.

Server-Side Only

Never expose API keys in client-side JavaScript or mobile apps. Make API calls from your backend server.

Monitor Usage

Regularly review API access logs to detect any unauthorized usage patterns.

Next Steps

Quickstart Guide

Make your first API request

Create Events

Start creating bookings via the API