Information
- OpenAPI version:
3.1.0
Public API for third-party integrations: read fleet availability and rates, request binding price quotes, and submit pending reservations. Bookings are never auto-confirmed — tenant staff confirm or reject them in the dashboard.
Every request needs a publishable API key, created in the tenant dashboard (Settings → API keys):
Authorization: Bearer pk_live_... (preferred), orX-Api-Key: pk_live_...Origin header. The origin
must be on the key’s allowlist, and write endpoints (/quotes,
/bookings) additionally require a session token from
POST /sessions in the X-Session-Token header.Origin header
(backend-to-backend). No session token needed.GET /asset-groups — pick a vehicle classGET /asset-groups/{id}/availability — check the datesPOST /quotes — get a binding price (quoteId, expires in 30 min)POST /bookings with the quoteId and an Idempotency-Key headerGET /bookings/{id} for confirmation statusResponses include X-RateLimit-Limit, X-RateLimit-Remaining, and
X-RateLimit-Reset. Exceeding a limit returns 429 with Retry-After.
Default limits (per key): reads 300/min, quotes 60/min, sessions 30/min,
bookings 10/min and 200/day. Browser sessions are additionally limited
per visitor.
Authorization: Bearer pk_live_…
Security scheme type: http
Security scheme type: apiKey
Header parameter name: X-Api-Key