Skip to content

Overview

Public API for third-party integrations: read fleet availability and rates, request binding price quotes, and submit pending reservations. Bookings are never auto-confirmed — tenant staff confirm or reject them in the dashboard.

Authentication

Every request needs a publishable API key, created in the tenant dashboard (Settings → API keys):

  • Authorization: Bearer pk_live_... (preferred), or
  • X-Api-Key: pk_live_...

Channels

  • Browser channel — requests carrying an Origin header. The origin must be on the key’s allowlist, and write endpoints (/quotes, /bookings) additionally require a session token from POST /sessions in the X-Session-Token header.
  • Server channel — requests without an Origin header (backend-to-backend). No session token needed.

Booking flow

  1. GET /asset-groups — pick a vehicle class
  2. GET /asset-groups/{id}/availability — check the dates
  3. POST /quotes — get a binding price (quoteId, expires in 30 min)
  4. POST /bookings with the quoteId and an Idempotency-Key header
  5. Poll GET /bookings/{id} for confirmation status

Rate limits

Responses include X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset. Exceeding a limit returns 429 with Retry-After. Default limits (per key): reads 300/min, quotes 60/min, sessions 30/min, bookings 10/min and 200/day. Browser sessions are additionally limited per visitor.

Information

  • OpenAPI version: 3.1.0

Authorization: Bearer pk_live_…

Security scheme type: http

Security scheme type: apiKey

Header parameter name: X-Api-Key