Authentication
TL;DR
Every request needs Authorization: Bearer sk_test_YOUR_KEY and X-Workspace-Id: YOUR_ID. Sandbox keys start with sk_test_, production with sk_live_.
Every API request requires two headers. Optionally, add a third for PMS-scoped operations and a fourth to choose your response format.
Required Headers
| Header | Value | Description |
|---|---|---|
Authorization | Bearer sk_test_... | Your API key |
X-Workspace-Id | uuid | Your workspace UUID |
Optional Headers
| Header | Description |
|---|---|
X-Account-Id | PMS account UUID — required for passthrough and some operations |
X-Schema | Response format: calry (default), calry-v1, native |
Idempotency-Key | Unique ID for POST/PUT/PATCH — prevents duplicate operations |
API Key Modes
Sandbox
sk_test_*Pre-seeded test data. Safe for development. Includes failure scenarios.
Live
sk_live_*Real PMS and OTA data. Connect via the widget first.
Example Request
curl https://api.repull.dev/v1/properties \ -H "Authorization: Bearer sk_test_YOUR_KEY" \ -H "X-Workspace-Id: YOUR_WORKSPACE_ID" \ -H "X-Schema: calry"
Error Responses
Invalid or missing auth returns a structured error with a link to this page:
{
"error": {
"code": "unauthorized",
"message": "Missing Authorization (Bearer) or X-Workspace-Id header",
"docs_url": "https://repull.dev/docs/guides/authentication",
"example": "curl /v1/properties -H \"Authorization: Bearer sk_test_KEY\" -H \"X-Workspace-Id: WS_ID\""
}
}AI