Quickstart

First 60 seconds with Repull. Six steps from zero to a live integration with webhooks.

TL;DR

One Bearer token. https://api.repull.dev. Cursor pagination. Idempotency-Key on writes. The whole flow below works against the sandbox key — no real channel connection required to try it.

Get an API key

Mint a key from /dashboard/keys. Test keys (sk_test_…) hit the sandbox — they will not modify any real channel data. Live keys (sk_live_…) work against connected channels. Store the key in your secrets manager and expose it as an env var.

# .env
REPULL_KEY=sk_test_paste_your_key_here

Done? Next: Make your first call →

Make your first call

List the workspace's listings — works on a fresh sandbox key with no setup.

curl https://api.repull.dev/v1/listings \
  -H "Authorization: Bearer sk_test_YOUR_KEY"

Returns { data, has_more, next_cursor }. Cursor pagination — pass cursor=… on the next call to walk the rest of the page.

Done? Next: Connect a channel →

Connect a channel

For real data, the workspace needs at least one channel connection. Mint a Connect session and redirect the user — the picker UI walks them through the OAuth or credentials flow for whichever channel they choose. Full guide: Connect (multi-channel).

curl -X POST https://api.repull.dev/v1/connect/sessions \
  -H "Authorization: Bearer sk_test_YOUR_KEY" \
  -H "Content-Type: application/json" \
  -d '{"redirectUrl": "https://your-app.com/callback"}'

Done? Next: Loop reservations →

Loop reservations

With a connection in place, list reservations across every connected channel through a single endpoint. Filter by status, date range, listing — the API is provider-agnostic.

curl "https://api.repull.dev/v1/reservations?status=confirmed&limit=50" \
  -H "Authorization: Bearer sk_test_YOUR_KEY"

limit caps at 100. Use the cursor pattern from Step 2 to walk the rest. See Get Reservations for the full filter list.

Done? Next: Register a webhook →

Register a webhook for new bookings

Polling the list endpoint works — but webhooks let you react in seconds. Register an endpoint and pick the events you care about. Repull retries with exponential backoff for 24 hours on any non-2xx response. Full guide: Webhooks.

curl -X POST https://api.repull.dev/v1/webhooks \
  -H "Authorization: Bearer sk_test_YOUR_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://your-app.com/webhooks/repull",
    "events": ["reservation.created", "reservation.updated", "reservation.cancelled"]
  }'

The response includes signing_secret — store it. You will need it in Step 6 to verify deliveries.

Done? Next: Verify webhook signatures →

Verify webhook signatures

Every webhook delivery includes a Repull-Signature header. Verify it before processing — an unverified payload could come from anywhere. The SDKs ship a one-liner verifier for every supported language.

import { verifyWebhook } from '@repull/sdk/webhooks'

export async function POST(req: Request) {
  const body = await req.text()
  const sig = req.headers.get('Repull-Signature')!
  const event = verifyWebhook(body, sig, process.env.REPULL_WEBHOOK_SECRET!)
  // event.type, event.data — typed
  return new Response('ok')
}

Verification compares an HMAC-SHA256 signature of the raw body against the header. Use the raw body — re-serialising parsed JSON breaks the hash.

What next

SDKs — typed clients for the language you actually use.
Idempotency — safe retries for writes.
Errors — every code page has a fix walkthrough.
Using Repull from AI agents — patterns for LLM-driven callers.
Custom Schemas — reshape responses to match your data model.

Previous← Introduction NextNode.js →