REST API Configuration

Owned by Christian Vaes
Last updated: Sept 09, 2024 by Santosh Powar
3 min read

The REST API can be used to fetch or create data in the Maxxton system. The REST API is the successor of the SOAP XML Webservice.

Documentation on the usage of the REST API can be found here: https://developers.maxxton.com/

Create REST API authentication

Access to the REST API can be configured in the Maxxton software back office

  1. In Maxxton software go to the "Integration Manager".
  2. In the menu on the left panel select "API users".

  3. You can add integrations by clicking the Add integration button in the top right corner

  4. Company/user details: Fill in all fields with the details from the company that this API user will use and click "create API user".
    Use a generic email for the company as this will probably later be used to inform on maintenance/changes to the REST API
  5. Now the API user is created and we are going to configure the settings. Click "Next step" to proceed
  6. Admin organization: Choose which admin organization the new API user should have access to and click "Next step".
    You can choose to grand access to all admin organizations or select the specific 
  7. The API user is totally configured and created now. The next step is to create an API key for the API user to be used to access the REST API. Click "Create credentials" to do this
  8. Application information: Fill in the name of the application that the API key will be used for and click "Next step" to proceed
  9. Distribution channel: Assign a specific distribution channel to be used by this API key(select "Use a predefined distribution channel") or keep it empty(select "Define distribution channel in API call") to give it access to the information of all distribution channels.
    This means only data from the selected distribution channel will be available from the API. For example reservations, will only return the reservations created by the selected distributionchannel. Also for creating reservations only the selected distributionchannel can be used. This is the recommended way
  10. Reservation Category: Assign a specific reservation category to be used by this API key(select "Use a predefined reservation category") or keep it empty(select "Define reservation category in API call") to give it access to creating reservations with only a specific reservation category or all available reservation categories by specifying this in the create reservation request.
  11. Release status: Choose which release statuses should be accessible from the specific API key. The lower the status the more data will be returned.
  12. Permissions: Choose the permissions for the API key. This will give access to the API endpoints using the provided permissions. In this way, you can limit the data available for the API key. 
    - For each permission there are 4 options: GET, PUT, POST and DELETE. The GET is to fetch(GET) data from the API, PUT will give the possibility to update existing data, POST will give the possibility to create new data(for example new reservations), DELETE will give the possibility to delete existing information.
    - By clicking on the top icons you can give access to all endpoints at once.
  13. After selecting all the permissions the API key should have access to click "Create credential" to create the API key.
  14. You will be provided with the client_id, API key, concern id, and an example authentication call. This can be used to authenticate to the API. See for more details on authenticating the documentation
  15. Click close to close the wizard and the API user and the key is available and can be used by the company/user who is going to build something against the Maxxton REST API.

FAQ:

  • The API key configured on the production environment is copied to the acceptance environment whenever that environment is refreshed. This means you can use the same API key for both environments if the production environment was copied to the acceptance environment. Before a refresh has taken place the keys need to be created manually on both environments separately(also the API keys will be different if created manually)
  •  After the API access is configured, the application can authenticate using: https://developers-test.maxxton.com/maxxton/v1/documentation/html5/index.html#_oauth2
    1. The client_secret is the "API key" which was generated in the Integration Manager and can be found by selecting an API user, select a specific "Credential". This is the "Api key" on the top
    2. The client_id is the "Client Id" which was set in the Integration Manager and can be found by selecting an API user. This is the "Login/client id" on the top
    3. The scope/concern code is the code in the URL of the environment, for the production environment, this is the part before the . from the subdomain of mxt.maxxton.net and for the test environment the part without the -test.maxxton.net
  • For other questions please contact our API support: api@maxxton.com