Authentication and attribution


For reservations to be assigned correctly, we implemented agent id (aid) tracking. This will be issued together with your Auth token. On urls to the portal or widget the aid is set on the given url automatically (based on the authtoken) and is stored for the duration of the browsing session only. When a reservation is made, the aid will be passed and stored with the reservation. With direct API reservations, agent_id must be specified in the request body.

NOTE: Your assigned Agent ID may be different on the test environment from the one assigned on production, please make sure you have the correct agent ID on each environment.


We use a header token to authenticate requests to the API, not all endpoints require authentication however without always including, reservation attribution cannot be tracked in some cases and so it is best practice to include on all GET/POST/PUT/PATCH requests. For example:

X-Quandoo-AuthToken: e6f6h28e26vbc8442b288eb6121d85b9a4