Pacific Bedbank API Rates Doc
    • INTRODUCTION
    • Getting Started
    • Payments
    • Discover
    • Endpoints Overview
    • Webhooks
    • Authentication
      • Login
        POST
      • Me
        GET
    • Search
      • List Countries
        GET
      • List Currencies
        GET
      • List Hotels
        GET
      • Search Hotel Rates
        POST
      • Search Hotel Min Rates
        POST
    • Bookings
      • Create Prebook
        POST
      • Prebook Payment Page
        GET
      • Prebook Payment Return
        GET
      • Get Prebook
        GET
      • List Bookings
        GET
      • Confirm Booking
        POST
      • Cancel Booking
        PUT
      • Amend Guest Name
        PUT
      • Get Booking
        GET
    • Schemas
      • LoginResponse
      • LoginRequest
      • CountriesResponse
      • Country
      • CurrenciesResponse
      • Currency
      • HotelListResponse
      • HotelSummary
      • HotelEssential
      • RateEssential
      • RoomTypeEssential
      • SearchResponseEssential
      • SupplierWarning
      • HotelRatesRequest
      • OccupancyInput
      • WholesalerCurrency
      • HotelMinRate
      • HotelMinRatesResponse
      • HotelMinRatesRequest
      • CreditLineInfo
      • PaymentSdkInfo
      • PrebookResponse
      • PrebookRoomRate
      • TravellerInfo
      • PrebookRequest
      • TravellerInput
      • BookingListItem
      • BookingListResponse
      • ConfirmBookingResponse
      • ConfirmBookingRequest
      • GuestInput
      • HolderInput
      • CancelBookingResponse
      • AmendGuestResponse
      • AmendGuestRequest
      • BookingDetailResponse

    Getting Started

    # Authentication

The GBB Rates API uses Agent API Key authentication.

GBB support will provide your API key. Send it in the `Authorization` header on every authenticated request.

```http
Authorization: ApiKey YOUR_API_KEY
    You can also use:
    but ApiKey is recommended.

    Validate Your API Key#

    Use POST /api/v1/auth/login to check that your API key is valid and to view your agent details.
    This endpoint does not return a separate token. Continue using your API key for authenticated requests.

    Request#

    Response#

    {
  "agent_id": "agent-id",
  "agent_name": "Your Company",
  "email": "agent@example.com",
  "expires_at": "2026-09-01T00:00:00+00:00",
  "rate_limit": 100
}

    Make an Authenticated Request#

    Verify Your Authentication#

    Call GET /api/v1/me.
    Example response:
    {
  "agent_id": "agent-id",
  "company_name": "Your Company",
  "api_key_name": "Default Key",
  "rate_limit": 100
}

    Sandbox and Live API Keys#

    Use sandbox keys for testing and live keys for production bookings.
    Key TypePurposeEffect
    SandboxTest your integrationNo real bookings or payments
    LiveProduction useReal bookings and payments may apply
    Sandbox keys can only be used with sandbox agents. Live keys can only be used with live agents.
    If the key environment does not match the agent environment, the API returns 401 Unauthorized.

    Rules#

    DoDon’t
    Test with sandbox firstDo not use sandbox for real customers
    Use live only after approvalDo not commit keys to code
    Store keys in environment variablesDo not expose keys in client-side apps
    Rotate keys regularlyDo not share keys in chat or email

    Common Errors#

    401 Unauthorized#

    The API key is missing, invalid, expired, inactive, or belongs to the wrong environment.
    {
  "detail": "Unauthorized"
}
    For login failures:
    {
  "detail": "Invalid API token"
}

    429 Too Many Requests#

    You exceeded your per-minute API rate limit.
    {
  "detail": "Rate limit exceeded"
}
    Wait and retry after the number of seconds in the Retry-After response header.

    Summary#

    Sandbox → test integration safely
Live → create real bookings
Authorization → ApiKey YOUR_API_KEY
Login endpoint → validates your key, does not issue a new token
    Modified at 2026-06-02 22:04:48
    Previous
    INTRODUCTION
    Next
    Payments
    Built with