API Integration Guide
Integrate with the Coliving API to create users and bookings on your platform.
Important: API keys are provided by the admin team. Partners do not create their own API keys.
The API uses API key authentication and is designed for external partners to create users and bookings on the platform.
https://api.coliving.com/v1
V1 STABLE
Authentication
All API requests require an API key to be included in the request headers. API keys are provided by the admin team and should be kept secure.
Getting Your API Key
API keys are created and managed by the admin team through the admin panel. To get an API key:
- Contact the admin team with your integration requirements
- Provide details about your use case and required permissions
- Receive your API key via secure communication
- Store the key securely in your application
API Key Features
Each API key includes:
- Name: Human-readable identifier for the key
- Permissions: Canonical permissions (e.g.,
users.read,users.write,bookings.read,bookings.write,listings.read,listings.write) - Legacy aliases:
*.createvalues are accepted temporarily and normalized to*.write - Expiration: Optional expiration date for security
- Status: Active or inactive state
- Usage tracking: Automatic tracking of usage and IP addresses
Idempotency-Key (optional)
For POST /v1/users, POST /v1/bookings, and POST /v1/listings, send optional header Idempotency-Key (max 255 characters, unique per logical operation). The first successful response (HTTP 2xx) is cached per API key and scope until expiry (default 24 hours). Retries with the same key and identical JSON body return the same JSON without creating duplicate users, bookings, or listings. Reusing the key with a different body returns 409 with error.type idempotency_key_mismatch.
POST /v1/bookings/{id}/messages does not use this header. Duplicate sends are mitigated by a server-side deduplication window (same body text within the configured time); see the booking messages section below.
Auth Examples
X-API-Key: your_api_key_hereAuthorization: Bearer your_api_key_hereUser Management
Create User
Create a new user in the system. Users created via API are automatically marked as active.
POST /v1/users
Authentication: API Key
Note: User creation follows the same flow as web registration, including proper name formatting, meta attributes storage, event firing (UserCreated), and Google Tag Manager tracking.
Testing: Use the request and response examples below as the canonical contract for this endpoint.
Request Example
{
"email": "user@example.com",
"password": "securepassword123",
"first_name": "John",
"last_name": "Doe",
"phone": "+1234567890",
"date_of_birth": "1990-01-01",
"gender": "male",
"country": "United States",
"city": "New York",
"timezone": "America/New_York",
"language": "en"
}{
"data": {
"user_id": 555001,
"name": "John Doe",
"email": "user@example.com",
"first_name": "John",
"last_name": "Doe",
"phone": "+1234567890",
"date_of_birth": "1990-01-01",
"gender": "male",
"country": "United States",
"city": "New York",
"timezone": "America/New_York",
"language": "en",
"status": 1,
"role_name": "user",
"lifecycle": "subscriber",
"email_verified_at": null,
"login_at": "2026-04-19T02:18:50.000000Z",
"login_amount": 1,
"login_ip": "127.0.0.1",
"source": "api",
"api_created": true,
"created_at": "2026-04-19T02:18:50.000000Z",
"updated_at": "2026-04-19T02:18:50.000000Z"
},
"meta": {
"request_id": "req_users_create_001"
}
}{
"error": {
"type": "validation_error",
"message": "Validation failed",
"request_id": "req_users_create_001",
"errors": [
{
"path": "email",
"code": "invalid",
"message": "Email address is required."
}
]
}
}Booking Management
Create Booking
Create a new booking and reservation in the system.
POST /v1/bookings
Authentication: API Key
Request Example
{
"user_id": 123,
"listing_id": 456,
"room_type_id": 789,
"checkin_at": "2024-02-01",
"checkout_at": "2024-02-15",
"message": "Looking forward to my stay!"
}{
"data": {
"booking_id": 777001,
"booking_no": "BKG-777001",
"user_id": 123,
"host_id": 321,
"listing_id": 456,
"checkin_at": "2026-05-01",
"checkout_at": "2026-05-15",
"nights": 14,
"guests": 2,
"rooms": 1,
"status": 1,
"type": "api_booking",
"currency": "USD",
"price": 1200,
"price_local": 1200,
"price_total": 1350,
"price_total_local": 1350,
"security_deposit": 300,
"security_deposit_local": 300,
"discount": 0,
"transaction_fee": 0,
"service_fee": 150,
"service_fee_total": 150,
"is_recurring": 0,
"recurring_at": null,
"managed": 0,
"lifecycle": null,
"payment_status": null,
"lead_status": null,
"payout_ready": 0,
"source": "api",
"api_created": true,
"special_requests": null,
"cancellation_reason": null,
"dispute_reason": null,
"paid_at": null,
"paid_to_host_at": null,
"invoiced_at": null,
"canceled_at": null,
"missed_at": null,
"confirmed_at": null,
"extended_at": null,
"meta": {
"source": "api",
"api_created": true,
"special_requests": null
},
"created_at": "2026-04-19T02:18:50.000000Z",
"updated_at": "2026-04-19T02:18:50.000000Z"
},
"meta": {
"request_id": "req_bookings_create_001"
}
}{
"error": {
"type": "validation_error",
"message": "Validation failed",
"request_id": "req_bookings_create_001",
"errors": [
{
"path": "user_id",
"code": "invalid",
"message": "User ID is required."
}
]
}
}Listing Management
Listings contract update: Refreshed on April 6, 2026 to align `GET/POST /v1/listings` docs with the canonical public launch contract, including request IDs, host scoping, permissions, and strict error semantics.
List Listings
Retrieve listings owned by the host account linked to your API key. Results are paginated: data is the current page only. Default page size is 50 (maximum 100). Request successive page values until meta.pagination.current_page equals meta.pagination.last_page to sync the full set.
GET /v1/listings
Authentication: API Key
Required permission: listings.read
Host scoping: Each API key can only return listings for its own host account.
Query parameters
Page index (default 1).
Items per page (default 50, maximum 100).
When omitted, results use the default ordering (status priority, then name ascending, then updated_at descending).
Allowed values: id, name, updated_at, listing_status (maps to internal status with a stable rank: draft → pending → published → inactive).
Sort direction when sort is set. If sort is set but order is omitted: updated_at defaults to desc; all other sort fields default to asc. A secondary tie-breaker on id uses the same direction.
Restrict rows to one or more public statuses (same vocabulary as listing_status in each item): draft, pending, published, inactive.
Pass a single value (?listing_status=published) or repeat the parameter / use array syntax for OR semantics (e.g. draft and published together).
Substring match on listing name (exact case behavior depends on database collation; many deployments treat letters as case-insensitive). Characters % and _ in q are treated as literals, not SQL wildcards.
Response Example
{
"data": [
{
"id": 101,
"unique_id": "host101ab",
"original_id": "partner-listing-101",
"name": "Sunny Apartment",
"listing_status": "published",
"updated_at": "2026-04-06T10:15:05Z",
"room_types": [
{
"id": 501,
"name": "Standard Room",
"rooms": [
{
"id": 9001,
"name": "Room 101"
},
{
"id": 9002,
"name": "Room 102"
}
]
},
{
"id": 502,
"name": "Deluxe Suite",
"rooms": []
}
]
}
],
"meta": {
"request_id": "req_host_listings_001",
"pagination": {
"current_page": 1,
"per_page": 50,
"total": 1,
"last_page": 1,
"from": 1,
"to": 1
}
}
}Create Listing
Create a listing when it does not exist yet, or update the matched listing when it already exists.
POST /v1/listings
Required permission: listings.write
Host scoping: Each API key can only create or update listings for its own host account.
Headers
Request Body Parameters
Strongly recommended for high-quality sync: original_id, original_url, location.country, descriptions.property, media.photos, and room-level stable IDs when available.
For the complete payload field catalog and accepted helper values, see https://api.coliving.com/json/import and https://api.coliving.com/json/docs.
Responses
Create Listing Samples
{
"original_id": "property-01",
"original_url": "https://host.example.com/listings/property-01",
"name": "300 Mountain Road",
"property_size": 2500,
"property_size_unit": "m2",
"parking": "Parking on street (free)",
"internet_download": 300,
"internet_upload": 150,
"bedrooms": 10,
"bathrooms": 8,
"residents": 18,
"descriptions": {
"property": "Bright shared home with work-ready common areas.",
"neighborhood": "Walkable area near transit and cafes.",
"community": "Residents are social, respectful, and internationally minded."
},
"location": {
"address": "300 Mountain Road",
"zip": "90210",
"neighborhood": "Mission District",
"city": "San Francisco",
"state": "California",
"country": "United States",
"lat": 37.8081823,
"lng": -122.4141216
},
"amenities": [
{
"id": 12
}
],
"prices": {
"currency": "usd",
"security_deposit_type": "fixed",
"security_deposit": 1000,
"extra_fees": [
{
"name": "Cleaning fee",
"description": "One-time cleaning fee",
"mandatory": 1,
"type": "fixed",
"sum": 120,
"frequency": "once"
}
]
},
"room_types": [
{
"id": "private-queen-01",
"name": "Private queen room",
"room_type": "private",
"bed_type": "queen",
"application_url": "https://host.example.com/apply/private-queen-01",
"room_size": 180,
"room_size_unit": "sqft",
"max_occupancy": 2,
"gender": "mixed",
"bathroom_type": "private",
"available_at": "2026-03-16",
"rooms": [
{
"id": "room-104",
"name": "Room 104",
"description": "Quiet room with desk and closet.",
"availability": {
"ical": "https://host.example.com/ical/room-104.ics"
}
}
],
"prices": {
"base_price": 1200,
"price_jan": 1200,
"price_feb": 1200,
"price_mar": 1200,
"price_apr": 1250,
"price_may": 1250,
"price_jun": 1300,
"price_jul": 1300,
"price_aug": 1300,
"price_sep": 1250,
"price_oct": 1250,
"price_nov": 1200,
"price_dec": 1200,
"discount_90": 5,
"discount_180": 10,
"discount_360": 15
},
"amenities": [
{
"id": 34
}
],
"photos": [
{
"url": "https://assets.host.example.com/room-104.jpg",
"description": "Desk and window"
}
]
}
],
"bookings": {
"stay_min": 3,
"notice_min_days": 14,
"move_in_max_days": 90,
"application_url": "https://host.example.com/apply/property-01",
"cancellation_policy": "flexible",
"booking_rules": "No overnight guests without approval."
},
"community": {
"age_min": 25,
"age_max": 45,
"age_avg": 31,
"gender": "mixed",
"gender_ratio": 50,
"events": [
{
"id": 1061
}
],
"community_manager": {
"name": "Jeff",
"photo": "https://assets.host.example.com/community-manager.jpg",
"onsite": 1
},
"types": [
{
"id": 8
}
]
},
"media": {
"3d_tour": "https://my.matterport.com/show/?m=123456789",
"video_tour": {
"type": "youtube",
"url": "https://www.youtube.com/watch?v=fYfFgcBlxrQ"
},
"photos": {
"property": [
{
"url": "https://assets.host.example.com/property-01.jpg",
"description": "Coworking lounge"
}
],
"community": [
{
"url": "https://assets.host.example.com/community-01.jpg",
"description": "Community dinner"
}
]
}
},
"instructions": {
"check_in_earliest": "14:30",
"check_in_latest": "20:00",
"check_out_latest": "11:00",
"check_in_contact_person": "Sandra",
"check_in_telephone_country": "+1",
"check_in_telephone_number": "5551234567",
"check_in_instructions": "Use the keypad at the main entrance.",
"directions": "From the airport, take the express train to Downtown Station.",
"house_manual": "Quiet hours start at 10pm. Clean shared areas after use."
},
"faq": [
{
"question": "Is cleaning included?",
"answer": "Yes, common areas are cleaned weekly."
}
],
"rating": {
"google_places_id": "ChIJN1t_tDeuEmsRUsoyG83frY4"
}
}{
"data": {
"id": 22035,
"unique_id": "bhmncd8z",
"original_id": "partner-listing-001",
"name": "Highland Springs Ave Coliving",
"listing_status": "pending",
"action": "created",
"room_types_count": 1,
"match": {
"matched": false,
"method": null,
"confidence": {
"level": null,
"score": null
}
},
"links": {
"preview": "https://coliving.com/spaces/bhmncd8z?preview=true"
},
"updated_at": "2026-04-06T10:15:05Z"
},
"meta": {
"request_id": "req_listing_upsert_001"
}
}{
"error": {
"type": "auth_error",
"message": "API key is required",
"request_id": "req_listing_upsert_001",
"errors": []
}
}{
"error": {
"type": "forbidden",
"message": "Missing required API key permission.",
"request_id": "req_listing_upsert_001",
"errors": [
{
"path": "required_permission",
"code": "forbidden",
"message": "listings.write"
}
]
}
}{
"error": {
"type": "conflict_error",
"message": "A listing with this external identity already exists for this host but is inactive.",
"request_id": "req_listing_upsert_001",
"errors": [
{
"path": "action",
"code": "conflict",
"message": "skipped"
},
{
"path": "listing_id",
"code": "conflict",
"message": "22035"
},
{
"path": "match.matched",
"code": "conflict",
"message": "true"
},
{
"path": "match.method",
"code": "conflict",
"message": "original_id"
},
{
"path": "match.confidence.level",
"code": "conflict",
"message": "high"
},
{
"path": "match.confidence.score",
"code": "conflict",
"message": "0.92"
}
]
}
}{
"error": {
"type": "validation_error",
"message": "Validation failed",
"request_id": "req_listing_upsert_001",
"errors": [
{
"path": "name",
"code": "required",
"message": "The name field is required."
}
]
}
}{
"error": {
"type": "internal_error",
"message": "An unexpected error occurred.",
"request_id": "req_listing_upsert_001",
"errors": []
}
}Update Listing
Update an existing listing by internal listing ID. This endpoint supports both partial updates and full payload updates.
PATCH /v1/listings/{id}
Required permission: listings.write
Host scoping: Listing must belong to the host associated with the API key.
Headers
Request Body Parameters
PATCH behavior: Listing is resolved from id in DB. Fields sent in payload are updated; fields not sent stay unchanged.
Null semantics: Sending null is accepted only for fields that are nullable in validation rules; sending null to non-nullable fields returns 422 validation_error.
Responses
Update Listing Samples
{
"name": "300 Mountain Road",
"bookings": {
"stay_min": 3,
"notice_min_days": 14,
"move_in_max_days": 90,
"cancellation_policy": "flexible",
"booking_rules": "No overnight guests without approval."
}
}{
"name": "300 Mountain Road",
"property_size": 2500,
"property_size_unit": "m2",
"parking": "Parking on street (free)",
"internet_download": 300,
"internet_upload": 150,
"bedrooms": 10,
"bathrooms": 8,
"residents": 18,
"descriptions": {
"property": "Bright shared home with work-ready common areas.",
"neighborhood": "Walkable area near transit and cafes.",
"community": "Residents are social, respectful, and internationally minded."
},
"location": {
"address": "300 Mountain Road",
"zip": "90210",
"neighborhood": "Mission District",
"city": "San Francisco",
"state": "California",
"country": "United States",
"lat": 37.8081823,
"lng": -122.4141216
},
"amenities": [
{
"id": 12
}
],
"prices": {
"currency": "usd",
"security_deposit_type": "fixed",
"security_deposit": 1000,
"extra_fees": [
{
"name": "Cleaning fee",
"description": "One-time cleaning fee",
"mandatory": 1,
"type": "fixed",
"sum": 120,
"frequency": "once"
}
]
},
"room_types": [
{
"id": "private-queen-01",
"name": "Private queen room",
"room_type": "private",
"bed_type": "queen",
"application_url": "https://host.example.com/apply/private-queen-01",
"room_size": 180,
"room_size_unit": "sqft",
"max_occupancy": 2,
"gender": "mixed",
"bathroom_type": "private",
"available_at": "2026-03-16",
"rooms": [
{
"id": "room-104",
"name": "Room 104",
"description": "Quiet room with desk and closet.",
"availability": {
"ical": "https://host.example.com/ical/room-104.ics"
}
}
],
"prices": {
"base_price": 1200,
"price_jan": 1200,
"price_feb": 1200,
"price_mar": 1200,
"price_apr": 1250,
"price_may": 1250,
"price_jun": 1300,
"price_jul": 1300,
"price_aug": 1300,
"price_sep": 1250,
"price_oct": 1250,
"price_nov": 1200,
"price_dec": 1200,
"discount_90": 5,
"discount_180": 10,
"discount_360": 15
},
"amenities": [
{
"id": 34
}
],
"photos": [
{
"url": "https://assets.host.example.com/room-104.jpg",
"description": "Desk and window"
}
]
}
],
"bookings": {
"stay_min": 3,
"notice_min_days": 14,
"move_in_max_days": 90,
"application_url": "https://host.example.com/apply/property-01",
"cancellation_policy": "flexible",
"booking_rules": "No overnight guests without approval."
},
"community": {
"age_min": 25,
"age_max": 45,
"age_avg": 31,
"gender": "mixed",
"gender_ratio": 50,
"events": [
{
"id": 1061
}
],
"community_manager": {
"name": "Jeff",
"photo": "https://assets.host.example.com/community-manager.jpg",
"onsite": 1
},
"types": [
{
"id": 8
}
]
},
"media": {
"3d_tour": "https://my.matterport.com/show/?m=123456789",
"video_tour": {
"type": "youtube",
"url": "https://www.youtube.com/watch?v=fYfFgcBlxrQ"
},
"photos": {
"property": [
{
"url": "https://assets.host.example.com/property-01.jpg",
"description": "Coworking lounge"
}
],
"community": [
{
"url": "https://assets.host.example.com/community-01.jpg",
"description": "Community dinner"
}
]
}
},
"instructions": {
"check_in_earliest": "14:30",
"check_in_latest": "20:00",
"check_out_latest": "11:00",
"check_in_contact_person": "Sandra",
"check_in_telephone_country": "+1",
"check_in_telephone_number": "5551234567",
"check_in_instructions": "Use the keypad at the main entrance.",
"directions": "From the airport, take the express train to Downtown Station.",
"house_manual": "Quiet hours start at 10pm. Clean shared areas after use."
},
"faq": [
{
"question": "Is cleaning included?",
"answer": "Yes, common areas are cleaned weekly."
}
],
"rating": {
"google_places_id": "ChIJN1t_tDeuEmsRUsoyG83frY4"
}
}{
"data": {
"id": 22035,
"unique_id": "bhmncd8z",
"original_id": "partner-listing-001",
"name": "Highland Springs Ave Coliving",
"listing_status": "pending",
"action": "updated",
"room_types_count": 1,
"match": {
"matched": true,
"method": "id",
"confidence": {
"level": "high",
"score": 0.99
}
},
"links": {
"preview": "https://coliving.com/spaces/bhmncd8z?preview=true"
},
"updated_at": "2026-05-04T10:15:05Z"
},
"meta": {
"request_id": "req_listing_patch_001"
}
}{
"error": {
"type": "not_found",
"message": "Listing not found or unauthorized",
"request_id": "req_listing_patch_001",
"errors": []
}
}Error Handling
All API endpoints return consistent error responses:
Success and error shapes on this host. New partner integrations should treat the following as the canonical contract for public /v1 APIs on the dedicated API domain:
- Canonical (preferred): Successful responses use
dataplusmeta(includingmeta.request_idwhen request IDs are enabled). Failed responses use a top-levelerrorobject (type,message,request_id,errors). Integrations under/v1/integrations/{provider}/…and listings/bookings/messages documented on this page follow this envelope. This includes provider key viaPOST /v1/integrations/{provider}/provider-key(see Integrations docs page); this endpoint may return409whenprovider_api_keyis already used by another account. - Legacy: A small number of older endpoints may still return a top-level
successflag (and related fields) alongside or instead of the canonical shape. Treat these as legacy until migrated; prefer parsingdata/meta/errorfor new code paths (e.g. some auth and key-management responses).
Common HTTP status codes:
- 200 - Success
- 201 - Created
- 401 - Unauthorized (invalid or missing API key)
- 403 - Forbidden (insufficient permissions)
- 409 - Conflict with existing resource state
- 422 - Validation error or domain conflict
- 404 - Not Found (includes
unsupported_providerfor unknown/v1/integrations/{provider}/…) - 500 - Internal Server Error
{
"error": {
"type": "validation_error",
"message": "Validation failed",
"request_id": "req_example_001",
"errors": [
{
"path": "field",
"code": "invalid",
"message": "Reason for the validation failure."
}
]
}
}Rate Limiting
API requests are rate limited to 60 requests per minute per API key.
60 requests per minute per API keyBest Practices
- Store API keys securely - Never expose API keys in client-side code
- Use HTTPS - Always make requests over HTTPS
- Handle errors gracefully - Implement proper error handling in your integration
- Validate responses - On success, validate
dataandmeta.request_id; on failures, validate theerrorobject. - Monitor usage - Keep track of your API usage and rate limits
- Contact admin for key management - API keys are managed by the admin team
- Use descriptive names - Admin will name your API keys clearly for better management
- Follow Laravel conventions - Use API Resources for consistent response formatting
- Include required fields - Ensure all required fields are provided for user and booking creation
- Handle meta data properly - Use meta attributes for additional user/booking information
Testing the API
To test the API endpoints and see the actual response structure:
- Set up your testing environment:
base_url: Your API base URLapi_key: Your API key (provided by admin)
- Test the endpoints:
- Use the request examples above to create test data
- Make actual API calls to see real responses
- Test both User and Booking creation endpoints
Pro Tip: The best way to understand the API responses is to test them yourself. Use tools like Postman, curl, or your preferred API testing tool with the examples provided above.
Support & Sandbox
For API support, please contact the development team with:
- Your API key (masked)
- Request details
- Error messages
- Expected vs actual behavior
For API key requests or management, contact the admin team directly.
Ready to integrate?
Contact the admin team to get your API key and start building amazing integrations with the Coliving platform!
Want to test the API first?
Try our API Sandbox to test the endpoints with mock data before integrating with the production API.