You can manage API keys from the Integrations page under API keys. The current dashboard flow creates integration-type keys, lets you choose the key kind, assign capabilities, optionally set an expiry date, and revoke the key later if it is no longer needed.
InfoAPI keys and the Bokko Public API are available on the Pro plan. On Free or Starter, the API keys section is not available for active use.
Create a new API key
- Open Integrations in the dashboard.
- Go to the API keys section and click Create.
- Enter a key name.
- Choose the key kind: Owner integration or Booking partner.
- Select at least one capability.
- Optionally choose an expiry date.
- Confirm the creation.
WarningBokko shows the raw API key only once, right after creation. Save it securely before you close the dialog, because the raw key is not shown again later.
Key kinds
| Kind | What it is for |
|---|---|
| Owner integration | General owner-side integrations. This kind can use the full set of capabilities shown in the dialog. |
| Booking partner | External booking partner integrations acting on behalf of guests. This kind is restricted to the guest-facing booking flow. |
If you choose Booking partner, Bokko limits the selectable capabilities to guest-facing operations only: services.read, staff.read, availability.read, and booking.create.
Available capabilities
| Capability | What it allows |
|---|---|
| availability.read | Read availability data |
| booking.create | Create bookings through the API |
| booking.read | Read booking data |
| booking.cancel | Cancel bookings through the API |
| services.read | Read services |
| staff.read | Read staff data |
| webhook.manage | Manage webhook-related functionality |
| subscription.read | Read subscription status and quotas |
InfoThe full Public API capability registry is documented on the developer docs side. The current dashboard create dialog may expose a narrower set than the full backend contract.
What you see in the key list
- Key name
- Key suffix instead of the full secret
- Capability chips
- Status such as active, expired or revoked
- Last used date when Bokko has usage data for that key
Revoke a key
- Find the key in the API keys list.
- Click Revoke.
- Confirm the action.
Revocation is the right choice if a key is no longer in use, was exposed, or should stop working immediately. Bokko keeps the key in the list with revoked status instead of showing the raw key again.
InfoDeveloper Documentation: Full technical details for using API keys (Bearer auth, capability matrix, rate limits, code examples) are available on the Bokko Public API – Authentication page.