EscapeLifeDocs
Available now

Authentication

EscapeLife uses API keys to authenticate requests. Keys are scoped per property, per environment, and can be restricted to specific permission scopes.

API key format

Keys are prefixed by environment:

sk_live_...

Live

Authenticates against real production data.

sk_test_...

Test

Sandbox environment with synthetic data. Safe to use in development.

Sending a request

Pass your key in the Authorization header as a Bearer token:

cURL
curl https://api.escapelife.ai/v1/properties \
  -H "Authorization: Bearer sk_live_xxxxxxxxxxxxxxxxxxxx"
TypeScript
const res = await fetch("https://api.escapelife.ai/v1/properties", {
  headers: {
    Authorization: `Bearer ${process.env.ESCAPELIFE_API_KEY}`,
  },
});
const data = await res.json();
Python
import httpx

headers = {"Authorization": f"Bearer {api_key}"}
res = httpx.get("https://api.escapelife.ai/v1/properties", headers=headers)
data = res.json()

Scopes

Keys can be restricted to one or more scopes. Use * to grant all access.

properties:read

Read property details and settings.

properties:write

Create and update property records.

knowledge:read

List knowledge sources.

knowledge:write

Ingest and delete knowledge sources.

guests:read

Read guest profiles and history.

guests:write

Create and update guest records.

bookings:read

Read booking records.

bookings:write

Create and modify bookings.

analytics:read

Access RevPAR, conversion, and AI analytics.

*

All scopes — full access. Use for server-side integrations only.

Endpoints

POST/v1/auth/keysCreate an API key

Issue a new API key for the authenticated property. The raw key is returned once — store it securely. It cannot be retrieved again.

Request Body

namestringrequiredHuman label for this key, e.g. 'Production' or 'Staging'.
environmentstringlive or test. Defaults to live.
scopesstring[]Permission scopes. Defaults to ['*'].
bash
curl -X POST https://api.escapelife.ai/v1/auth/keys \
  -H "Authorization: Bearer sk_live_xxx" \
  -H "Content-Type: application/json" \
  -d '{"name": "Staging", "environment": "test", "scopes": ["properties:read", "knowledge:write"]}'
Response
{
  "id": "key_a1b2c3d4e5f6",
  "property_id": "pty_xyz123",
  "name": "Staging",
  "environment": "test",
  "scopes": ["properties:read", "knowledge:write"],
  "key": "sk_test_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
  "is_active": true,
  "last_used_at": null,
  "created_at": "2026-03-15T10:00:00Z"
}
GET/v1/auth/keysList API keys

Return all API keys for the authenticated property. Raw key values are not returned — only metadata.

DELETE/v1/auth/keys/{key_id}Revoke an API key

Permanently revoke an API key. Any requests using this key will immediately return 401.

Path / Query Parameters

key_idstringrequiredThe key ID (key_...) to revoke.
GET/v1/auth/scopesList available scopes

Return the full list of valid permission scopes.

Security best practices

  • Never expose live keys in client-side code or public repositories.
  • Use test keys (sk_test_) during development and CI.
  • Scope keys to the minimum permissions required.
  • Rotate keys regularly and revoke any that may have been exposed.
  • Store keys in environment variables, not hardcoded in source files.