Skip to content
OAOpenAppPhysical Security as a Service
Login

Create a time-bound guest invitation via API

Time-bound guest access lets visitors open a door or gate only during a stay — typical for short-term rentals, hotels, and event hosts. OpenApp models this as an access invite tied to one or more access portals (lobby QR, garage entry, and so on).

This guide is for integrators and agents connecting a PMS/VRMS or custom booking system to OpenApp. Guests consume invites through public routes documented in Public Access. For sector framing, see Model by sector (hotel and STR rows).

What you need

Section titled “What you need”
ValueSource
API keyCreate an API key
Organization idDashboard or GET /orgs
Virtual Access integration idDashboard → Integrations
Portal id(s)Integration → access portals (lobby / garage)

Create an invite with a validity window

Section titled “Create an invite with a validity window”

POST /integrations/{integration_id}/access-invites creates a link the guest can claim. Set valid_from and valid_to in UTC (RFC 3339). portal_ids must include at least one portal that grants portal_open.

Terminal window
export OPENAPP_API_BASE='https://api.openapp.house/api/v1'
export OPENAPP_API_KEY='v1_openapp_YOUR_SECRET'
export OPENAPP_ORG_ID='01HORG00000000000000000000'
export INTEGRATION_ID='01HINTEGRATION00000000000000'
export PORTAL_ID='01HPORTAL000000000000000000'


curl -sS -X POST \
  -H "Authorization: Bearer ${OPENAPP_API_KEY}" \
  -H "Content-Type: application/json" \
  -H "X-Org: ${OPENAPP_ORG_ID}" \
  -d '{
    "portal_ids": ["'"${PORTAL_ID}"'"],
    "name": "Guest — June stay",
    "valid_from": "2026-06-01T15:00:00Z",
    "valid_to": "2026-06-05T11:00:00Z",
    "max_uses": 30
  }' \
  "${OPENAPP_API_BASE}/integrations/${INTEGRATION_ID}/access-invites"

A successful response includes invite_token and invite_link_id. Build the guest URL per your deployment (public invite routes use the token in the path — see get_public_invite in the API reference).

Python (httpx)

Section titled “Python (httpx)”
import os
import httpx


async with httpx.AsyncClient() as http:
    resp = await http.post(
        f"{os.environ['OPENAPP_API_BASE']}/integrations/{integration_id}/access-invites",
        headers={
            "authorization": f"Bearer {os.environ['OPENAPP_API_KEY']}",
            "content-type": "application/json",
            "x-org": org,
        },
        json={
            "portal_ids": [os.environ["PORTAL_ID"]],
            "name": "Guest — June stay",
            "valid_from": "2026-06-01T15:00:00Z",
            "valid_to": "2026-06-05T11:00:00Z",
            "max_uses": 30,
        },
    )
    created = resp.json()
invite_token = created["invite_token"]

Guest side (claim and open)

Section titled “Guest side (claim and open)”

After the guest opens the link:

  1. GET /public/access/invites/{inviteToken} — invite payload and grants.
  2. POST .../claim — associate the invite with the device/browser.
  3. POST .../execute with grant_id — open the door (or start a session).

See Public Access for curl and SDK examples across languages.

Update or revoke at checkout

Section titled “Update or revoke at checkout”

Use PUT /integrations/{id}/access-invites/{invite_link_id} to disable (is_enabled: false) or narrow validity. DELETE removes the invite permanently. Examples live under Integrations — access invites.

PMS automation

Section titled “PMS automation”

Wire create/update to booking webhooks — pattern in Integrate OpenApp with your existing software.

← Integrate existing software · Virtual intercom flow →