API

Connect Manage Tasks with your existing systems.

The API lets approved systems read and write operational data while respecting credentials, permissions, and IP access rules.

Facilities and hierarchy

Fetch facilities, buildings, floors, apartments, and related structure for synchronized external views.

Reservations

Create, update, filter, and price reservations through controlled API credentials.

Contacts

Create and update contact records, including login credentials for brand-specific access flows.

Pricing

Calculate reservation prices from the same operational pricing rules used inside the platform.

Access control

Limit API users by write permissions, allowed modules, IP whitelist groups, and blacklist groups.

Documentation

Generate API documentation from the configured endpoints and send it to integration partners.

Built for controlled integrations

Admins can create API users, assign endpoint permissions, restrict network access, and share documentation without exposing unrelated platform areas.

Documentation

API Documentation

Review how the platform API is structured and how external systems should consume it.

Base URL
https://www.manage-tasks.com/api/integration
Authentication

Send the API user token either as a Bearer token or in the X-Api-Token header.

Security Notes

  • Each API credential is bound to a platform user. That user defines data visibility.
  • Endpoint access is enforced per resource and action through API Permissions.
  • IP whitelist and blacklist rules are evaluated against the source IP of every incoming API request.
  • Blacklist matches always block the request. If a whitelist exists, the request IP must match the whitelist to pass.
  • Reusable IP groups are merged into the whitelist and blacklist before the request is evaluated.
  • Reservation guests are contact records. Create contacts first when the external system does not already know their IDs.
  • When a contact is created through an API user and an email is provided, the system can generate a website login credential under that API user name as the brand.

Available Endpoints

GET /api/integration/facilities facilities.read

List visible facilities, including hotel buildings, floors, and apartments.

Required Fields

  • None

Optional Fields

  • per_page

Request Example

GET /api/integration/facilities?per_page=2
Authorization: Bearer your-integration-token
Accept: application/json

Response Example

{
  "data": [
    {
      "id": 12,
      "name": "Grand Hotel",
      "type": "hotel",
      "buildings": [
        {
          "id": 31,
          "name": "Main Building",
          "floors": [
            {
              "id": 45,
              "name": "Floor 2",
              "apartments": [
                {
                  "id": 108,
                  "name": "204 Deluxe",
                  "capacity": 3
                }
              ]
            }
          ]
        }
      ]
    }
  ],
  "meta": {
    "current_page": 1,
    "per_page": 2,
    "total": 1
  }
}
GET /api/integration/reservations reservations.read

List visible reservations for a required facility whose check-in or check-out date falls inside the required requested period, with optional building, floor, and apartment filters.

Required Fields

  • facility_id
  • date_from (Y-m-d)
  • date_to (Y-m-d, after_or_equal:date_from)

Optional Fields

  • building_id
  • floor_id
  • apartment_id
  • status
  • contact_id
  • updated_since

Request Example

GET /api/integration/reservations?facility_id=12&building_id=31&floor_id=45&apartment_id=108&status=confirmed&date_from=2026-06-01&date_to=2026-06-30
Authorization: Bearer your-integration-token
Accept: application/json

Response Example

{
  "data": [
    {
      "id": 42,
      "status": "reserved",
      "check_in": "2026-06-10",
      "check_out": "2026-06-12",
      "facility_id": 12,
      "apartment_id": 108,
      "guest": {
        "id": 77,
        "type": "contact",
        "first_name": "John",
        "last_name": "Guest",
        "name": "John Guest"
      },
      "additional_guests": [
        {
          "id": 101,
          "type": "contact",
          "name": "Guest One"
        }
      ]
    }
  ],
  "meta": {
    "current_page": 1,
    "per_page": 15,
    "total": 1
  }
}
POST /api/integration/reservations/calculate-price reservations.read

Calculate the reservation price for a visible apartment and date period without creating a reservation record.

Required Fields

  • hotel_apartment_id
  • check_in (Y-m-d)
  • check_out (Y-m-d, after:check_in)

Optional Fields

  • None

Request Example

POST /api/integration/reservations/calculate-price
Authorization: Bearer your-integration-token
Accept: application/json
Content-Type: application/json

{
  "hotel_apartment_id": 108,
  "check_in": "2026-07-01",
  "check_out": "2026-07-04"
}

Response Example

{
  "data": {
    "hotel_apartment_id": 108,
    "check_in": "2026-07-01",
    "check_out": "2026-07-04",
    "nights": 3,
    "total_price": 360,
    "currency": "EUR",
    "apartment": {
      "id": 108,
      "name": "204 Deluxe",
      "apartment_number": "204"
    },
    "facility": {
      "id": 12,
      "name": "Grand Hotel"
    }
  }
}
GET /api/integration/contacts contacts.read

List visible contacts that can be used as reservation guests.

Required Fields

  • None

Optional Fields

  • search
  • per_page
  • updated_since

Request Example

GET /api/integration/contacts?search=john&per_page=2
Authorization: Bearer your-integration-token
Accept: application/json

Response Example

{
  "data": [
    {
      "id": 77,
      "first_name": "John",
      "last_name": "Guest",
      "display_name": "John Guest",
      "email": null,
      "phone": null,
      "login_credentials": [
        {
          "brand": "SeaBrand",
          "email": "[email protected]"
        }
      ]
    }
  ],
  "meta": {
    "current_page": 1,
    "per_page": 2,
    "total": 1
  }
}
POST /api/integration/contacts/login contacts.read

Validate contact login credentials for the current API brand without issuing a session or token.

Required Fields

  • email
  • password

Optional Fields

  • None

Request Example

POST /api/integration/contacts/login
Authorization: Bearer your-integration-token
Accept: application/json
Content-Type: application/json

{
  "email": "[email protected]",
  "password": "SecretPass123"
}

Response Example

{
  "valid": true,
  "data": {
    "contact_id": 77,
    "display_name": "John Guest",
    "brand": "SeaBrand",
    "email": "[email protected]"
  }
}
POST /api/integration/contacts contacts.write

Create a guest contact with only first and last name, or include optional email, login_email, password, phone, and notes.

Required Fields

  • first_name
  • last_name

Optional Fields

  • display_name
  • email
  • login_email
  • password
  • phone
  • notes

Request Example

POST /api/integration/contacts
Authorization: Bearer your-integration-token
Accept: application/json
Content-Type: application/json

{
  "first_name": "John",
  "last_name": "Guest",
  "email": "[email protected]",
  "password": "SecretPass123"
}

Response Example

{
  "data": {
    "id": 77,
    "first_name": "John",
    "last_name": "Guest",
    "display_name": "John Guest",
    "email": "[email protected]",
    "phone": null,
    "login_credentials": [
      {
        "brand": "SeaBrand",
        "email": "[email protected]"
      }
    ]
  },
  "generated_login_credential": {
    "brand": "SeaBrand",
    "email": "[email protected]",
    "password": "SecretPass123"
  }
}
PATCH /api/integration/contacts/{id} contacts.write

Update a visible contact with partial fields such as name, email, phone, notes, and current-brand login credentials.

Required Fields

  • id (path parameter)

Optional Fields

  • first_name
  • last_name
  • display_name
  • email
  • phone
  • notes
  • login_email
  • password

Request Example

PATCH /api/integration/contacts/77
Authorization: Bearer your-integration-token
Accept: application/json
Content-Type: application/json

{
  "first_name": "John",
  "last_name": "Guest",
  "display_name": "John Guest",
  "email": "[email protected]",
  "phone": "+359888123456",
  "login_email": "[email protected]",
  "password": "SecretPass123",
  "notes": "Updated from external CRM"
}

Response Example

{
  "data": {
    "id": 77,
    "first_name": "John",
    "last_name": "Guest",
    "display_name": "John Guest",
    "email": "[email protected]",
    "phone": "+359888123456",
    "login_credentials": [
      {
        "brand": "SeaBrand",
        "email": "[email protected]"
      }
    ]
  },
  "generated_login_credential": {
    "brand": "SeaBrand",
    "email": "[email protected]",
    "password": "SecretPass123"
  }
}
POST /api/integration/reservations reservations.write

Create a reservation with apartment, guest contact, pricing, and note data. API-created reservations are always saved with reserved status.

Required Fields

  • hotel_apartment_id
  • check_in (Y-m-d)
  • check_out (Y-m-d, after:check_in)

Optional Fields

  • contact_id
  • guests_count
  • discount_type
  • discount_value
  • notes
  • additional_guest_contact_ids

Request Example

POST /api/integration/reservations
Authorization: Bearer your-integration-token
Accept: application/json
Content-Type: application/json

{
  "hotel_apartment_id": 108,
  "contact_id": 77,
  "check_in": "2026-07-01",
  "check_out": "2026-07-04",
  "guests_count": 2,
  "discount_type": "amount",
  "discount_value": 20,
  "notes": "Created by external PMS",
  "additional_guest_contact_ids": [101]
}

Response Example

{
  "data": {
    "id": 99,
    "status": "reserved",
    "check_in": "2026-07-01",
    "check_out": "2026-07-04",
    "guests_count": 2,
    "total_price": 360,
    "discount": 20,
    "final_price": 340,
    "notes": "Created by external PMS",
    "guest": {
      "id": 77,
      "type": "contact",
      "first_name": "John",
      "last_name": "Guest",
      "name": "John Guest"
    },
    "apartment": {
      "id": 108,
      "name": "204 Deluxe",
      "apartment_number": "204"
    },
    "additional_guests": [
      {
        "id": 101,
        "type": "contact",
        "name": "Guest One"
      }
    ]
  }
}
PATCH /api/integration/reservations/{id} reservations.write

Update reservation dates, status, pricing discount, notes, main guest contact, and additional guest contacts.

Required Fields

  • id (path parameter)

Optional Fields

  • hotel_apartment_id
  • contact_id
  • check_in
  • check_out
  • status
  • guests_count
  • discount_type
  • discount_value
  • notes
  • additional_guest_contact_ids

Request Example

PATCH /api/integration/reservations/42
Authorization: Bearer your-integration-token
Accept: application/json
Content-Type: application/json

{
  "status": "checked_in",
  "check_in": "2026-06-10",
  "check_out": "2026-06-12",
  "discount_type": "percent",
  "discount_value": 10,
  "notes": "Updated from external PMS",
  "additional_guest_contact_ids": [101, 102]
}

Response Example

{
  "data": {
    "id": 42,
    "status": "checked_in",
    "check_in": "2026-06-10",
    "check_out": "2026-06-12",
    "guests_count": 3,
    "total_price": 200,
    "discount": 20,
    "final_price": 180,
    "notes": "Updated from external PMS",
    "additional_guests": [
      {
        "id": 101,
        "type": "contact",
        "name": "Guest One"
      },
      {
        "id": 102,
        "type": "contact",
        "name": "Guest Two"
      }
    ]
  }
}

Configuration

  • Create credentials in API Users.
  • Bind each credential to the platform user whose visibility rules it should inherit.
  • Define direct IP whitelist and blacklist rules when you need source-network restrictions.
  • Create reusable IP groups when the same IP ranges should be shared across multiple credentials.
  • Assign endpoint access in API Permissions with separate read, write, and delete toggles for each resource.
  • Delete permissions can be configured now, but there are currently no delete integration endpoints exposed by the application.
  • Each API user name acts as the brand for generated contact website credentials.

Common Query Params

  • per_page
  • updated_since
  • date_from / date_to (for reservations)
  • facility_id (required for reservations)
  • building_id / floor_id / apartment_id / status / contact_id / updated_since (for reservations)
  • search (for contacts)

Setup Flow

  1. Create a record in API Users and bind it to the platform user whose scope the credential should inherit.
  2. Optionally define an IP whitelist and blacklist for that credential, using direct entries, reusable IP groups, or both.
  3. Copy the generated token and store it on the external system.
  4. Open API Permissions and enable only the read, write, and delete actions that credential should access.
  5. Expose the application base URL to the external system and append /api/integration.
  6. Send the token as Authorization: Bearer ... or X-Api-Token on every request.
  7. Sync facilities and create or sync guest contacts first, then consume reservations and create or update reservation records as needed.

Integration Examples

Facilities Example

GET /api/integration/facilities?per_page=50
Authorization: Bearer your-integration-token
Accept: application/json

Use this to pull the facility tree, including hotel buildings, floors, and apartments.

Create Contact Example

POST /api/integration/contacts
Authorization: Bearer your-integration-token
Accept: application/json
Content-Type: application/json

{
  "first_name": "John",
  "last_name": "Guest",
  "email": "[email protected]",
  "password": "SecretPass123"
}

The API can create a reservation guest contact with only first_name and last_name. If an email is included, it also creates a login credential under the current API user name as the brand, using the provided password or a generated one.

Contact Login Validation Example

POST /api/integration/contacts/login
Authorization: Bearer your-integration-token
Accept: application/json
Content-Type: application/json

{
  "email": "[email protected]",
  "password": "SecretPass123"
}

This endpoint only validates whether the login credentials are correct for the current API brand. It does not create a session or issue a token.

Update Contact Example

PATCH /api/integration/contacts/77
Authorization: Bearer your-integration-token
Accept: application/json
Content-Type: application/json

{
  "first_name": "John",
  "last_name": "Guest",
  "email": "[email protected]",
  "login_email": "[email protected]",
  "password": "SecretPass123",
  "notes": "Updated from external CRM"
}

Contact updates are partial. If login_email is sent, the API updates the login credential for the current API user name as brand and returns the active password, whether provided or generated.

Reservation Update Example

PATCH /api/integration/reservations/42
Authorization: Bearer your-integration-token
Accept: application/json
Content-Type: application/json

{
  "status": "checked_in",
  "check_in": "2026-06-10",
  "check_out": "2026-06-12",
  "discount_type": "percent",
  "discount_value": 10,
  "notes": "Updated from external PMS",
  "additional_guest_contact_ids": [101, 102]
}

Reservation updates recalculate stored pricing, keep overlap protection, and replace the additional guest contact list.

Headcount-Only Reservation Example

POST /api/integration/reservations
Authorization: Bearer your-integration-token
Accept: application/json
Content-Type: application/json

{
  "hotel_apartment_id": 108,
  "check_in": "2026-09-01",
  "check_out": "2026-09-03",
  "guests_count": 4,
  "notes": "Reservation without linked guest contacts"
}

You can create a reservation with only a headcount when guest contact records are not available yet. The API still saves the reservation in reserved status.

Create Reservation Example

POST /api/integration/reservations
Authorization: Bearer your-integration-token
Accept: application/json
Content-Type: application/json

{
  "hotel_apartment_id": 108,
  "contact_id": 77,
  "check_in": "2026-07-01",
  "check_out": "2026-07-04",
  "guests_count": 2,
  "discount_type": "amount",
  "discount_value": 20,
  "notes": "Created by external PMS",
  "additional_guest_contact_ids": [101]
}

Reservation creation applies the same apartment visibility, overlap protection, pricing, and guest validation rules as updates. If guests_count is sent, it must be at least the number of linked main and additional guest contacts. The created reservation status is always reserved.

Endpoint Notes

GET /facilities

Returns only facilities visible to the configured integration user. Hotel facilities include their buildings, floors, and apartments.

GET /contacts

Supports per_page, updated_since, and search. Use this to find reservation guest contact IDs.

POST /contacts

Accepts first_name and last_name as required fields, with optional display_name, email, login_email, password, phone, and notes. When email or login_email is present, the response can include generated_login_credential using the current API user name as brand.

POST /contacts/login

Validates contact login credentials for the current API user name as brand and returns valid true or false.

PATCH /contacts/{id}

Updates visible contacts partially. Supports first_name, last_name, display_name, email, phone, notes, login_email, and password. When login_email is sent, the credential for the current API user name as brand is replaced and the active password is returned.

GET /reservations

Requires facility_id, date_from, and date_to and returns only reservations whose check_in or check_out falls inside that period. Also supports updated_since, building_id, floor_id, apartment_id, status, and contact_id. Results are returned with the default page size.

POST /reservations/calculate-price

Accepts hotel_apartment_id, check_in, and check_out and returns the calculated total reservation price without creating a reservation. Discount is not part of this endpoint.

POST /reservations

Creates a reservation after validating apartment visibility, guest contact visibility, date overlap rules, pricing, additional guest contact validity, and optional guests_count headcount rules. API-created reservations are always saved with reserved status.

PATCH /reservations/{id}

You can update the apartment, main guest contact, dates, status, notes, discount type/value, and additional guest contact IDs. The request is validated against apartment availability and contact visibility before changes are saved.