Skip to content

API Documentation

This folder contains comprehensive documentation for all APIs in the Gustaffo Reservations system.

Available Documentation

  • Offers API - Documentation for the Offers API endpoints, which handle hotel offers, inquiries, and reservations
  • Payment Processing API - Documentation for the Payment Processing API, which handles payment transactions and integrations
  • Apaleo PMS Integration - Documentation for the Apaleo PMS integration, which handles posting payments to the PMS
  • Payment Workflow - Documentation of the payment processing workflow and flow diagrams
  • Payment Integration Guide - Guide for integrating with the payment system
  • Policy Types - Documentation for payment policy types that determine how payments are handled

Common Topics

Authentication

Most API endpoints require authentication using OAuth2 bearer tokens. See the individual API documentation for specific authentication requirements.

Error Handling

All APIs use a consistent error response format, with appropriate HTTP status codes and detailed error messages.

Rate Limiting

API endpoints are subject to rate limiting to prevent abuse. The specific limits are documented in each API's documentation.

Documentation Formats

API documentation is provided in Markdown format for readability and ease of maintenance. OpenAPI/Swagger specifications are also available for automated client generation.

Integration Examples

API Reference

Overview

The Gustaffo Reservations Application provides a comprehensive REST API for managing hotel reservations, configuration, and content management. This section documents all available API endpoints organized by controller.

API Architecture

The API is built using Spring Boot with Jakarta EE and follows RESTful principles. All endpoints return JSON responses and use standard HTTP status codes.

API Architecture Components: - Controllers: Handle incoming HTTP requests - Services: Implement business logic - Repositories: Access data storage - DTOs: Transfer data between layers - Validators: Ensure data integrity - Exception Handlers: Manage error responses

Authentication

Most API endpoints require authentication. The system uses JWT tokens for API authentication:

  • Include the JWT token in the Authorization header: Authorization: Bearer <token>
  • Admin endpoints require ROLE_admin role
  • User endpoints require appropriate user permissions

Authentication Flow: 1. Client obtains JWT token via login 2. Client includes token in Authorization header 3. Server validates token 4. Server authorizes request based on token claims 5. Server processes request if authorized

Base URL

All API endpoints are relative to the base URL: https://api.gustaffo.com/

Response Format

All API responses follow a consistent format:

Success Response: 

1
2
3
4
{
  "status": "success",
  "data": { ... }
}

Error Response: 

1
2
3
4
5
{
  "status": "error",
  "message": "Error description",
  "code": "ERROR_CODE"
}

Available Controllers

Booking Controller

Handles reservation creation, modification, and retrieval operations.

Configuration Controller

Manages application configuration settings for tenants.

CMS Controllers

Multiple controllers for content management: - Email Template Controller - Language Controller
- QR Code Controller - Section Controller - Template Controller - Seasons Controller - Static String Controller - Currency Converter Controller

Contact Controller

Manages contact information and communication.

Confirmation Controller

Handles booking confirmations and related operations.

Captcha Assessment Controller

Provides captcha validation services.

Tickets Controller

Manages the support ticket system.

Spring Data REST Repositories

Auto-generated REST endpoints with HATEOAS support: - Salutations Repository (/api/salutations) - Greetings Repository (/api/greetings) - Feature Toggle Repository (/api/featureToggles) - Property Feature Toggle Repository (/api/propertyFeatureToggles) - Ticket Repository (/api/tickets) - Ticket Guest Repository (/api/ticketGuests)

Error Handling

The API uses standard HTTP status codes:

  • 200 OK - Request successful
  • 201 Created - Resource created successfully
  • 400 Bad Request - Invalid request data
  • 401 Unauthorized - Authentication required
  • 403 Forbidden - Insufficient permissions
  • 404 Not Found - Resource not found
  • 500 Internal Server Error - Server error

Rate Limiting

API requests are rate-limited to prevent abuse: - 100 requests per minute per IP address - 1000 requests per hour per authenticated user - Higher limits available for enterprise customers

Versioning

The API uses URL versioning: - Current version: /v1/ - Deprecated versions will be supported for 12 months after replacement For code examples and integration tutorials, see the Payment Integration Guide.

Back to top