Authentication
The Filoxenos API uses API keys to authenticate requests. You can view and manage your API keys in theSettings → APIsection of your dashboard.
API Keys
Your API keys carry many privileges, so be sure to keep them secure! Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, and so forth.
All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.
Key Format
flx_ followed by a unique string of characters.Bearer Token
Authentication to the API is performed via HTTP Bearer Auth. Provide your API key as the token in the Authorization header.
Authorization: Bearer flx_live_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6
Example Request
curl https://www.filoxenos.gr/api/v1/properties \ -H "Authorization: Bearer flx_your_key_here"
Scopes
API keys can be restricted to specific scopes. When creating a key, you can choose which permissions to grant.
| Parameter | Type | Description |
|---|---|---|
read | scope | Allows read-only access to properties, bookings, and reports. |
write | scope | Allows creating manual bookings, updating property metadata, and triggering syncs. |
webhooks | scope | Allows managing webhook endpoints and secrets. |
Security Best Practices
- Never share your API keys in frontend code (client-side JS).
- Rotate your keys periodically via the dashboard.
- Use the minimum required scope for each integration.
- If a key is compromised, delete it immediately from the dashboard.