API Overview¶

The AirDoo API provides a complete RESTful interface for integrating your website, mobile application, or other systems with the AirDoo Odoo module.

API Architecture¶

graph TD A[External Client] --> B[Odoo API Gateway] B --> C[AirDoo Controllers] C --> D[Odoo Models] D --> E[PostgreSQL Database] B --> F[Authentication] B --> G[Validation] B --> H[Logging] C --> I[Calendar API] C --> J[Booking API] C --> K[Webhooks]

Available Endpoints (API v1)¶

⚠️ IMPORTANT: API v1 is the only active API. Legacy endpoints are deprecated.

Endpoint	Method	Description	Authentication	Status
`/api/v1/airdoo/availability`	POST	Check availability and calculate price	Bearer Token	✅ Active
`/api/v1/airdoo/bookings`	POST	Create a direct booking	Bearer Token	✅ Active
`/api/v1/airdoo/bookings/<id>`	GET	Retrieve an existing booking	Bearer Token	✅ Active
`/api/v1/airdoo/calendar`	POST	Retrieve calendar and availability	Bearer Token	✅ Active
`/api/v1/airdoo/calendar/health`	POST	Calendar service health check	Bearer Token	✅ Active
`/api/v1/airdoo/calendar/test`	POST	Calendar API test	Bearer Token	✅ Active
`/api/v1/airdoo/calendar/debug`	POST	Debug information	Bearer Token	✅ Active
`/api/v1/airdoo/health`	GET	Global API health check	Bearer Token	✅ Active
`/api/v1/airdoo/test`	GET	Connectivity test	Bearer Token	✅ Active
`/api/v1/airdoo/contact-lead`	POST	Create a CRM lead from a form	Bearer Token	✅ Active
`/api/v1/airdoo/contact-lead/check`	GET	Check an existing email/lead	Bearer Token	✅ Active
`/airdoo/webhook/update`	POST	Webhook: booking update	HMAC Signature	✅ Active
`/airdoo/webhook/calendar_sync`	POST	Webhook: calendar sync	HMAC Signature	✅ Active
`/airdoo/webhook/test`	GET	Webhook test	Public	✅ Active

Deprecated Endpoints¶

Old Endpoint	New Endpoint	Status
`/airdoo/api/availability`	`/api/v1/airdoo/availability`	⚠️ Deprecated (returns 410 Gone)
`/airdoo/api/create_booking`	`/api/v1/airdoo/bookings`	⚠️ Deprecated (returns 410 Gone)
`/airdoo/api/booking/test`	`/api/v1/airdoo/test`	⚠️ Deprecated (returns 410 Gone)

Authentication¶

Bearer Token (API v1)¶

All API v1 routes use Odoo's native Bearer Token authentication:

Authorization: Bearer your_api_token

How to get the token: 1. Go to Odoo: AirDoo → Configuration → Settings 2. API Settings section → Native Odoo API Key field 3. This token is automatically generated at module installation

Required header

The Authorization: Bearer <token> header is mandatory on all /api/v1/airdoo/* endpoints. Requests without this header return a 401 Unauthorized error.

Webhook Signature (Webhooks only)¶

For /airdoo/webhook/* endpoints, an HMAC-SHA256 signature is required:

X-Odoo-Signature: sha256=signature_here

Generate the webhook secret: 1. Go to AirDoo → Configuration → Settings 2. Webhook Settings section → Generate Webhook Secret button

Response Format¶

Success¶

{
  "success": true,
  "data": {
    // Endpoint-specific data
  },
  "metadata": {
    "api_version": "1.0",
    "timestamp": "2026-02-26T11:30:00Z",
    "request_id": "abc123def456"
  }
}

Error¶

{
  "success": false,
  "error": {
    "code": "ERROR_CODE",
    "message": "Error description",
    "details": {
      // Additional details
    }
  },
  "metadata": {
    "api_version": "1.0",
    "timestamp": "2026-02-26T11:30:00Z",
    "request_id": "abc123def456"
  }
}

Standardized Error Codes¶

Code	Description	Recommended Action
`BAD_REQUEST`	Invalid parameters	Check request parameters
`UNAUTHORIZED`	Missing or invalid Bearer Token	Check `Authorization: Bearer <token>` header
`FORBIDDEN`	Unauthorized access	Check permissions
`NOT_FOUND`	Resource not found	Check provided IDs
`CONFLICT`	Data conflict (e.g. dates already booked)	Check availability
`INTERNAL_ERROR`	Server error	Contact support

Versioning¶

The API uses semantic versioning:

Major version: Breaking changes
Minor version: Backward-compatible new features
Patch: Bug fixes

The current version is 1.0.0.

Rate Limiting¶

Plan	Limit	Period	Description
Development	100 req	1 minute	For testing and development
Production	1000 req	1 minute	For production use
Enterprise	Unlimited	-	Contact for arrangement

Rate limiting headers are included in responses:

X-RateLimit-Limit: 100
X-RateLimit-Remaining: 95
X-RateLimit-Reset: 1617032400

Best Practices¶

1. Error Handling¶

async function callAirDooAPI(endpoint, data) {
  try {
    const response = await fetch(endpoint, {
      method: 'POST',
      headers: {
        'Authorization': `Bearer ${API_KEY}`,
        'Content-Type': 'application/json'
      },
      body: JSON.stringify(data)
    });

    const result = await response.json();

    if (!result.success) {
      switch (result.error.code) {
        case 'UNAUTHORIZED':
          // Re-authenticate
          break;
        case 'CONFLICT':
          // Show message to user
          break;
        default:
          // Generic error
      }
    }

    return result;
  } catch (error) {
    console.error('Network error:', error);
    throw error;
  }
}

2. Caching¶

const CACHE_DURATION = 5 * 60 * 1000; // 5 minutes

const calendarCache = new Map();

async function getCachedCalendar(accommodationId, month, year) {
  const cacheKey = `${accommodationId}-${month}-${year}`;
  const cached = calendarCache.get(cacheKey);

  if (cached && Date.now() - cached.timestamp < CACHE_DURATION) {
    return cached.data;
  }

  const data = await getCalendarData(accommodationId, month, year);
  calendarCache.set(cacheKey, {
    data,
    timestamp: Date.now()
  });

  return data;
}

3. Retry with Backoff¶

async function callWithRetry(endpoint, data, maxRetries = 3) {
  let lastError;

  for (let i = 0; i < maxRetries; i++) {
    try {
      return await callAirDooAPI(endpoint, data);
    } catch (error) {
      lastError = error;
      const delay = Math.pow(2, i) * 1000;
      await new Promise(resolve => setTimeout(resolve, delay));
    }
  }

  throw lastError;
}

Security¶

1. Data Protection¶

HTTPS required for all requests
API keys stored securely (environment variables)
Sensitive data never logged in plain text

2. Input Validation¶

def validate_booking_request(data):
    if data['checkin'] >= data['checkout']:
        raise ValidationError("Check-in must be before check-out")

    if data['guest_count'] <= 0:
        raise ValidationError("Guest count must be positive")

    if data['total_amount'] <= 0:
        raise ValidationError("Total amount must be positive")

3. Monitoring and Logging¶

All requests are logged (without sensitive data)
Automatic alerts for frequent errors
Monitoring dashboard available in Odoo

Integration Examples¶

Website (Next.js/React)¶

See Next.js Integration for a complete guide.

Mobile Application¶

import axios from 'axios';

const airDooAPI = axios.create({
  baseURL: 'https://your-odoo.com',
  headers: {
    'Authorization': 'Bearer your_api_token'
  }
});

Automation (Zapier/Make)¶

Webhooks for new bookings
REST API for availability queries
iCal export for calendar synchronization

Support and Troubleshooting¶

API Logs¶

API logs are available in Odoo: 1. Go to Settings → Technical → Logs 2. Filter by airdoo or api

Testing Endpoints¶

Use the curl commands provided in each endpoint's documentation.

Contact Support¶

Email: support@kalpana.com.br

← Back: User Guide | Next: Calendar API →