Developer Tools

Overview

Developer Tools is the integration hub of Ananas GDS. It provides four distinct capability areas: token-based API access for partners, embeddable HTML/JS widgets for displaying fact sheets on external sites, outbound webhooks for real-time event delivery, connections to external GDS/OTA/PMS platforms, and a bulk data export engine. All capabilities are scoped to the authenticated owner; sub-users require the developer_tools permission flag.

API Keys

API keys (model ApiKey in the settings app) give external systems — tour operators, channel managers, and partner integrations — token-based read access to your data. Each key is tied to a whitelisted domain and carries per-resource permission flags.

Field	Description
`title`	Human-readable label for the key.
`description`	Optional usage note.
`domain`	FK to `Whitelist` — restricts which domain may use the token in browser requests.
`token`	Auto-generated 30-character dash-delimited token. Shown once on creation.
`fact_sheet`	Grants access to the facts API endpoint.
`stop_sale`	Grants access to the stop-sale API endpoint.
`hotel_photos`	Grants access to the photos API endpoint.
`last_called_at`	Timestamp of the most recent authenticated request.

The token is passed in the URL path of v1 API requests:

Example

GET https://app.ananas-gds.com/api/v1/facts/{token}/
GET https://app.ananas-gds.com/api/v1/photos/{token}/
GET https://app.ananas-gds.com/api/v1/stop-sale/{token}/

Domain Whitelist

Each API key requires a Whitelist entry. The whitelist associates a human-readable name with a domain pattern, allowing the backend to reject requests from unauthorised origins when the token is used in browser-side code.

Endpoint	Description
`GET /api/settings/whitelists/`	List all whitelisted domains.
`POST /api/settings/whitelist/create/`	Add a new whitelisted domain.
`PUT /api/settings/whitelist/update/{id}/`	Update domain name or label.
`DELETE /api/settings/whitelist/delete/{id}/`	Remove a whitelisted domain.

API Key Endpoints

Method	Path	Description
`GET`	`/api/settings/api-keys/`	List all API keys for the account.
`POST`	`/api/settings/api-key/create/`	Create a new API key. Token is returned in this response only.
`PUT`	`/api/settings/api-key/update/{id}/`	Update key metadata (title, description, permissions).
`DELETE`	`/api/settings/api-key/delete/{id}/`	Revoke and delete a key. Existing requests using the token will immediately fail.

Embeddable Widgets

Widgets let you embed a styled fact sheet directly on any external website. Each widget is bound to a specific property and API key. You configure the visual appearance — fonts, colours, sections, layout — in the widget editor, then copy the generated embed code.

Field	Description
`key`	UUID used in the embed URL. Auto-generated, never changes.
`property`	The property whose data is displayed.
`selected_token`	The API key token used to authenticate the widget data fetch.
`font_size_base`	Base font size in px (default 14).
`font_select`	Font family override.
`background_color` / `border_color`	Hex colours for the widget container.
`content_type`	`bullet` \| `text` \| `rich` \| `minimal` — controls how facts are rendered.
`dark_mode`	Enables dark background styling.
`sections`	Ordered list of `WidgetSection` objects defining the layout.

A widget is composed of one or more ordered sections. Each section has a type and optional style overrides:

Type	Description
`hero`	Full-width header with property name and optional subtitle.
`bullets`	Bullet-point list of fact sheet entries.
`paragraph`	Free-text block with optional title.
`photo_grid`	Photo gallery grid (uses `photos_per_row` config).
`text_photo`	Side-by-side text and image layout.
`custom_html`	Raw HTML block for custom content.

Embed Code

Three embed options are available from the widget editor:

Legacy Iframe

<iframe src="https://app.ananas-gds.com/widget/{key}/"
        width="100%" height="600" frameborder="0"></iframe>

JS Embed (recommended)

<div id="ananas-widget"></div>
<script src="https://app.ananas-gds.com/widget.js"
        data-key="{key}"></script>

Method	Path	Description
`GET`	`/api/settings/widget/{property_id}/`	Get widget config for a property.
`POST`	`/api/settings/widget/create/`	Create a new widget for a property.
`PUT`	`/api/settings/widget/edit/`	Update widget appearance or section configuration.

External Connections

The Integrations section lets you connect Ananas GDS to external platforms. Supported system types cover GDS (Amadeus, Sabre, Travelport), OTA (Booking.com, Expedia, Airbnb, TripAdvisor), PMS (Oracle Opera Cloud, Mews, Cloudbeds, Apaleo, SiteMinder), and custom endpoints.

Field	Description
`name`	Friendly name for the connection.
`system_type`	`gds` \| `ota` \| `pms` \| `custom`
`provider`	Specific provider (amadeus, sabre, oracle_opera, mews, etc.).
`status`	`active` \| `inactive` \| `error` \| `pending`
`credentials`	JSON of provider-specific auth credentials (encrypted at rest).
`config`	Provider-specific configuration options.
`inbound_token`	UUID used as the inbound webhook path for this connection.
`last_synced_at`	Timestamp of the most recent successful sync.

Each sync attempt is recorded in a ConnectionSyncLog with status, records processed, records failed, and a message for debugging.

Integration Endpoints

Method	Path	Description
`GET`	`/api/dev/integrations/connections/`	List all configured external connections.
`POST`	`/api/dev/integrations/connections/`	Create a new connection.
`GET/PUT/DELETE`	`/api/dev/integrations/connections/{id}/`	Retrieve, update, or delete a connection.
`POST`	`/api/dev/integrations/connections/{id}/sync/`	Trigger a manual sync for a connection.
`GET`	`/api/dev/integrations/connections/{id}/sync-logs/`	List recent sync logs for a connection.
`POST`	`/api/dev/integrations/inbound/{inbound_token}/`	Inbound webhook receiver for a specific connection.

Outbound Webhooks

Register HTTPS endpoints to receive real-time notifications when data changes in Ananas GDS. Each webhook endpoint subscribes to one or more event types. Payloads are HMAC-signed using the endpoint's secret for verification.

Supported Events

Event	Trigger
`property.updated`	Property data changed.
`stopsale.created`	New stop sale event created.
`stopsale.updated`	Existing stop sale event modified.
`stopsale.cancelled`	Stop sale event cancelled.
`invoice.sent`	Invoice sent to recipient.
`invoice.paid`	Invoice marked as paid.
`invoice.disputed`	Invoice dispute raised.
`invoice.cancelled`	Invoice cancelled.
`availability.updated`	Allotment or availability data changed.

Delivery attempts are logged in WebhookDelivery records. Failed deliveries are retried with exponential backoff. Each delivery record stores the response code, response body, attempt count, and next retry timestamp.

Webhook Endpoints

Method	Path	Description
`GET`	`/api/dev/integrations/webhooks/`	List all registered webhook endpoints.
`POST`	`/api/dev/integrations/webhooks/`	Register a new webhook endpoint.
`GET/PUT/DELETE`	`/api/dev/integrations/webhooks/{id}/`	Retrieve, update, or delete a webhook endpoint.
`POST`	`/api/dev/integrations/webhooks/{id}/test/`	Send a test ping event to the endpoint.
`GET`	`/api/dev/integrations/webhooks/{id}/deliveries/`	List recent delivery attempts for an endpoint.
`POST`	`/api/dev/integrations/webhooks/deliveries/{id}/retry/`	Manually retry a failed delivery.

Data Exports

The Export Center generates bulk data files in multiple formats. An export request is created asynchronously — a Celery task processes the request and stores the resulting file.

Field	Options
`format`	`json` \| `xml_ota` \| `octo` \| `csv` \| `xero` \| `quickbooks`
`scope`	`facts` \| `photos` \| `stopsale` \| `invoices`
`status`	`pending` \| `processing` \| `done` \| `failed`
`filters`	JSON of scope-specific filters (date range, property IDs, etc.).
`file`	File path once export is complete — download via the list endpoint.

Method	Path	Description
`GET`	`/api/dev/integrations/exports/`	List past export requests with download links.
`POST`	`/api/dev/integrations/exports/create/`	Queue a new export request. Body: `{format, scope, filters}`.

Usage Statistics

API usage is tracked in the APIStats model (reports app) per token per endpoint per day. The statistics dashboard provides per-token breakdowns with ApexCharts visualisations: total hits, successful hits, errors, bytes transferred, and active tokens over time. A pre-aggregated APIStatsSummary model powers fast dashboard reads without querying the raw stats table.

✓

Monitoring key usage

Use the statistics dashboard to spot unusual spikes or errors per API key — an error rate above 5% usually indicates a misconfigured partner integration.

Sub-User Access

Sub-users require developer_tools = True in UserPermission to access any Developer Tools endpoint. Without this flag all dev tools API calls return HTTP 403.

← Payments Notifications →

Overview

API Keys

Domain Whitelist

API Key Endpoints

Embeddable Widgets

Widget Sections

Embed Code

Widget Endpoints

External Connections

Integration Endpoints

Outbound Webhooks

Supported Events

Webhook Endpoints

Data Exports

Usage Statistics

Sub-User Access