Private API authentication for personal integrations

Problem statement

Currently, Hospitable offers two API authentication methods:

• Personal Access Tokens (PATs) — which may not be compatible with certain integration frameworks
• OAuth 2.0 — which requires vendor approval and is designed for public apps or multi-user integrations

Developers building private, personal integrations (e.g., a custom WordPress plugin for their own cleaning operations) may find that PATs don't work with their chosen framework, while OAuth requires going through a vendor approval process intended for public applications.

Current workaround

The only option is to either:

• Use a PAT and hope it's compatible with the integration framework being used, or
• Apply for vendor approval through the OAuth process, even though the integration is only for personal use and not intended to be a public app

Impact

• Developers are blocked from building private integrations when PATs aren't compatible with their framework
• The vendor approval process adds unnecessary friction for personal-use cases
• Time is wasted trying to fit a private integration into a public app workflow

Proposed solution

Provide an alternative API authentication method (such as server-to-server API keys or a simplified OAuth option) that works for private, personal integrations without requiring vendor approval or public app setup.

Unlock

Developers would be able to build custom, private integrations using their preferred frameworks and tools, enabling automated workflows (like cleaner scheduling) without authentication compatibility issues or unnecessary approval processes.