Authentication Types
Staffify supports four authentication methods for connecting to your PMS API:
API Key
Most common for simple integrations. Your API key is sent in a custom header.
X-API-Key: your-api-key-hereBearer Token
Used by OAuth2 systems. Token is sent in the Authorization header.
Authorization: Bearer eyJhbGciOiJIUzI1NiIs...Basic Auth
Username and password, base64 encoded. Common for legacy systems.
Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=OAuth2
For APIs with expiring access tokens. Staffify handles automatic token refresh.
// Initial: Authorization: Bearer <access_token>
// When expired: Staffify refreshes using refresh_tokenWhich Auth Type Should I Use?
| PMS System | Recommended Auth | Notes |
|---|---|---|
| Yardi Voyager | OAuth2 | Tokens expire, use auto-refresh |
| AppFolio | API Key | Non-expiring API keys |
| Buildium | API Key | Header-based authentication |
| RentManager | Bearer Token | May need periodic manual refresh |
| ResMan | OAuth2 | Standard OAuth2 flow |
| Custom API | Varies | Check your API documentation |