Appearance
Getting started
This walks you from an installed app to your first authenticated GraphQL call.
1. Get your install credentials
When a host installs your app, Stayblox issues per-install credentials, surfaced under My Apps → Your app → Settings → Connection details:
| Credential | Used for |
|---|---|
| API token | A Sanctum bearer token. Send it as Authorization: Bearer <token> on every GraphQL request. It identifies the install (the App) — and only that install can act on its own resources. |
| Webhook secret | The HMAC key Stayblox signs its outbound calls to you with, and that you sign your callbacks with. See Signing & security. |
| GraphQL endpoint | The dated endpoint URL to call (see below). |
2. The endpoint
The Developer API is a single GraphQL endpoint, versioned by date:
POST https://app.stayblox.com/developer/api/{version}/graphqlSend Content-Type: application/json and Accept: application/json. The request is authenticated with your bearer token and resolved to the installing team automatically.
3. Your first call
Verify your token by asking who you are:
bash
curl -s https://app.stayblox.com/developer/api/2026-01/graphql \
-H "Authorization: Bearer $STAYBLOX_APP_TOKEN" \
-H "Content-Type: application/json" \
-H "Accept: application/json" \
-d '{"query":"{ apiVersion currentApp { id name type } }"}'A valid token returns your app's identity:
json
{ "data": { "apiVersion": "2026-01", "currentApp": { "id": "12", "name": "Stripe", "type": "payment" } } }If currentApp is null, the token is missing or invalid.
Next
- Learn how versions work → Versioning
- Build a payment integration → Payment apps
- Browse every type and field → GraphQL reference