A number of concepts are applied to the Public API:


  • The API is focused at allowing parties to create guest focused apps based for properties.
  • The API only allows to read and interact on property level, i.e. the Global, Group and Brand dimensions in GXP and will not be exposed.
  • The API only shows data which has been marked as visible and which is used in one of the elements of the CMS. This means for example it is not possible to get a full list of all items that have been configured for a group or brand.


  • The API is built on REST services and JSON format.
  • The API is only available over SSL.
  • The API is versioned as one component. Individual calls will not have a version number. This means that updates to calls in the API which are breaking will require a new version of the API to be published.
  • The API will have an identity context, will be sent and received on every message as sessionToken. The identity context can be changed on the server side for specific scenarios, such as when the guest authenticates. The identity content will replace the tokens in the headers as currently used in the legacy API. Part of the identity context is information such as property_code, guest_id, cms_content_version and language_code.
  • The API adds an ability to build composite messages, to reduce latency.
  • The API combines one time calls to establish connection and settings into one.