Get API Keys
API keys authenticate your requests to the hoastnow REST API and MCP server. Each key is scoped to a single community or brand and carries only the permissions you grant.
Sign in to access API keys
You need a hoastnow account to generate API keys. If you manage a community or brand on hoastnow, sign in and a platform administrator can issue a key for you.
How API keys work
Choose a scope
Every key is tied to either a community or a brand. Community keys expose availability and review data for that community's spaces. Brand keys let you create booking requests on behalf of that brand.
Grant permissions
Each key carries a set of permissions: ReadAvailability, ReadBookings, WriteBookings, ReadReviews, and Webhooks. Grant only what your integration needs — you can update permissions later.
Copy once, store safely
The full key (starting with hoa_live_) is shown exactly once at creation. Store it in an environment variable — never commit it to source control. Use HOASTNOW_API_KEY as the variable name by convention.
Authenticate every request
Pass the key in the Authorization header of every API or MCP request:
Authorization: Bearer hoa_live_xxxxxxxxxxxxPermission reference
| Permission | Community key | Brand key | What it unlocks |
|---|---|---|---|
ReadAvailability |
Query open time slots for spaces on a given date | ||
ReadBookings |
List and retrieve booking details | ||
WriteBookings |
Submit booking requests on behalf of the brand | ||
ReadReviews |
Pull community and space reviews | ||
Webhooks |
Register webhook endpoints for real-time event delivery |