The Apartments API is the backbone of Stay Sidekick’s property catalog. Every record is scoped to the authenticated user’s company (Documentation Index
Fetch the complete documentation index at: https://mintlify.com/sdurutr436/stay-sidekick/llms.txt
Use this file to discover all available pages before exploring further.
empresa_id is read from the JWT — never passed as a parameter). Deletions are soft: the record is marked inactive but never removed from the database. The PMS configuration stores encrypted credentials and is returned without exposing the API key.
All endpoints require
Authorization: Bearer <token>. POST, PUT, and DELETE requests also require the X-CSRF-Token header.GET /api/apartamentos
Returns all active apartments that belong to the authenticated user’s company. Auth required: Yes | Role: anyResponse
true on success.Array of apartment objects.
Example
GET /api/apartamentos/<id>
Returns the full detail of a single apartment. Returns404 if the apartment does not exist or belongs to a different company.
Auth required: Yes | Role: any
Path Parameters
UUID of the apartment.
Response
true on success.Full apartment object (same shape as the list endpoint).
Example
POST /api/apartamentos
Creates a new apartment manually. HTML is stripped from all string fields before persisting. Auth required: Yes | Role: anyRequest
Display name. 1–200 characters.
Optional external PMS identifier. Max 100 characters.
Street address. Max 300 characters.
City name. Max 100 characters.
Response
201 Created
trueThe newly created apartment object.
Example
PUT /api/apartamentos/<id>
Updates one or more fields of an existing apartment. Only the fields supplied in the body are changed — omitted fields are left untouched. Auth required: Yes | Role: anyPath Parameters
UUID of the apartment to update.
Request
New display name. 1–200 characters.
New street address. Max 300 characters. Pass
null to clear.New city. Max 100 characters. Pass
null to clear.Response
trueThe updated apartment object.
Example
DELETE /api/apartamentos/<id>
Soft-deletes an apartment by marking it as inactive. The record remains in the database and can be recovered at the database level if needed. Auth required: Yes | Role: anyPath Parameters
UUID of the apartment to deactivate.
Response
200 OK — {"ok": true}
404 Not Found — apartment not found or belongs to another company.
Example
POST /api/apartamentos/sincronizacion/smoobu
Pulls all properties from the Smoobu API and upserts them into the local catalog. Existing apartments matched byid_externo are updated; new ones are created.
Auth required: Yes | Role: anyRate limit: 10 requests / hour
The company must have a valid Smoobu PMS configuration saved (see
PUT /api/apartamentos/pms). If no configuration exists or the API key is invalid, the endpoint returns 400.Response
trueSync summary.
Example
POST /api/apartamentos/importacion
Imports apartments from an uploaded.xlsx file. Rows matched by id_externo or nombre are upserted; new rows are created. Row-level errors are returned as warnings and do not abort the import.
Auth required: Yes | Role: anyRate limit: 20 requests / hour
Request
Multipart form upload:The
.xlsx file to import. Must have a .xlsx extension. Maximum size is controlled by the MAX_CONTENT_LENGTH server setting (default 10 MB).Response
true even when some rows had warnings.Import summary (creados, actualizados, total).
Optional. List of per-row warning strings when individual rows were skipped.
Example
POST /api/apartamentos/importacion/preview
Parses an.xlsx file and returns a preview of the rows that would be created or updated — nothing is written to the database. Use this before a real import to validate the file.
Auth required: Yes | Role: anyRate limit: 30 requests / hour
Request
The
.xlsx file to preview. Must have a .xlsx extension.Response
trueList of parsed apartment rows that would be upserted.
Example
GET /api/apartamentos/pms
Reads the active PMS configuration for the company. Theapi_key is never returned — only metadata is exposed.
Auth required: Yes | Role: any
Response
truenull if no PMS is configured.Example
PUT /api/apartamentos/pms
Creates or replaces the PMS configuration for the company (upsert). Theapi_key is encrypted at rest.
Auth required: Yes | Role: any
Request
PMS provider. One of:
smoobu, beds24, hostaway, cloudbeds.API key for the PMS. 1–500 characters. Stored encrypted — never returned.
Optional custom base URL for self-hosted PMS instances. Max 500 characters.
Response
trueSaved configuration (without
api_key).Example
DELETE /api/apartamentos/pms
Removes the PMS configuration for the company. Subsequent sync attempts will fail until a new configuration is saved. Auth required: Yes | Role: anyResponse
200 OK — {"ok": true}
404 Not Found — no PMS configuration exists.

