This changelog was started on 2026-06-08. Entries below this date are documentation changes; behavioural API changes will be recorded here going forward.
2026-07-09
New endpoint- Added
POST /v1/attachments(scopeschedule.write) — upload a file by URL for attaching to schedule items, venues, accommodation, and guest list entries. Daysync fetches the URL server-side (SSRF-guarded: public https/http only, no redirects, 25 MB, 15 s) and returns a hostedlinkto pass in theattachment/attachmentsfield. New Attachments page. - Clarified that
attachment.linkis a Daysync storage key (from the upload endpoint), not an external URL — corrected the Schedule → Attachments guidance and the Venues note. - Endpoint count is now 29.
2026-06-12
Documentation- Documented
GET /v1/day-types— live since launch but previously missing from the docs. It returns the validday_type_idvalues required when creating or editing tours. - New pages: Apply for API Access, Callback URLs, and Environments.
- Rewrote Authentication — clarified the two-credential model (shared OAuth Client vs per-partner API keys), added an OAuth error reference, token-type guide (
access_tokenvsid_tokenvsrefresh_token), refresh/revocation behaviour, and JWKS details for server-side validation. - Rewrote Quickstart as an end-to-end walkthrough — from received credentials to a refreshed token in five steps.
- Corrected the endpoint count (28) on the overview and added the missing scope row on Scopes & Permissions.
- Destructive-edit warning on Edit a tour —
day_listis declarative: days omitted from the list are permanently deleted along with all their content. Documented the safe single-day update pattern. - New Visibility and Attachments sections on the schedule page — where visibility IDs come from, the omit-everything footgun (
isEveryonedefaults tofalse), conflicting-flag400, link-based attachment model, and attachment upsert/delete semantics on update. - Every numeric type field (
type,startTimeTypeId,statusTypeId,itemColorId,venueTypeId,pickupMethodId, …) now links to its Field Reference value table. - Four previously undocumented ID catalogues added to Field Reference, verified against backend seed data: reminder types (
reminder[].typeId), travel types (traveltype, 11 modes), age restrictions (ageRestrictionId), and avatar colors (avatarColorId). Also noted that venuestatusTypeIdshares the schedule status-type table. - New Retries & idempotency section — per-method retry safety, the
POST-after-timeout duplicate trap, and which responses are worth retrying. - New Data model at a glance diagram — the org → tour → day hierarchy, which resources are day-scoped vs tour-scoped, and the ID type at each level.
- Documented the
/oauth2/userInfoendpoint for fetching the connected user’s profile without decoding JWTs. - Marked venue
venueCategoryIdas required-in-practice in the body table (was contradicting the note below it).
2026-06-08
Documentation- Added a Field Reference page covering schedule item types, accommodation types, and other enum/ID values.
- Documented the accommodation date/time format (epoch-milliseconds dates and minutes-from-midnight times).
- Added a Pass object reference and a full GET response field table on the guest list endpoint.
- Added a field-naming convention warning (snake_case vs camelCase).
- Added full error response body examples.
- Added Common Workflows recipes and operational notes (rate limits, versioning, webhooks, pagination).

