Skip to main content
Changes to the Daysync Integration API are listed here, newest first. Partners should watch this page to know when to update their integrations.
This changelog was started on 2026-06-08. Entries below this date are documentation changes; behavioural API changes will be recorded here going forward.

2026-07-09

New endpoint
  • Added POST /v1/attachments (scope schedule.write) — upload a file by URL for attaching to schedule items, venues, accommodation, and guest list entries. Daysync fetches the URL server-side (SSRF-guarded: public https/http only, no redirects, 25 MB, 15 s) and returns a hosted link to pass in the attachment/attachments field. New Attachments page.
  • Clarified that attachment.link is a Daysync storage key (from the upload endpoint), not an external URL — corrected the Schedule → Attachments guidance and the Venues note.
  • Endpoint count is now 29.

2026-06-12

Documentation
  • Documented GET /v1/day-types — live since launch but previously missing from the docs. It returns the valid day_type_id values required when creating or editing tours.
  • New pages: Apply for API Access, Callback URLs, and Environments.
  • Rewrote Authentication — clarified the two-credential model (shared OAuth Client vs per-partner API keys), added an OAuth error reference, token-type guide (access_token vs id_token vs refresh_token), refresh/revocation behaviour, and JWKS details for server-side validation.
  • Rewrote Quickstart as an end-to-end walkthrough — from received credentials to a refreshed token in five steps.
  • Corrected the endpoint count (28) on the overview and added the missing scope row on Scopes & Permissions.
  • Destructive-edit warning on Edit a tourday_list is declarative: days omitted from the list are permanently deleted along with all their content. Documented the safe single-day update pattern.
  • New Visibility and Attachments sections on the schedule page — where visibility IDs come from, the omit-everything footgun (isEveryone defaults to false), conflicting-flag 400, link-based attachment model, and attachment upsert/delete semantics on update.
  • Every numeric type field (type, startTimeTypeId, statusTypeId, itemColorId, venueTypeId, pickupMethodId, …) now links to its Field Reference value table.
  • Four previously undocumented ID catalogues added to Field Reference, verified against backend seed data: reminder types (reminder[].typeId), travel types (traveltype, 11 modes), age restrictions (ageRestrictionId), and avatar colors (avatarColorId). Also noted that venue statusTypeId shares the schedule status-type table.
  • New Retries & idempotency section — per-method retry safety, the POST-after-timeout duplicate trap, and which responses are worth retrying.
  • New Data model at a glance diagram — the org → tour → day hierarchy, which resources are day-scoped vs tour-scoped, and the ID type at each level.
  • Documented the /oauth2/userInfo endpoint for fetching the connected user’s profile without decoding JWTs.
  • Marked venue venueCategoryId as required-in-practice in the body table (was contradicting the note below it).

2026-06-08

Documentation