Skip to main content
Daysync currently runs production only. There is no public sandbox. This page explains how to develop and test against production without affecting real tour data.

Endpoints

API:          https://integration.daysync.com
OAuth:        https://integrations.daysync.com
Daysync app:  https://app.daysync.com
The same URLs serve every partner. Your x-api-key / x-api-secret are unique to your app and double as your OAuth client credentials — there is no shared OAuth client (see Authentication).
The two API-side hosts differ by a single letter: OAuth authorize/token lives on the portal integrations.daysync.com (plural), and the data API is integration.daysync.com (singular).

Safe-development pattern

Use the is_demo flag and a dedicated test organization to keep your work isolated from real customer data.
1

Create or pick a trial/beta organization for testing

Subscription gates (HTTP 402 SUBSCRIPTION_REQUIRED) don’t apply inside trial, beta, or unlimited-free organizations. Have a Daysync team member set yours up if you don’t have one.
2

Create tours with is_demo: true

curl -X POST https://integration.daysync.com/v1/tours \
  -H "x-api-key: dk_live_…" \
  -H "x-api-secret: ds_…" \
  -H "Authorization: Bearer eyJraWQ…" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Integration Test 2026-06-12",
    "org_id": "<test-org-uuid>",
    "start_date": "2026-07-01",
    "end_date": "2026-07-05",
    "timeZone": "Australia/Sydney",
    "is_demo": true,
    "days": [
      { "day_type_id": 1, "name": "Day 1", "formatted_address": "Sydney", "date": "2026-07-01" }
    ]
  }'
Demo tours are flagged in the Daysync UI, so they’re easy to identify and clean up later.
3

Clean up with soft-delete

curl -X DELETE https://integration.daysync.com/v1/tours/<tourId> \
  -H "x-api-key: dk_live_…" \
  -H "x-api-secret: ds_…" \
  -H "Authorization: Bearer eyJraWQ…"
Soft-deleted tours are excluded from list endpoints and return 404 TOUR_NOT_FOUND on direct access.

Local development

For local development, your callback URL is typically http://localhost:<port>/oauth/daysync/callback. Add it yourself under Redirect URIs on your app in the portal — localhost may use http — see Callback URLs.
Cache the access token and refresh token in your local development store the first time you complete the OAuth flow. Otherwise you’ll re-authorize every hour while iterating.

Why no separate sandbox?

Daysync’s data model is tightly coupled to real organizations, subscription status, and tour membership — a sandbox with realistic behavior would require shadow-copying significant production state. For partner volume to date, the is_demo + trial-org pattern has been sufficient. If your security review or compliance posture requires isolated testing, contact support@daysync.com to discuss a dedicated test tenant.