Endpoints
x-api-key / x-api-secret are unique to your app and double as your OAuth client credentials — there is no shared OAuth client (see Authentication).
The two API-side hosts differ by a single letter: OAuth authorize/token lives on the portal
integrations.daysync.com (plural), and the data API is integration.daysync.com (singular).Safe-development pattern
Use theis_demo flag and a dedicated test organization to keep your work isolated from real customer data.
Create or pick a trial/beta organization for testing
Subscription gates (HTTP
402 SUBSCRIPTION_REQUIRED) don’t apply inside trial, beta, or unlimited-free organizations. Have a Daysync team member set yours up if you don’t have one.Create tours with is_demo: true
Local development
For local development, your callback URL is typicallyhttp://localhost:<port>/oauth/daysync/callback. Add it yourself under Redirect URIs on your app in the portal — localhost may use http — see Callback URLs.
Why no separate sandbox?
Daysync’s data model is tightly coupled to real organizations, subscription status, and tour membership — a sandbox with realistic behavior would require shadow-copying significant production state. For partner volume to date, theis_demo + trial-org pattern has been sufficient.
If your security review or compliance posture requires isolated testing, contact support@daysync.com to discuss a dedicated test tenant.
