Loading your workspace

Please wait while EstateDesk gets everything ready.

Loading EstateDesk
Skip to main content
Back to guides
Integrations

Organization API keys and vacant-unit listings

How organization admins create API keys, authenticate requests, and publish vacant units to external apps using the public vacant-houses endpoint.

4 July 20267 min read

When to use organization API keys

Organization API keys let approved integrations read public vacancy data without signing into the dashboard. Typical uses include website vacancy widgets, partner listing portals, and internal tools that need a machine-readable unit feed.

Keys are scoped to one organization and should be rotated when staff change or an integration is retired. Only organization admins should create and revoke credentials.

Creating and securing a key

Open Organization Settings, choose API Keys, name the integration, optionally set an expiry date, and create the key. Copy the secret immediately because it is shown only once at creation.

Store keys in your integration secret manager—not in chat threads or shared documents. Revoke keys that are no longer needed instead of leaving dormant credentials active.

Calling the vacant-houses endpoint

Authenticated integrations call GET /api/public/vacant-houses with Authorization: Bearer <organization-api-key>. The key must be active, unexpired, and include vacant_units:read in its public listings permission set.

Successful responses return up to 200 vacant units with pricing, location, property context, and image references. Rate limiting is 60 requests per minute per key or client IP; 429 responses include Retry-After.

Operational checks before go-live

Confirm vacancies are published for the units you expect, then test the endpoint from staging or a controlled client before pointing a public website at production.

Monitor last-used timestamps in settings to verify the integration is calling the API as expected. Pair API usage with your vacancy marketing workflow so pricing and availability stay accurate.

Key takeaways

  • API keys are organization-scoped and should be managed by admins only.
  • Use Bearer authentication on GET /api/public/vacant-houses for vacancy feeds.
  • Rotate and revoke keys when integrations change.
  • Test permissions, rate limits, and published vacancies before go-live.

Questions about this workflow

Which role can create organization API keys?Open

Organization admins create and revoke API keys from Organization Settings. Other staff roles do not manage integration credentials.

What happens when a key is revoked?Open

Revoked keys immediately fail authentication with 401 responses. Update the integration with a new active key before deactivating the old one to avoid downtime.

Does the API expose tenant or payment data?Open

No. The public vacant-houses endpoint returns published vacancy fields only. Tenant, payment, and lease records stay inside authenticated app workflows.

Ready to organize this workflow in EstateDesk?

Start with the records your team uses every day, then layer on billing, caretaker coordination, vacancies, and reporting as the portfolio grows.