Sifely Open API
    • Overview
    • API Use Cases
      • Hospitality & Vacation Rental
    • OAuth Manager
      • Login
        POST
      • Get token refresh token
        POST
    • Key Manager
      • Get Ekeys by account
        POST
      • Send ekey
        POST
      • Delete ekey
        POST
    • Passcode Manager
      • Random a passcode with offline
        POST
      • Create passcode
        POST
      • Change passcode
        POST
      • Delete passcode
        POST
      • Get passcode
        GET
      • Delete passcode by code
        POST
    • Lock Manager
      • Unlock a lock via gateway
        POST
      • Lock the lock via gateway
        POST
      • Get lock details
        GET
      • Get keys of a lock
        GET
      • Passcode list
        GET
      • Get Lock open state
        GET
      • Get the owner lock list of an account
        POST
    • Group Manager
      • Group list
        GET
    • Card Manager
      • Get IC card list
        GET
      • Assigns IC card
        POST
      • Delete a IC card from a lock
        POST
    • FingerPrint Manager
      • FingerPrint list
    • Records Manager
      • Get unlock records by lockId
    • Door sensor Manager
      • Get door sensor records.
    • Gateway Manager
      • Gateway details
      • Lock's gateways
      • Gateway's locks
    • Webhooks
      • Setup & Authentication
      • Payload Reference
    • Error and Codes
      • Error Codes
    • Schemas
      • KeyInfo
      • CardInfo
      • FingerInfo
      • CardAddDTO
      • DoorSensorRecordInfoDTO
      • GroupInfo
      • Page«DoorSensorRecordInfoDTO»
      • LockDetailDTO
      • LockVersion
      • GatewayDetailDTO
      • OpenStateDTO
      • OauthDTO
      • PwdAddDTO
      • PwdInfo
      • ListByLockDTO
      • ListData«ListByLockDTO»
      • YesOrNotDTO
      • Page«CardInfo»
      • Page«FingerInfo»
      • ListData«ListLockDTO»
      • ResultWrapper«Map«string,string»»
      • Page«GroupInfo»
      • ListLockDTO
      • Page«KeyInfo»
      • Page«PwdInfo»
      • Page«RecordInfo»
      • RecordInfo
      • ResultWrapper«SysAppClientDetails»
      • ResultWrapper«object»
      • SysAppClientDetails

    Overview

    Sifely Public API Authentication Guide#

    Sifely Public API uses API Key authentication. All API requests (except login) must include your API key in the Authorization header.

    1. Getting Your API Key#

    Call the login endpoint with your Sifely account credentials to obtain an API key:
    Method: POST
    Path: /system/smart/login
    Headers: Content-Type: application/json

    Request Body#

    {
  "account": "your-email@example.com",
  "password": "md5-hashed-password"
}

    Response Example#

    {
  "code": 200,
  "data": {
    "clientToken": "sk-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
    "clientId": "cli_xxxxxxxx",
    "account": "your-email@example.com",
    "plan": "DEVELOPER"
  }
}
    The clientToken (prefixed with sk-) is your API key. Store it securely — it does not expire unless you manually rotate it.

    Using Your API Key#

    Include the API key directly in the Authorization header for all subsequent requests:
    ⚠️ Note: Do not use the Bearer prefix. Send the raw sk-xxx key directly.

    Rotating Your API Key#

    If your key is compromised, call the roll-token endpoint to generate a new one. The old key is immediately invalidated.
    Method: POST
    Path: /client/roll-token
    Example Request
    POST /client/roll-token
Authorization: sk-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    HTTP StatusMeaning
    401Invalid or missing API key
    402Subscription inactive (cancelled / expired)
    429Rate limit or quota exceeded

    Rate Limit Headers#

    All error responses include the following headers for tracking your limits:
    X-RateLimit-Limit
    X-RateLimit-Remaining
    X-RateLimit-Reset
    Modified at 2026-06-16 06:19:58
    Next
    Hospitality & Vacation Rental
    Built with