Connect your AI to Airbnb & Booking.com
Pick your AI assistant and follow the flow. Each one connects to hejGuide — your channel manager for Airbnb, Booking.com and Vrbo — so the assistant works across every channel at once. All connections use OAuth 2.1 with PKCE.
Connect Airbnb & Booking.com to Claude (Desktop or claude.ai)
In Claude Desktop, go to Settings → Connectors → Add custom connector (or Add MCP server on older builds). On claude.ai, the same flow is in Settings → Connected apps → Add MCP server.
- URL:
https://mcp.hejguide.com/mcp - Click Connect. Claude opens a browser tab on
dashboard.hejguide.com/oauth/authorize. - Log in to hejGuide if needed, then review the per-permission toggles on the consent screen.
- Tick the sub-processor acknowledgement and click Allow.
Claude bounces back with the connection live. You can ask "What are my bookings this week?" straight away.
First time only
If you see "Unverified app", that's our anti-phishing warning — once we've added Claude to our verified-client list it will show a green checkmark instead.
Connect Airbnb & Booking.com to ChatGPT
ChatGPT's MCP support requires a Pro or Team plan. In ChatGPT, go to Settings → Connectors → Add server, enter https://mcp.hejguide.com/mcp and follow the same OAuth flow.
Connect Cursor, n8n & other MCP clients
Any MCP-aware client works the same way: add a new MCP server pointing at https://mcp.hejguide.com/mcp and complete the OAuth login. In Cursor, add it under Settings → MCP → Add server. In n8n, use the MCP Client node with the same URL. Whatever you build, the per-permission consent and draft-before-publish rules are identical.
Custom OAuth integration
For your own MCP client or AI agent, follow the full OAuth dance:
1. Discover
GET https://mcp.hejguide.com/.well-known/oauth-protected-resource
GET https://dashboard.hejguide.com/.well-known/oauth-authorization-server2. Register (Dynamic Client Registration — RFC 7591)
POST https://dashboard.hejguide.com/oauth/register
Content-Type: application/json
{
"client_name": "My Custom Agent",
"redirect_uris": ["https://myapp.example/oauth/callback"],
"scope": "bookings:read messages:read"
}3. Authorize (PKCE S256)
https://dashboard.hejguide.com/oauth/authorize?
response_type=code&
client_id={{client_id}}&
redirect_uri=https://myapp.example/oauth/callback&
scope=bookings:read+messages:read&
state={{state}}&
code_challenge={{code_challenge}}&
code_challenge_method=S2564. Exchange code for tokens
POST https://dashboard.hejguide.com/oauth/token
Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code&
code={{code}}&
redirect_uri=https://myapp.example/oauth/callback&
client_id={{client_id}}&
code_verifier={{code_verifier}}Response: access_token (1h), refresh_token (30d, rotating), token_type=Bearer, scope.
5. Call tools
POST https://mcp.hejguide.com/mcp
Authorization: Bearer {{access_token}}
Content-Type: application/json
Mcp-Session-Id: {{uuid}}
{"jsonrpc":"2.0","id":1,"method":"tools/list"}Write operations
For idempotent retries of write or unmask tools, set an Idempotency-Key header (any UTF-8 string ≤ 128 chars). The server caches the response keyed by your token + key for 10 minutes; replays return with header X-Idempotent-Replay: true. PII-unmask responses are not cached — retries always re-consume the daily 50/account budget.
Session binding
Once a token has been observed paired with a particular Mcp-Session-Id, all subsequent calls must include that same id. Omitting the header or sending a different one on a bound token returns 401 invalid_session.
Manage active connections
Visit dashboard.hejguide.com/account-settings/integrations/mcp to see all active OAuth grants, the last time each was used, and a per-connection revoke button. Revocation immediately invalidates all access & refresh tokens for that grant.
Want the bird's-eye view first? See what the AI Connection is and what it costs.