Skip to content

Connect your AI to Airbnb & Booking.com

Pick your AI assistant and follow the flow. Each one connects to hejGuide — your channel manager for Airbnb, Booking.com and Vrbo — so the assistant works across every channel at once. All connections use OAuth 2.1 with PKCE.

Connect Airbnb & Booking.com to Claude (Desktop or claude.ai)

In Claude Desktop, go to Settings → Connectors → Add custom connector (or Add MCP server on older builds). On claude.ai, the same flow is in Settings → Connected apps → Add MCP server.

  1. URL: https://mcp.hejguide.com/mcp
  2. Click Connect. Claude opens a browser tab on dashboard.hejguide.com/oauth/authorize.
  3. Log in to hejGuide if needed, then review the per-permission toggles on the consent screen.
  4. Tick the sub-processor acknowledgement and click Allow.

Claude bounces back with the connection live. You can ask "What are my bookings this week?" straight away.

First time only

If you see "Unverified app", that's our anti-phishing warning — once we've added Claude to our verified-client list it will show a green checkmark instead.

Connect Airbnb & Booking.com to ChatGPT

ChatGPT's MCP support requires a Pro or Team plan. In ChatGPT, go to Settings → Connectors → Add server, enter https://mcp.hejguide.com/mcp and follow the same OAuth flow.

Connect Cursor, n8n & other MCP clients

Any MCP-aware client works the same way: add a new MCP server pointing at https://mcp.hejguide.com/mcp and complete the OAuth login. In Cursor, add it under Settings → MCP → Add server. In n8n, use the MCP Client node with the same URL. Whatever you build, the per-permission consent and draft-before-publish rules are identical.

Custom OAuth integration

For your own MCP client or AI agent, follow the full OAuth dance:

1. Discover

http
GET https://mcp.hejguide.com/.well-known/oauth-protected-resource
GET https://dashboard.hejguide.com/.well-known/oauth-authorization-server

2. Register (Dynamic Client Registration — RFC 7591)

http
POST https://dashboard.hejguide.com/oauth/register
Content-Type: application/json

{
  "client_name": "My Custom Agent",
  "redirect_uris": ["https://myapp.example/oauth/callback"],
  "scope": "bookings:read messages:read"
}

3. Authorize (PKCE S256)

https://dashboard.hejguide.com/oauth/authorize?
  response_type=code&
  client_id={{client_id}}&
  redirect_uri=https://myapp.example/oauth/callback&
  scope=bookings:read+messages:read&
  state={{state}}&
  code_challenge={{code_challenge}}&
  code_challenge_method=S256

4. Exchange code for tokens

http
POST https://dashboard.hejguide.com/oauth/token
Content-Type: application/x-www-form-urlencoded

grant_type=authorization_code&
code={{code}}&
redirect_uri=https://myapp.example/oauth/callback&
client_id={{client_id}}&
code_verifier={{code_verifier}}

Response: access_token (1h), refresh_token (30d, rotating), token_type=Bearer, scope.

5. Call tools

http
POST https://mcp.hejguide.com/mcp
Authorization: Bearer {{access_token}}
Content-Type: application/json
Mcp-Session-Id: {{uuid}}

{"jsonrpc":"2.0","id":1,"method":"tools/list"}

Write operations

For idempotent retries of write or unmask tools, set an Idempotency-Key header (any UTF-8 string ≤ 128 chars). The server caches the response keyed by your token + key for 10 minutes; replays return with header X-Idempotent-Replay: true. PII-unmask responses are not cached — retries always re-consume the daily 50/account budget.

Session binding

Once a token has been observed paired with a particular Mcp-Session-Id, all subsequent calls must include that same id. Omitting the header or sending a different one on a bound token returns 401 invalid_session.

Manage active connections

Visit dashboard.hejguide.com/account-settings/integrations/mcp to see all active OAuth grants, the last time each was used, and a per-connection revoke button. Revocation immediately invalidates all access & refresh tokens for that grant.


Want the bird's-eye view first? See what the AI Connection is and what it costs.

hejGuide Property Management System