Skip to content

πŸ”‘ Manage Service Accounts

For LIKE MAGIC Account Admins: Creating and managing API credentials

What Are Service Accounts?

Service accounts are machine users - special credentials that allow your applications, integrations and automation tools to securely access our APIs. Unlike personal user accounts, service accounts:

βœ… Don't belong to a specific person
βœ… Never expire (unless you revoke them)
βœ… Have precisely controlled permissions via scopes
βœ… Are perfect for server-to-server integrations
βœ… Can be shared across your development team

Think of them as API keys on steroids - they come with OAuth 2.0 security and granular permission control.

Who Can Manage Service Accounts?

Only users with the Account Admin role can create, edit and delete service accounts through the Operational Platform.

🎯 Not an Account Admin? Contact your LIKE MAGIC Account Admin to request access.

Creating a Service Account

Step 1: Access Service Accounts

  1. Log into the Operational Platform
  2. Navigate to Settings β†’ Service Accounts
  3. Click + Add Service Account

Step 2: Configure Details

Fill in the service account details:

Edit Service Account

Name

Human-friendly description to identify this service account

Client Id

Unique identifier

βœ… Use lowercase with hyphens
βœ… Make it descriptive: prod-pms-sync, qa-webhook-handler
❌ Don't use spaces or special characters
❌ Avoid generic names like client1

πŸ’‘ Pro Tip: Use environment prefixes like prod-, staging-, dev- to organize credentials.

Client Secret

Strong secret for your service account

βœ… Rotate it regularly β€” especially after team or environment changes
βœ… Limit its usage to the specific service account (don’t reuse across apps)
❌ Don’t reuse the same secret for multiple environments (e.g., dev and prod)

πŸ’‘ Pro Tip: Treat your clientSecret like a password β€” rotate it often and audit access to any place it’s stored.

# Generate a secure random secret (32 characters)
openssl rand -base64 24

# Or use a password generator
# Example output: PyvUfphnqQkgfQ030TxR8mK7nW2

Step 3: Select Scopes

Scopes define what the service account can do. Select only what you need - principle of least privilege!

Select Scopes

πŸ’‘ Pro Tip: Every API operation declares the required scope. Consult the API documentation.

Declared API scope

Available Scopes

Scope Description API
actor.read Access to retrieve actors (employees) within a property Task Management
actor_group.read Access to retrieve actor groups within a property Task Management
door_access.read Access to retrieve accessible doors for reservations Guest Journey
email_template.write Create and save custom email templates Notification
event_log.read Access to retrieve event logs with filtering and pagination Event and Data Hub
guest_conversation.write Update guest conversation properties (resolve, change property) Unified Messaging
guest_message_attachment.read Access to read guest message attachments Unified Messaging
magic_id.read Access to retrieve magic links for reservations Inventory
order_item.write Post and write order items to reservations Guest
property.read Access to retrieve property configuration data Inventory
reservation.read Read reservation data and verify guest information Guest
service.read Access to retrieve service information Inventory
task.read Access to retrieve tasks and task details Task Management
task.write Create and update tasks Task Management
task_log.read Access to retrieve task logs and audit history Task Management
task_template.read Access to retrieve task templates Task Management
unit.read Access to retrieve unit information Inventory
unit_group.read Access to retrieve unit group data Inventory
user_profile.read Retrieve enriched user profiles with identity and behavioral data Event and Data Hub
webhook_subscription.read Retrieve webhook subscription configurations and available topics Event and Data Hub
webhook_subscription.write Create, update and delete webhook subscriptions Event and Data Hub

Step 4: Save

Save Service Account

Use Service Account

Read the πŸ” Authentication Guide

Remember

Service accounts are powerful tools. Use them responsibly, follow security best practices and keep your credentials safe! πŸ”