Getting Started
The RentingHive API is a REST API that allows you to manage your listings, register webhook endpoints, and upload images — all programmatically.
Base URL: https://rentinghive.com/api/v1
Authentication
All API requests require a bearer token in the Authorization header. Generate a key from the API Keys page.
Authorization: Bearer rhk_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxScopes
| Scope | Access |
|---|---|
| read | List and read listings |
| webhook | read + status updates + webhook endpoints |
| full | All operations including create/delete |
Listings
/listingsReturns paginated list of your listings. Scope: read
/listings/{id}Returns a single listing. Scope: read
/listingsCreate a listing. Scope: full
{
"title": "Power Drill",
"category": "Tools & Hardware",
"description": "DeWalt 20V drill, great condition...",
"price_per_day": 12.00,
"zip_code": "30075",
"images": ["listings/tmp/uuid.jpg"]
}/listings/{id}/statusUpdate listing status. Scope: webhook
When you receive a listing.status_changed webhook showing a listing is now rented,
update your own system. To tell RentingHive when
you've rented an item externally, call this endpoint
with rented_externally.
Allowed values: available, unavailable, rented_externally
Outbound Webhooks
Register an HTTPS endpoint to receive listing events in real time.
Available events
| Event | Fired when |
|---|---|
| listing.created | New listing created |
| listing.updated | Listing details changed |
| listing.status_changed | Status transitions (e.g. available → rented) |
| listing.deleted | Listing soft-deleted |
Verifying webhook signatures
Each delivery includes a X-RentingHive-Signature header. Compute HMAC-SHA256(secret, payload) and compare.
// PHP
$expected = hash_hmac('sha256', $rawBody, $secret);
if (!hash_equals($expected, $request->header('X-RentingHive-Signature'))) {
abort(401);
}# Python
import hmac, hashlib
expected = hmac.new(secret.encode(), raw_body, hashlib.sha256).hexdigest()
if not hmac.compare_digest(expected, request.headers['X-RentingHive-Signature']):
abort(401)// Node.js
const crypto = require('crypto')
const expected = crypto.createHmac('sha256', secret).update(rawBody).digest('hex')
if (!crypto.timingSafeEqual(Buffer.from(expected), Buffer.from(sig))) {
res.status(401).end()
}Inbound Webhooks (Stripe)
RentingHive listens for Stripe account.updated and account.application.deauthorized events. If your Stripe Connect account is suspended or deauthorized,
all API keys for your account are automatically revoked.
Media Upload
Images must be uploaded directly to S3 via a pre-signed URL.
Call POST /media/upload-url to get a signed URL, then PUT your file to that URL. Pass the returned path in images[] when creating a listing.
POST /media/upload-url
{ "mime_type": "image/jpeg" }
→ { "upload_url": "https://s3.amazonaws.com/...", "path": "listings/tmp/uuid.jpg" }Plans & Limits
| Plan | Listing limit | Rate limit |
|---|---|---|
| Free | 50 listings | 60 req/min |
| Pro | 1,000 listings | 600 req/min |
Error Codes
| HTTP | error code | Meaning |
|---|---|---|
| 401 | unauthenticated | No API key provided |
| 401 | invalid_api_key | Key invalid or revoked |
| 403 | insufficient_scope | Key scope too narrow |
| 403 | plan_limit_exceeded | Free tier listing limit reached |
| 403 | forbidden_status | Status not owner-settable |
| 404 | not_found | Resource not found |
| 422 | validation_error | Invalid request body |
| 429 | — | Rate limit exceeded |
| 500 | server_error | Internal error — retry with backoff |