StaySignals

Quickstart

Integrate StaySignals end-to-end with one script tag and one curl call.

You need two things from your StaySignals project:

  • A publishable key (pk_<project>_...) — safe to expose in the browser.
  • A secret key (sk_<project>_...) — server-only.

Both are generated in the Dashboard.

Step 1 — Load the SDK on every page

Add the tag to the <head> of every page on your site, not just checkout. The SDK needs to observe the full booking flow to build a useful session.

<script
  src="https://cdn.staysignals.com/v1/staysignals.js"
  data-key="pk_<project>_abc123"
></script>

The SDK generates a session ID automatically and stores it across localStorage, sessionStorage, and a first-party cookie for redundancy. No further JavaScript is required from you.

Step 2 — Call /v1/risk from your server

When the user submits checkout, send the booking context and the session ID to POST /v1/risk. Read the session ID from window.staysignals.sessionId on the client and forward it to your server (hidden form field, fetch header — whatever fits your flow).

curl https://api.staysignals.com/v1/risk \
  -H "X-StaySignals-Key: sk_<project>_abc123" \
  -H "Content-Type: application/json" \
  -d '{
    "session": {
      "id": "ses_9f2a1c7b2e8d4a1f",
      "ip": "203.0.113.42"
    },
    "booker": {
      "reference_id": "usr_8a21",
      "first_name": "Grace",
      "last_name": "Hopper",
      "email": "grace@example.com",
      "phone": "+15125550125"
    },
    "guests": [
      { "first_name": "Alan", "last_name": "Kay" }
    ],
    "billing": {
      "address_line": "221 Congress Ave",
      "country": "US"
    },
    "hotel": {
      "reference_id": "hot_4fd1",
      "giata_id": "123456",
      "name": "The Gravel House",
      "address": "501 E 6th St, Austin, TX",
      "country": "US"
    },
    "booking": {
      "check_in": "2026-06-15",
      "check_out": "2026-06-17"
    }
  }'

The response is a decision:

{
  "decision_id": "dec_8f2a1c7b2e8d",
  "risk_score": 18,
  "risk_level": "low",
  "suggested_action": "allow",
  "risk_setting": "balance",
  "decided_at": "2026-04-18T08:27:33Z"
}

Step 3 — Route the checkout

Branch on suggested_action:

  • allow — commit the reservation.
  • challenge — step-up verification before committing.
  • deny — stop the checkout.

Store decision_id on the order record so you can look the decision up later in the Dashboard.

Next

What it collects

What the SDK observes in the browser.

POST /v1/risk

Full request and response schema.

Handling the response

How to route each suggested_action.

Introduction

StaySignals is a booking-fraud trust layer for hotel OTAs.

Install

Load staysignals.js on every page of your site and forward the session ID at checkout.

On this page

Step 1 — Load the SDK on every pageStep 2 — Call /v1/risk from your serverStep 3 — Route the checkoutNext