StaySignals

Quickstart

Integrate StaySignals end-to-end with one script tag and one curl call.

You need two things from your StaySignals project:

  • A publishable key (pk_abc123def456…) — safe to expose in the browser.
  • A secret key (sk_abc123def456…) — server-only.

Both are generated in the Dashboard.

Step 1 — Load the SDK on every page

Add the tag to the <head> of every page on your site, not just checkout. The SDK needs to observe the full booking flow to build a useful session.

<script
  src="https://cdn.staysignals.com/staysignals.js"
  data-publishable-key="pk_abc123def456…"
></script>

The SDK starts automatically. At checkout, read the current collection ID and send it with your /v1/risk request when available.

Step 2 — Call /v1/risk from your server

When the user submits checkout, send the booking context and the current collectionId to POST /v1/risk. If you need the value in client code, read it with window.StaySignals.getCollectionId() and forward it to your server.

curl https://api.staysignals.com/v1/risk \
  -H "X-StaySignals-Key: sk_abc123def456…" \
  -H "Content-Type: application/json" \
  -d '{
    "collectionId": "col_9f2a1c7b2e8d4a1f",
    "booker": {
      "referenceId": "usr_8a21",
      "firstName": "Grace",
      "lastName": "Hopper",
      "email": "grace@example.com",
      "phone": "+15125550125"
    },
    "guests": [
      { "firstName": "Alan", "lastName": "Kay" }
    ],
    "billing": {
      "addressLine": "221 Congress Ave",
      "country": "US"
    },
    "hotel": {
      "referenceId": "hot_4fd1",
      "giataId": "123456",
      "name": "The Gravel House",
      "address": "501 E 6th St, Austin, TX",
      "country": "US"
    },
    "booking": {
      "checkIn": "2026-06-15",
      "checkOut": "2026-06-17",
      "groupSize": {
        "adultCount": 1
      }
    },
    "requestId": "req_8a21"
  }'

The response is a decision:

{
  "decisionId": "dec_8f2a1c7b2e8d",
  "riskScore": 18,
  "riskLevel": "low",
  "suggestedAction": "allow",
  "riskSetting": "balanced",
  "decidedAt": "2026-04-24T08:27:33.000Z"
}

Step 3 — Route the checkout

Branch on suggestedAction:

  • allow — commit the reservation.
  • deny — stop the checkout.

Store decisionId on the order record so you can look the decision up later in the Dashboard.

Next

What it collects

What the SDK observes in the browser.

POST /v1/risk

Full request and response schema.

Handling the response

How to route each suggestedAction.

Introduction

StaySignals is a booking-fraud trust layer for hotel OTAs.

Install

Load staysignals.js on every page of your site and forward the collection ID at checkout.

On this page

Step 1 — Load the SDK on every pageStep 2 — Call /v1/risk from your serverStep 3 — Route the checkoutNext