1. Product Overview
Palm Concierge is an AI-native guest experience platform enabling hotels to deliver personalized, 24/7 concierge services via WhatsApp. It features deep bi-directional integration with Property Management Systems (PMS), Point of Sale (POS), and CRM systems to synchronize bookings, guest profiles, charges, and status changes in real time.
2. Partner Integrations
Bi-directional real-time sync with:
- PMS: OPERA Cloud, Mews, Cloudbeds
- POS: Simphony, Toast, Lightspeed
- CRM: Salesforce, HubSpot
Supported patterns: REST polling, webhooks (push), batch sync, direct synchronous calls.
3. Security & Privacy
GDPR / CCPA compliant
Explicit WhatsApp opt-in / keyword opt-out
AES-256 encryption at rest
TLS 1.3 in transit
Tenant-level data isolation
Full audit logging
4. Authentication, Authorization & Protocols
4.1 Authentication
JWT Bearer Token
Authorization: Bearer <access_token>- Access token lifetime:60 minutes
- Refresh token:7 days (when issued)
- Scopes:Embedded in JWT (e.g.
bookings:write,guests:read)
4.2 Protocols
REST: HTTPS / JSON, path versioning /api/v1 gRPC: HTTP/2 + Protocol Buffers (TLS mandatory) grpc.hotel-ai-agent.palmchatbot.com:4434.3 Authorization
- Scopes embedded in JWT (e.g. bookings:write, guests:read).
- Rate limit:100 requests/min per IP (configurable)
5. API Reference
5.1 Base URLs
REST: https://hotel-ai-agent.palmchatbot.com/api/v1
gRPC: grpc.hotel-ai-agent.palmchatbot.com:4435.2 User Login
POST
/auth/loginAuthenticates a user and returns JWT access & refresh tokens.
Request Body
{
"email": "user@example.com",
"password": "StrongPassword@123"
}
// OR
{
"name": "john_doe",
"password": "StrongPassword@123"
}Success Response
200 OK
{
"userWithoutPassword": {
"_id": "65c9f5aaf2b4c3e9d8a1d444",
"name": "john_doe",
"email": "user@example.com",
"createdAt": "2026-01-01T10:00:00.000Z"
},
"accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}Error Responses
- 400 – Missing password / identifier
- 401 – Incorrect password
- 404 – User not found
5.3 Create / Replace Booking
POST
/bookingsgRPC supportedCreates (or replaces) a confirmed booking for a guest. If a confirmed booking already exists for the same guest under the same tenant, the existing booking is deleted and a new one is created.
Request Body
{
"name": "John Doe",
"email": "john@example.com",
"country_code": "+1",
"phone": "9876543210",
"booking_ref": "ABC123",
"scheduled_at": "2026-02-10T12:00:00.000Z",
"check_out": "2026-02-12T10:00:00.000Z",
"number_of_guests": 2,
"channel": "AIRBNB",
"rooms": ["65c9f0a9f2b4c3e9d8a1a111"]
}Behavior & Logic
- Ensures
booking_refis unique per tenant →409 Conflict if duplicate - Guest is upserted using
phone(+emailif provided) - If confirmed booking exists for same guest & tenant: delete old → create new
- Triggers automation event: BOOKING_CONFIRMED
Success Response
201 Created
{
"_id": "65c9f2bdf2b4c3e9d8a1b222",
"tenant": "tenant_id",
"guest": ["65c9f1aaf2b4c3e9d8a1c333"],
"booking_ref": "ABC123",
"scheduled_at": "2026-02-10T12:00:00.000Z",
"check_out": "2026-02-12T10:00:00.000Z",
"status": "CONFIRMED",
"number_of_guests": 2,
"room": ["65c9f0a9f2b4c3e9d8a1a111"],
"createdAt": "2026-02-09T10:15:30.000Z"
}Error Responses
- 409 Conflict – Booking reference already exists
- 500 – Unexpected server error
5.4 Update Booking
PATCH
/bookings/{bookingId}gRPC supportedUpdates an existing booking. Status changes drive powerful side effects (room availability, automation triggers, PMS sync).
Path Parameters
| Param | Type | Required | Description |
|---|---|---|---|
| bookingId | string | Yes | Booking document ID |
Request Body (partial – all fields optional)
{
"status": "CHECKED_IN"
// other fields optional
}Supported Status Values
- CONFIRMED
- CHECKED_IN
- CHECKED_OUT
- CANCELLED
Status-Based Behavior
| Status | Side Effects | Automation Event |
|---|---|---|
| CONFIRMED | Mark rooms unavailable | BOOKING_CONFIRMED |
| CHECKED_IN | Set check_in = now() | CHECKED_IN |
| CHECKED_OUT | Set check_out = now(), release rooms | CHECKED_OUT |
| CANCELLED | Release rooms | None |
Field Rules
| Field | Rule |
|---|---|
| check_in | Ignored if sent by client |
| check_out | Ignored if sent by client |
| status | Drives side effects & automation |
| room | Not modified during update |
Success Response
200 OK
{
"_id": "65c9f2bdf2b4c3e9d8a1b222",
"booking_ref": "ABC123",
"status": "CHECKED_IN",
"check_in": "2026-02-09T11:45:00.000Z",
"guest": { /* populated */ },
"room": [ { /* populated */ } ],
"updatedAt": "2026-02-09T11:45:00.000Z"
}Error Responses
- 400– Booking not found / invalid status
- 500– Server error