← Back to knowledge base

Setting up Protel API credentials

Every Weareplonet module integrates with your Protel account via the official Protel API using your Protel Login. This guide walks the Protel administrator through generating the scoped API token that Weareplonet needs, and through rotating it safely later.

Who does this. The person with the "System Administrator" role in Protel PMS. This is normally your on-property IT lead, or a group-level IT administrator for hotel groups. Front-office and reservations staff cannot generate API tokens.

Step 1 — Open the API tokens screen in Protel. Sign in to your Protel client as an administrator. Navigate to Setup → Users → API Tokens. If you cannot see the API Tokens menu, your Protel installation may need to be upgraded to a version that exposes the OpenAPI layer — contact your Protel administrator or Protel Support to confirm.

Step 2 — Create a new token. Click "New token" and give it a clear name: Weareplonet - production - property XYZ. Set the scope: for a full Weareplonet deployment, grant read access to Reservations, Guests, Rates, Reports, and read-write access to Folio, Housekeeping and Rates (write access to Rates is only needed for Rate Update Bridge, Corporate Ledger Manager and Group Enquiry Router).

Step 3 — Set the expiry. We recommend 12 months. Protel will remind you to rotate 30 days before expiry. Do not set "no expiry" — token rotation is a basic security hygiene control.

Step 4 — Restrict source IPs. Under "Allowed source IPs", paste the Weareplonet egress IP list from your Weareplonet dashboard (Connection settings → Egress IPs). This ensures the token can only be used from Weareplonet servers, not from a leaked location.

Step 5 — Paste the token into Weareplonet. Copy the token exactly once — Protel does not show it again after this screen. Open your Weareplonet dashboard, go to Connection settings, and paste it in. Click "Test connection"; a green tick within five seconds means you are done.

Rotating the token. Every 12 months, or immediately after any personnel change in your IT team. Rotation is a straight replace: create a fresh token in Protel with the same scope, paste it into Weareplonet, click "Test connection", then delete the old token in Protel. Modules keep running without interruption.

Emergency revocation. If you suspect the token has leaked (public code repo, screenshot posted to a chat channel), delete it in Protel immediately. Weareplonet modules will stop within seconds. Contact support@weareplonet.org — we will help you generate a fresh token and audit access log entries from the compromised token.