Skip to main content

Version Docs Updated

Purpose

The MHM Rentiva v1 REST API provides core endpoints for external system integration, mobile app support, and asynchronous operations. All endpoints are served under the wp-json/mhm-rentiva/v1 namespace.

🌐 REST API v1 Structure

The v1 API layer provides secure and fast data access while maintaining backward compatibility.

πŸ”‘ 1. Authentication and Security​

Access to API endpoints is provided through three different methods depending on the type of operation:

MethodUse CaseDetails
PublicLocations, AvailabilityNo authentication required for publicly accessible data.
NonceAJAX/Web interactions_wpnonce header/parameter verification required.
API KeyExternal Service IntegrationsAuthentication via X-Rentiva-API-Key or Bearer Token.

πŸš€ 2. Core Endpoints​

A. System Health (/health)​

  • Method: GET
  • Function: Checks the existence of database tables, plugin version, and license status.
  • Response: {"status": "ok", "version": "4.21.2"}

B. Location Services (/locations)​

  • Method: GET
  • Function: Returns defined active locations for the booking and transfer modules.
  • Parameters: ?type=airport, ?city=istanbul

C. Availability and Pricing (/availability)​

  • Method: POST
  • Function: Checks availability for specific dates and a vehicle ID, and calculates the net price via the Pricing Engine.
  • Input: vehicle_id, pickup_date, return_date

πŸ›‘οΈ 3. Security Layer (AuthHelper)​

AuthHelper is engaged for all "write" (POST/PUT/DELETE) operations:

  • Rate Limiting: Per-minute request limit for each API key.
  • HMAC Verification: Guarantees data integrity on webhook callbacks.

πŸ“Š 4. Response and Error Format​

The system returns standard JSON responses:

{
  "success": true,
  "data": { ... },
  "message": "İşlem başarılı."
}

On error:

{
  "success": false,
  "error_code": "INVALID_PARAMS",
  "message": "Eksik parametre gΓΆnderildi."
}

βš›οΈ 5. Admin React SPA Endpoints (v4.36.0+)​

Starting in v4.36.0, all major admin pages were migrated to React SPAs. Each page is backed by a dedicated REST controller. All endpoints require manage_options capability.

Dashboard (v4.36.0)​

MethodEndpointDescription
GET/dashboard/statsKPI cards: total bookings, revenue, active vehicles, customers
GET/dashboard/recent-bookingsPaginated recent bookings widget
GET/dashboard/recent-transfersUpcoming transfers overview

Reports (v4.37.x)​

MethodEndpointDescription
GET/reports/overviewCross-tab summary stats
GET/reports/revenueRevenue bar chart data + daily detail list
GET/reports/bookingsBooking status distribution
GET/reports/vehiclesVehicle performance KPIs + top vehicles
GET/reports/customersCustomer lifecycle chart + summary metrics

All report endpoints accept ?start_date=YYYY-MM-DD&end_date=YYYY-MM-DD for date-range filtering.

Customers (v4.39.0)​

MethodEndpointDescription
GET/customersPaginated list β€” supports ?search=, ?sort_by=, ?sort_order=, ?page=
GET/customers/{id}Single customer detail (bookings count, total spent, first/last booking)
DELETE/customers/bulkBulk delete β€” accepts ids[] array in request body

Messages (v4.40.0)​

MethodEndpointDescription
GET/messagesPaginated inbox β€” filterable by status, priority, category
GET/messages/{id}Thread view for a single message
POST/messages/{id}/replySend a reply in a thread
POST/messages/{id}/statusUpdate message status (pending/replied/closed)

Vendor Reports (v4.40.0)​

MethodEndpointDescription
GET/vendor-reportsPaginated list β€” filterable by status and context type
GET/vendor-reports/{id}Single report detail with full description and audit trail
POST/vendor-reports/{id}/resolveMark as resolved (triggers penalty release or apply depending on context)
POST/vendor-reports/{id}/rejectReject report (triggers deferred penalty for vehicle_action context)

Vendor Management (v4.40.0)​

MethodEndpointDescription
GET/vendor-management/applicationsPending vendor applications
GET/vendor-management/vendorsActive vendor list with search/filter
GET/vendor-management/{id}Vendor detail (masked IBAN, documents, stats)
POST/vendor-management/{id}/approveApprove a pending application
POST/vendor-management/{id}/rejectReject a pending application
POST/vendor-management/{id}/suspendSuspend an active vendor
POST/vendor-management/{id}/unsuspendUnsuspend a vendor (v4.43.0)
GET/vendor-management/{id}/audit-logCommission + penalty audit log (v4.43.0)

Export (v4.52.0)​

MethodEndpointDescription
GET/admin/export/historyPaginated export log β€” transient-backed, max 50 entries, 1-week TTL
DELETE/admin/export/{id}Remove a specific export history entry
POST/admin/export/previewTotal record count + 5-row sample for the selected post type and date filters

Section Summary​

  • v1 API serves under mhm-rentiva/v1.
  • Authentication method varies based on the criticality of the operation.
  • All operations are audited via the central AuthHelper and ErrorHandler.
  • Admin React SPA endpoints (v4.36.0+) all require manage_options capability.

Changelog​

DateVersionNote
12.05.20264.52.0Export REST controller: /admin/export/history, /admin/export/{id}, /admin/export/preview.
07.05.20264.43.0/vendor-management/{id}/unsuspend + /vendor-management/{id}/audit-log endpoints added.
06.05.20264.40.0Messages, Vendor Reports, Vendor Management REST controllers added (12 new endpoints).
10.04.20264.39.0Customers REST controller: GET /customers, /customers/{id}, DELETE /customers/bulk.
05.04.20264.37.xReports REST controller: 5 tab endpoints with date range filter.
10.05.20264.36.0Dashboard REST controller: /dashboard/stats, /dashboard/recent-bookings, /dashboard/recent-transfers.
23.04.20264.27.2English translation added.
19.03.20264.21.2v1 API architecture and security layers updated.