Product Guide
  1. Getting Started

Accounts & sign-in

This page covers how people sign in to Lodgestory and how partners authenticate against the Lodgestory public API.

For team members

Signing in to Lodgestory CRM and Voice

  • URL: https://lodgestory.com/login
  • Methods: email + password, token exchange login or Google sign-in.
  • Session length: ten days. You're prompted to sign back in after that.
  • Across devices: you can be signed in on as many as 5 devices; each gets its own session.

Signing in to Content Studio

  • URL: https://blogstudio.inboxcentral.ai
  • Methods: email + password and Google sign-in.
  • Separate from the CRM: Content Studio has its own account system. If you work across both, expect two sign-ins. (This is a deliberate separation so marketing and agency collaborators can work in Content Studio without touching the CRM.)

Forgot password / account locked

Use Forgot password? on the sign-in screen; an email one-time code lets you set a new password. If you can't receive email or are locked out, contact your Account Owner — an Admin can trigger a password reset on your behalf.

Two-factor authentication

Available on request; contact your Account Owner or support for enrolment steps.

Signing out

Visit Dashboard → Logout and click Logout.

For organisations inviting team members

  • Settings → Team Members → Add. Enter an email and phone number, pick a role, and add user. 

    Restriction: If your team member is already a part of a different organisation / project with the same email and phone number, they must use the same combination of email and phone when registering on a different organisation. If not, then they must use a different combination of email and phone number altogether.

  • Roles assignable at invite time: CRM Admin, CRM User.
  • Account Owner cannot be reassigned directly; contact support to transfer ownership.
  • Removing a team member: Settings → Team Members → their row → Remove. They're signed out of every device within a minute and their session is invalidated.

For partners integrating against the Lodgestory public API

Lodgestory exposes a public API (under the /api/wp-crm/* path) for partners to integrate against Lodgestory CRM. Separately, Content Studio exposes a public blog-reading API (under /api/public/blogs/*) for published blog retrieval.

Lodgestory CRM public API

  • Auth: API key + secret issued per tenant in Settings → Developer Access.

    Developer Access is disabled by default, you may request access via Support.

  • Token flow: exchange key + secret for a short-lived bearer token by calling POST /api/wp-crm/token. Use the token in Authorization: Bearer <token> headers on every subsequent request.
  • Token lifetime: about eight days.
  • Scope: the public CRM API is deliberately limited to partner-safe operations (contact CRUD, message send, template send, broadcast create, etc.). Internal endpoints are not reachable with a public token and can be requested via Support. 
  • Full reference: https://api.lodgestory.com/api/docs/public — interactive Swagger UI.

Content Studio public blog API

  • Auth: none. The public blog API is read-only and unauthenticated by design — it's how your marketing site pulls published blogs for rendering.
  • Endpoints: GET /api/public/blogs, GET /api/public/blogs/:slug, plus sitemap, categories, and keyword endpoints.
  • Rate limits: fair-use; contact support if you need a higher allowance.

Security notes

  • Sessions are HTTPS-only; no API endpoint accepts plain HTTP in production.
  • Partner API secrets are one-time-visible — if lost, regenerate from Settings → Developer Access.
  • Lodgestory does not reuse the CRM session for Content Studio, and vice versa. Compromise of one does not compromise the other.
  • Role changes propagate within a few minutes of being saved.
  • Removing a team member invalidates every active session they hold.

Where to go next

  • If you're a team member setting up the platform: start at Start here.
  • If you're a partner: each product hub has a dedicated API section at the bottom — start there.
  • If you're an Account Owner reading this to evaluate security posture, please email [email protected] and we'll share the security whitepaper under NDA.

Updated about 4 hours ago