We are Airbnb hosts ourselves. We know we wouldn't trust any platform with the password of our Airbnb account. We wish we wouldn't have to ask for your password, but Airbnb requires it to connect to their API (the service Smartbnb uses to exchange information with Airbnb).
We have designed a system that protects your Airbnb credentials, which we have detailed on our data security page.
Here are some precautions we took:
- Your Airbnb password is not stored but is processed once to obtain from Airbnb a token that is used to act on your behalf.
- We are required to have that authentication token to connect to Airbnb's API, and we store that token.
- That token is encrypted in our database using an RSA key pair (the same algorithm used to encrypt credit card details).
- The RSA private key, necessary to decrypt your token, is itself encrypted on our database using AES-256 (the same algorithm used to encrypt data to the cloud, on iCloud, Dropbox or the likes).
- The encrypted private key is stored on a third server, inaccessible from the Internet.
Ultimately, it is possible to void the token by changing your Airbnb password.