Platform endpoints
Platform customers have the following endpoints available:- Endpoints prefixed with “Platform”.
- Endpoints with no prefix e.g “Bookings”, “Event Types”.
- If you are at least on the ESSENTIALS plan, then all endpoints prefixed with “Orgs” except “Orgs / Attributes”, “Orgs / Attributes / Options” and “Orgs / Teams / Routing forms / Responses”.
Organizations endpoints
Organizations customers have all the endpoints except the ones prefixed with “Platform” and “Teams” and “Orgs / Orgs” because children organizations are only allowed in the platform plan right now.Teams endpoints
Teams customers have all the endpoints except the ones prefixed with “Platform” and “Orgs”.Authentication
The Cal.com API has 3 authentication methods:- API key
- Platform OAuth client credentials
- Managed user access token
1. API key
You can view and manage your API keys in your settings page under the security tab in Cal.com.
cal_
and live mode secret keys have the prefix cal_live_
.
Your API keys carry many privileges, so be sure to keep them secure! Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, and so forth.
Authentication to the API is performed via the Authorization header. For example, the request would go something like:
2. OAuth client credentials
You need to use OAuth credentials when:- Managing managed users API reference
- Creating OAuth client webhooks API reference
- Refreshing tokens of a managed user API reference
- Teams related endpoints: Managing organization teams API reference, adding managed users as members to teams API reference, creating team event types API reference.
x-cal-client-id
- ID of the OAuth client.x-cal-secret-key
- secret of the OAuth client.
3. Managed user access token
After you create a managed user you will receive its access and refresh tokens. The response also includes managed user’s id, so we recommend you to add new properties to your users table calAccessToken, calRefreshToken and calManagedUserId to store this information. You need to use access token when managing managed user’s:- Schedules API reference
- Event types API reference
- Bookings - some endpoints like creating a booking is public, but some like getting all managed user’s bookings require managed user’s access token API reference