Skip to main content

TheBooking Public API

Public REST API shipped by TheBooking 4. WordPress administration routes under /backend are not part of this contract.

Use this section when you need exact route names, parameters, request bodies, response envelopes, and complete request/response examples. For booking flows and implementation choices, start from API and webhooks and Integration workflows.

Base URL

https://example.com/wp-json/thebooking/v1/API/

Authentication

  • Bearer token: Authorization: Bearer $TBK_API_TOKEN
  • API key header: use the header configured in Settings > API & Webhooks.
  • Read operations require read; write operations require write.
  • Authentication and scope errors are returned as HTTP 401 or 403 responses.

Typical Flow

  1. Verify the token with Verify the current API token.
  2. Read services and providers if the external system lets users choose them.
  3. Query canonical availability for the intended time range.
  4. Create or update a customer.
  5. Create the reservation with the slot identity returned by availability.

The API does not bypass TheBooking availability rules. Reservation creation and rescheduling validate the slot again before saving.

Endpoints

MethodEndpointRouteScope
GETVerify the current API token/auth/verify/read
GETGet canonical availability slots/availability/get/read
GETList services/services/get/read
POSTCreate an appointment service/services/add/write
POSTUpdate service properties/services/edit/write
POSTRemove a service without reservations/services/remove/write
GETList providers/providers/get/read
POSTUpdate supported provider restrictions/providers/edit/write
POSTUpdate supported provider/service properties/providers/edit/service/write
GETList customers/customers/get/read
POSTCreate a customer/customers/add/write
POSTUpdate a customer/customers/edit/write
POSTRemove a customer without reservations/customers/remove/write
GETList reservations/reservations/get/read
POSTCreate one reservation from a canonical slot/reservations/add/write
POSTUpdate or reschedule a reservation/reservations/edit/write
POSTRemove a reservation allowed by the route policy/reservations/remove/write

Response Format

Successful application responses use status: "OK". Application-level failures use status: "KO" with a human-readable message. WordPress authentication failures use REST error objects with HTTP 401 or 403.

OpenAPI Contract

The machine-readable contract is available as OpenAPI 3.1 YAML.