Booking API
Build reliable booking flows on top of Bookora’s scheduling engine and calendar integrations.
Authorization: Bearer YOUR_SERVICE_TOKEN.POST requests require Idempotency-Key to prevent duplicate mutations during retries.Introduction
Bookora is a Cloudflare-native scheduling platform that turns availability into bookings. The Booking API lets third-party developers build scheduling experiences for meetings, lessons, consultations, and marketplaces.
- Scheduling infrastructure: availability → slots
- Calendar integration: Google / Microsoft are abstracted behind a unified layer
- Safety: lock layer + database overlap checks prevent double booking
Authentication
Send your service token as a Bearer token.
Idempotency
All POST endpoints require Idempotency-Key. This prevents duplicate bookings when your system retries a request due to timeouts, deploys, or network errors.
- Same key + same request → same result
- Same key + different request → 409 conflict
Endpoints
Z) for all slot times.Fetch availability
/api/availabilityFetch available booking slots for a booking type.
- username (string)
- slug (string)
- startDate (YYYY-MM-DD)
- endDate (YYYY-MM-DD)
- duration (minutes)
{
"slots": [
{
"start": "2026-04-21T09:00:00Z",
"end": "2026-04-21T09:30:00Z"
}
]
}Create a booking
/api/bookingsCreate a booking for a specific booking type.
Each booking must be associated with a booking type, which defines duration, availability, and rules.
Call this after your user confirms (or completes payment).
{
"bookingType": "string",
"start": "ISO datetime",
"end": "ISO datetime",
"name": "string",
"email": "string",
"notes": "string (optional)"
}bookingType is extracted from the booking URL and represents the selected booking type.
/book/hepuloujun/2→ bookingType ="2"/book/hepuloujun/bt-63bb1a53→ bookingType ="bt-63bb1a53"
bookingType accepts a numeric ID (example: "2") or a string ID (example: "bt-63bb1a53").
bookingTypeis required- Must exist and belong to the specified user
- Must match the availability rules of that booking type
In future versions, bookingType may replace username-based booking entirely, making the API fully booking-type-centric.
{
"bookingId": "uuid",
"status": "confirmed"
}Retrieve booking details
/api/bookings/:idFetch booking details by booking ID.
{
"id": "uuid",
"userId": "teacher123",
"startUtc": "2026-04-21T09:00:00Z",
"endUtc": "2026-04-21T09:30:00Z",
"status": "confirmed",
"attendee": { "email": "user@example.com", "name": "Tom" }
}Cancel a booking
/api/bookings/:id/cancelCancel a booking and remove associated calendar events (when applicable).
{
"status": "cancelled"
}Reschedule a booking
/api/bookings/:id/rescheduleReschedule an existing booking to a new time safely (create a new booking, then cancel the old one).
{
"newSlot": {
"start": "2026-04-22T09:00:00Z",
"end": "2026-04-22T09:30:00Z"
}
}{
"oldBookingId": "uuid",
"newBookingId": "uuid",
"status": "rescheduled"
}Error Handling
Errors use a structured envelope.
{
"error": {
"code": "SLOT_NOT_AVAILABLE",
"message": "Selected time slot is no longer available"
}
}- SLOT_NOT_AVAILABLE / SLOT_UNAVAILABLE
- BOOKING_NOT_FOUND
- UNAUTHORIZED
- INVALID_REQUEST
- RATE_LIMITED
Rate Limiting
Requests are rate-limited per IP and per service token. Handle 429 responses with exponential backoff and jitter.
Webhooks (Optional)
Future support may include webhooks for:
- booking.created
- booking.cancelled
- booking.rescheduled
Example Integration
- Fetch availability
- User selects a slot
- Payment completes (if applicable)
- Create the booking with POST /api/bookings
Best Practices
- Always send Idempotency-Key on POST requests
- Always store bookingId as your durable reference
- Use UTC timestamps (Z) and handle slot conflicts gracefully
- Retry safely on rate limits and transient failures