Pardon our mess These API docs are a work in progress. Endpoints, examples, and behavior may change as we continue to develop the Partner API v2.

Partner API

Authentication

Authenticate Partner API v2 with agency API keys (scoped calendar and analytics access).

API keys

Partner API v2 authenticates with a per-agency Bearer token. Prefer creating named keys under Integrations → API keys in the dashboard. Each key can include:

  • calendar — availability and booking endpoints
  • analytics — path catalog and Path Analytics
Authorization: Bearer bp_...

New keys look like bp_ plus a random hex secret (shown once when created or rotated). Secrets are stored hashed; you can revoke or edit scopes later without rotating unless you create a new key.

Where to get a token

  • Agency dashboard — Integrations → API keys (owners and admins). Create multiple keys with Calendar and/or Analytics scopes.
  • Legacy Calendar API token — older single tokens on the agency owner still work and imply both scopes. Prefer new API keys for new integrations.
  • Platform admin — can still reveal / regenerate the legacy calendar token for support.

Treat every token like a password. Regenerating or revoking immediately invalidates that value.

Request rules

  • Send Authorization: Bearer ... on every calendar and analytics request.
  • Use Content-Type: application/json for POST bodies.
  • Missing or invalid tokens return 401 with Invalid or missing token.
  • A valid token without the needed scope returns 403 (for example analytics-only key calling calendar).
  • Responses are always limited to the agency that owns the token.

Optional team member targeting

When the agency booking mode is fixed to a single host calendar, you may pass an optional team member with query params or JSON body fields: agent_uuid (aliases: agentUuid, user_uuid, user, agent). The member must belong to the agency. Pool / round-robin modes assign an agent automatically. Path Analytics does not use agent_uuid.