Partner API
Authentication
Authenticate Partner API v2 with agency API keys (scoped calendar and analytics access).
API keys
Partner API v2 authenticates with a per-agency Bearer token. Prefer creating named keys under Integrations → API keys in the dashboard. Each key can include:
calendar— availability and booking endpointsanalytics— path catalog and Path Analytics
Authorization: Bearer bp_...
New keys look like bp_ plus a random hex secret (shown once when created or rotated). Secrets are stored hashed; you can revoke or edit scopes later without rotating unless you create a new key.
Where to get a token
- Agency dashboard — Integrations → API keys (owners and admins). Create multiple keys with Calendar and/or Analytics scopes.
- Legacy Calendar API token — older single tokens on the agency owner still work and imply both scopes. Prefer new API keys for new integrations.
- Platform admin — can still reveal / regenerate the legacy calendar token for support.
Treat every token like a password. Regenerating or revoking immediately invalidates that value.
Request rules
- Send
Authorization: Bearer ...on every calendar and analytics request. - Use
Content-Type: application/jsonforPOSTbodies. - Missing or invalid tokens return
401withInvalid or missing token. - A valid token without the needed scope returns
403(for example analytics-only key calling calendar). - Responses are always limited to the agency that owns the token.
Optional team member targeting
When the agency booking mode is fixed to a single host calendar, you may pass an optional team member with query params or JSON body fields: agent_uuid (aliases: agentUuid, user_uuid, user, agent). The member must belong to the agency. Pool / round-robin modes assign an agent automatically. Path Analytics does not use agent_uuid.