Skip to content

Overview

The managed, headless booking engine’s public /v1 API (docs/04-public-api.md). Every route is declared with @hono/zod-openapi — this document IS the contract the SDK (packages/sdk, API-013) and the Scalar docs site (DOC-001) are generated from.

Information

  • OpenAPI version: 3.1.0

Secret (sk_live_…/sk_test_…) or publishable (pk_live_…/pk_test_…) API key, sent as Authorization: Bearer <key>. Publishable keys are hard-capped to availability:read/quote:read/hold:create and additionally enforce an Origin allowlist (docs/04-public-api.md §Authentication).

Security scheme type: http

Operator/dashboard session — an HttpOnly, Secure, SameSite=Lax JWT cookie issued by POST /v1/auth/login, rotated by POST /v1/auth/refresh (docs/02-architecture.md).

Security scheme type: apiKey

Cookie parameter name: be_session