Authentication
Learn how to authenticate with the API.
API Keys
Authentication is done via API keys. To create a key:
- Log in to the admin area
- Navigate to Settings > API
- Click "Create new API key"
- Select the required scopes
Using API Keys
There are three ways to pass your API key:
Bearer Token (recommended)
curl -X GET "https://your-tenant.plandocket.com/api/v1/events" \
-H "Authorization: Bearer YOUR_API_KEY"X-API-Key Header
curl -X GET "https://your-tenant.plandocket.com/api/v1/events" \
-H "X-API-Key: YOUR_API_KEY"Query Parameter
curl -X GET "https://your-tenant.plandocket.com/api/v1/events?api_key=YOUR_API_KEY"This method is not recommended as the key may appear in logs.
Scopes
API keys can be restricted to specific scopes:
| Scope | Access |
|---|---|
events |
Read and write events |
contacts |
Read and write contacts |
participants |
Read and write participants |
applications |
Read and manage applications |
categories |
Read and write categories |
invoices |
Read and write invoices |
payments |
Read and record payments |
tasks |
Read and write tasks |
documents |
Read and generate documents |
submissions |
Read and manage submissions |
booths |
Read and write booths and reservations |
checkins |
Read and create check-ins |
services |
Read services |
service_orders |
Read service orders |
newsletter |
Manage newsletter subscribers |
custom_fields |
Read and write custom fields |
plans |
Read floor plans |
schedules |
Read schedules |
webhooks |
Manage webhooks |
reports |
Retrieve reports |
audit |
Read audit log |
calendar-feed |
Read calendar feed |
Security
Important Security Notes
- Never use API keys in frontend code
- Store keys in environment variables
- Rotate keys regularly
- Grant only the minimum required scopes