API Reference

Customers

Read and manage the customer records attached to a business: walk-ins you create at the till and online customers who booked through Salonify. Customer PII is encrypted at rest; the API returns it decrypted only to the business that owns the record.

Scope and plan

Reads require customers:read, mutations require customers:write. API keys are available on the PRO and ENTERPRISE plans.

List customers

GET/businesses/{businessId}/customers
customers:readPRO plan

Query parameters

NameTypeRequiredDescription
searchstringOptionalMatch across name, email, and phone.
typeenumOptionalall (default), walk-in, or online.
pageintegerOptionalPage number. Defaults to 1.
limitintegerOptionalItems per page (1-100). Defaults to 20.
curl "https://api.salonify.eu/api/v1/businesses/b_8f3a/customers?type=online&limit=20" \
  -H "X-API-Key: sk_live_..."
{
  "data": [
    {
      "id": "cu_9a21",
      "firstName": "Anna",
      "lastName": "Berg",
      "email": "[email protected]",
      "phone": "+352 661 000 111",
      "isWalkIn": false,
      "tags": ["VIP"],
      "totalBookings": 12,
      "totalSpent": 540,
      "createdAt": "2025-11-03T10:22:00.000Z"
    }
  ],
  "meta": { "total": 488, "page": 1, "limit": 20, "totalPages": 25 }
}

Retrieve a customer

GET/businesses/{businessId}/customers/{customerId}
customers:readPRO plan

Path parameters

NameTypeRequiredDescription
businessIduuidRequiredYour business id.
customerIduuidRequiredThe customer id.
curl "https://api.salonify.eu/api/v1/businesses/b_8f3a/customers/cu_9a21" \
  -H "X-API-Key: sk_live_..."
{
  "id": "cu_9a21",
  "firstName": "Anna",
  "lastName": "Berg",
  "email": "[email protected]",
  "phone": "+352 661 000 111",
  "notes": "Prefers afternoon slots",
  "tags": ["VIP"],
  "totalBookings": 12,
  "totalSpent": 540
}

Create a walk-in customer

POST/businesses/{businessId}/customers
customers:writePRO plan

Body parameters

NameTypeRequiredDescription
firstNamestringRequiredFirst name (min 2 chars).
lastNamestringRequiredLast name (min 2 chars).
emailstringOptionalCustomer email.
phonestringOptionalCustomer phone.
curl -X POST "https://api.salonify.eu/api/v1/businesses/b_8f3a/customers" \
  -H "X-API-Key: sk_live_..." \
  -H "Content-Type: application/json" \
  -d '{ "firstName": "Anna", "lastName": "Berg", "email": "[email protected]" }'
{
  "id": "cu_b772",
  "firstName": "Anna",
  "lastName": "Berg",
  "email": "[email protected]",
  "isWalkIn": true
}

Update a customer

PATCH/businesses/{businessId}/customers/{customerId}
customers:writePRO plan

Body parameters

NameTypeRequiredDescription
firstNamestringOptionalNew first name (min 2).
lastNamestringOptionalNew last name (min 2).
emailstringOptionalNew email.
phonestringOptionalNew phone.
curl -X PATCH "https://api.salonify.eu/api/v1/businesses/b_8f3a/customers/cu_b772" \
  -H "X-API-Key: sk_live_..." \
  -H "Content-Type: application/json" \
  -d '{ "phone": "+352 661 222 333" }'
{ "id": "cu_b772", "firstName": "Anna", "phone": "+352 661 222 333" }

Related reads

A customer's booking history (/customers/{customerId}/bookings), tags (PATCH /tags), and notes (PATCH /notes) use the same customers:read / customers:write scopes. The GDPR-grade hard delete (anonymizing the underlying user) is a destructive operation and is intentionally not exposed to API keys.