API Reference
Customers
Read and manage the customer records attached to a business: walk-ins you create at the till and online customers who booked through Salonify. Customer PII is encrypted at rest; the API returns it decrypted only to the business that owns the record.
Scope and plan
Reads require
customers:read, mutations require customers:write. API keys are available on the PRO and ENTERPRISE plans.List customers
GET
/businesses/{businessId}/customerscustomers:readPRO plan
Query parameters
curl "https://api.salonify.eu/api/v1/businesses/b_8f3a/customers?type=online&limit=20" \
-H "X-API-Key: sk_live_..."Response
{
"data": [
{
"id": "cu_9a21",
"firstName": "Anna",
"lastName": "Berg",
"email": "[email protected]",
"phone": "+352 661 000 111",
"isWalkIn": false,
"tags": ["VIP"],
"totalBookings": 12,
"totalSpent": 540,
"createdAt": "2025-11-03T10:22:00.000Z"
}
],
"meta": { "total": 488, "page": 1, "limit": 20, "totalPages": 25 }
}Retrieve a customer
GET
/businesses/{businessId}/customers/{customerId}customers:readPRO plan
Path parameters
curl "https://api.salonify.eu/api/v1/businesses/b_8f3a/customers/cu_9a21" \
-H "X-API-Key: sk_live_..."Response
{
"id": "cu_9a21",
"firstName": "Anna",
"lastName": "Berg",
"email": "[email protected]",
"phone": "+352 661 000 111",
"notes": "Prefers afternoon slots",
"tags": ["VIP"],
"totalBookings": 12,
"totalSpent": 540
}Create a walk-in customer
POST
/businesses/{businessId}/customerscustomers:writePRO plan
Body parameters
Request
curl -X POST "https://api.salonify.eu/api/v1/businesses/b_8f3a/customers" \
-H "X-API-Key: sk_live_..." \
-H "Content-Type: application/json" \
-d '{ "firstName": "Anna", "lastName": "Berg", "email": "[email protected]" }'Response
{
"id": "cu_b772",
"firstName": "Anna",
"lastName": "Berg",
"email": "[email protected]",
"isWalkIn": true
}Update a customer
PATCH
/businesses/{businessId}/customers/{customerId}customers:writePRO plan
Body parameters
curl -X PATCH "https://api.salonify.eu/api/v1/businesses/b_8f3a/customers/cu_b772" \
-H "X-API-Key: sk_live_..." \
-H "Content-Type: application/json" \
-d '{ "phone": "+352 661 222 333" }'Response
{ "id": "cu_b772", "firstName": "Anna", "phone": "+352 661 222 333" }Related reads
A customer's booking history (
/customers/{customerId}/bookings), tags (PATCH /tags), and notes (PATCH /notes) use the same customers:read / customers:write scopes. The GDPR-grade hard delete (anonymizing the underlying user) is a destructive operation and is intentionally not exposed to API keys.