Authentication
Authenticate your API requests using API keys.
API Keys
API keys are available on PRO and ENTERPRISE plans. Create and manage keys in your Dashboard Settings.
Using Your API Key
Include your API key in the X-API-Key header:
curl -X GET "https://api.salonify.eu/api/v1/businesses/{businessId}/services" \
-H "X-API-Key: sk_live_your_key_here"Scopes
Each API key has specific scopes that determine what it can access. A write scope implicitly includes read access.
Available Scopes
| Name | Type | Required | Description |
|---|---|---|---|
bookings:read | scope | No | Read booking/appointment data |
bookings:write | scope | No | Create, update, and cancel bookings |
services:read | scope | No | Read services and pricing |
services:write | scope | No | Create, update, and delete services |
staff:read | scope | No | Read staff member information |
staff:write | scope | No | Manage staff members |
customers:read | scope | No | Read customer data |
customers:write | scope | No | Manage customer records |
reviews:read | scope | No | Read customer reviews |
schedule:read | scope | No | Read business schedule |
schedule:write | scope | No | Update business schedule |
business:read | scope | No | Read business profile data |
Error Responses
401 Unauthorized
{
"statusCode": 401,
"message": "Invalid API key",
"error": "Unauthorized"
}403 Forbidden (missing scope)
{
"statusCode": 403,
"message": "API key missing required scope: bookings:write",
"error": "Forbidden"
}Security Best Practices
- Never expose API keys in client-side code or public repositories
- Use the minimum required scopes for each integration
- Set expiration dates for keys used in temporary integrations
- Rotate keys regularly and revoke unused keys