API
The 42min Public REST API — authentication (PATs, OAuth 2.1 + PKCE), scopes, rate limits, idempotency, optimistic locking, and a full reference for every /v1 endpoint.
- API overviewThe 42min Public REST API — base URL, JSON envelopes, and what you can do with it.
- AuthenticationAuthenticate to the 42min API with a personal access token, or with an OAuth 2.1 + PKCE access token. Includes the full authorize → consent → token → refresh flow with reuse detection.
- ScopesThe full list of OAuth and PAT scopes — what each one grants, the alias expansions, and how scope enforcement works.
- Rate limitsPer-minute request quotas, the X-RateLimit-* headers, and how to back off on 429.
- IdempotencyHow the Idempotency-Key header makes write requests safe to retry — fingerprinting, replay window, and conflict handling.
- Optimistic locking (ETag / If-Match)How PATCH on /v1/bookings uses ETag and If-Match for optimistic concurrency control — read-modify-write without races.
- ErrorsThe error envelope, the code taxonomy, and what each status means.
- DiscoveryThe .well-known endpoints that publish the OAuth authorization server and protected resource metadata.
- GET /v1/_pingCheap auth/scope/identity probe — confirms your token reaches the API and reports who it belongs to.
- GET /v1/meReturn the profile of the user the token authenticates.
- /v1/event-typesList and read event types in the authenticated account.
- /v1/slotsList available slots for an event type over a window, and check whether a specific slot is bookable right now.
- /v1/bookingsList, read, create, cancel, reschedule, and patch bookings. The write-heavy surface — every mutation needs an Idempotency-Key, and PATCH needs an If-Match ETag.
- /v1/webhooksManage webhook subscriptions over the API — create, list, edit, delete, rotate the signing secret, send a test, and read recent deliveries. Each credential gets its own sandbox.