Rest API Overview

Welcome to the OnSched API. This API allows authenticated clients to interact with our backend services for appointment scheduling, user management, and other core platform features.

All requests must be made over HTTPS to ensure security and data privacy.

Authentication

The OnSched API uses Bearer Token Authentication powered by Supabase Auth. Clients must authenticate using a valid access token (JWT) issued during login or sign-up. This Bearer Token can be refreshed using the Refresh Token, for more information please see Authentication

Include this token in the Authorization header of every request:

Authorization: Bearer <your-access-token>

Access tokens are short-lived and must be refreshed periodically (usually every hour). Tokens are tied to a specific user and determine which data they can access based on row-level security (RLS) rules in our PostgreSQL database.

📘
Note:
If your request is missing or contains an invalid/expired token, the API will return a 401 Unauthorized error.

Base URL

All endpoints are prefixed by a base URL (determined by the environment that you are using):

<!-- Sandbox -->
https://app-dev.onsched.com
<!-- Production -->
https://v3.onsched.com

For example:

<!-- Sandbox -->
https://app-dev.onsched.com/v3/appointments
<!-- Production -->
https://v3.onsched.com/v3/appointments

Response Format

All responses are in JSON. Success responses will typically include:

{
  "status": "success",
  "data": "the requested resource or payload"
}

Error responses will include:

{
  "status": "error",
  "message": "a human-readable explanation",
  "code": "a short error code (e.g., unauthorized, validation_error)"

Testing & Development

When you're ready to begin, head to the Reference API and log in at the top!

Authentication

📘Note:

Base URL

Response Format

Testing & Development

📘
Note: