Your client_id and client_secret are available in the Bookable Portal under your account settings.
To securely access the Bookable API, obtain an OAuth 2.0 access token using the Client Credentials flow:
- POST your credentials to the token endpoint.
- Cache the returned token along with the
expires_invalue. - Attach the token to every API request as
Authorization: Bearer <token>. - Re-fetch the token when it is close to expiry (recommended: 60 seconds before).
| Environment | URL |
|---|---|
| Production | https://auth.bookabletech.com/oauth/token |
| Sandbox | https://auth-sandbox.bookabletech.com/oauth/token |
The examples below include token caching — avoid requesting a new token on every API call.
curl -X POST https://auth.bookabletech.com/oauth/token \
-H "Content-Type: application/json" \
-d '{
"grant_type": "client_credentials",
"client_id": "YOUR_CLIENT_ID",
"client_secret": "YOUR_CLIENT_SECRET",
"audience": "api.bookabletech.com"
}'Copy the access_token from the response and use it in your API calls:
curl https://api.bookabletech.com/venues \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN"{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
"scope": "venue:read venue-booking:create",
"expires_in": 3600,
"token_type": "Bearer"
}| Field | Description |
|---|---|
access_token | JWT to include in every API request as Authorization: Bearer <token> |
scope | Permissions granted: venue:read (search venues), venue-booking:create (create bookings) |
expires_in | Token lifetime in seconds (typically 3600). Always read this — do not hardcode it. |
token_type | Always Bearer |
🔔 Important
Do not hardcode the expiration time — always read and store the expires_in value from the response.