REST API
The Booking Kit provides utilities for building a REST API layer on top of the core logic.
API key management
Section titled “API key management”import { generateApiKey, hashApiKey, verifyApiKey, hasScope, isKeyExpired } from "@thebookingkit/core";
// Generate a new API keyconst key = generateApiKey();// Returns: GeneratedApiKey { key: "sk_live_...", hashedKey: "sha256:..." }
// Hash for storage (never store the raw key)const hashed = hashApiKey(key.key);
// Verify a key from a requestconst valid = verifyApiKey(rawKey, storedHashedKey);
// Check scopeshasScope(apiKeyRecord, "bookings:read"); // true/falsehasScope(apiKeyRecord, "bookings:write"); // true/false
// Check expiryisKeyExpired(apiKeyRecord); // true if past expiresAtKey scopes
Section titled “Key scopes”| Scope | Description |
|---|---|
bookings:read | Read booking data |
bookings:write | Create, update, cancel bookings |
availability:read | Read available slots |
event_types:read | Read event type configuration |
event_types:write | Modify event types |
webhooks:manage | Create and manage webhook subscriptions |
Rate limiting
Section titled “Rate limiting”Token bucket algorithm with configurable limits:
import { checkRateLimit } from "@thebookingkit/core";
const result = checkRateLimit(currentState, { maxTokens: 120, // 120 requests refillRate: 2, // 2 tokens per second (120/min) refillInterval: 1000, // Refill every 1 second});
// Returns: RateLimitResult// { allowed: true, remaining: 119, resetAt: Date, state: RateLimitState }Cursor-based pagination
Section titled “Cursor-based pagination”import { encodeCursor, decodeCursor } from "@thebookingkit/core";
// Encode the last item's ID and timestamp into a cursorconst cursor = encodeCursor({ id: "abc123", createdAt: new Date() });// Returns: base64 string
// Decode a cursor from a requestconst { id, createdAt } = decodeCursor(cursorString);Response formatting
Section titled “Response formatting”import { createSuccessResponse, createErrorResponse, createPaginatedResponse, API_ERROR_CODES,} from "@thebookingkit/core";
// SuccesscreateSuccessResponse(booking);// { data: booking }
// ErrorcreateErrorResponse("not_found", "Booking not found");// { error: { code: "not_found", message: "Booking not found" } }
// PaginatedcreatePaginatedResponse(bookings, { cursor: nextCursor, hasMore: true, total: 42 });// { data: bookings, meta: { cursor, hasMore, total } }Query validation
Section titled “Query validation”import { validateSlotQueryParams, parseSortParam } from "@thebookingkit/core";
const params = validateSlotQueryParams({ date: "2026-03-10", timezone: "America/New_York", duration: "30",});// Returns validated and parsed params, or throws with validation details
const sort = parseSortParam("-createdAt,title");// Returns: [{ field: "createdAt", direction: "desc" }, { field: "title", direction: "asc" }]