VardaCal VardaCal Developer API

Authentication

Important: Keep your API credentials secure. Never expose them in client-side code or public repositories.

Authentication Methods

VardaCal API supports two authentication methods depending on your use case:

API Key Authentication (Recommended)

For server-to-server communication and platform integrations. Use your API key and secret in the request headers.

Required Headers:

X-API-Key: your_api_key_here
X-API-Secret: your_api_secret_here

Example Request:

curl -X GET https://api.vardacal.com/api/v1/platform/bookings \
  -H "X-API-Key: vck_1234567890abcdef" \
  -H "X-API-Secret: vcs_abcdef1234567890"

JWT Token Authentication

For user-specific actions and frontend applications. Obtain a JWT token through the login endpoint.

1. Obtain Token:

curl -X POST https://api.vardacal.com/api/v1/login \
  -H "Content-Type: application/json" \
  -d '{
    "email": "user@example.com",
    "password": "your_password"
  }'

2. Use Token in Requests:

curl -X GET https://api.vardacal.com/api/v1/me \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."

API Scopes

API tokens can be configured with specific scopes to limit access:

Scope Description Available In
read:self Read your own data All plans
write:self Modify your own data All plans
read:org Read organization data Team plans
write:org Modify organization data Team plans
manage:webhooks Manage webhook configurations Pro plans
impersonate:users Act on behalf of other users Platform only

Generating API Keys

  1. 1.

    Log in to your VardaCal dashboard

  2. 2.

    Navigate to Settings → API Keys

  3. 3.

    Click Generate New API Key

  4. 4.

    Select the required scopes for your integration

  5. 5.

    Copy and securely store your API key and secret

Warning: Your API secret will only be displayed once. Store it securely and never commit it to version control.

Security Best Practices

Use environment variables

Store API credentials in environment variables, not in code

Rotate keys regularly

Regenerate API keys periodically for enhanced security

Use HTTPS only

Always use HTTPS when making API requests

Limit scope access

Only grant the minimum required scopes for each integration

Monitor usage

Regularly review API usage logs for suspicious activity

Example Implementations

// Using Fetch API
const apiKey = process.env.VARDACAL_API_KEY;
const apiSecret = process.env.VARDACAL_API_SECRET;

const response = await fetch('https://api.vardacal.com/api/v1/bookings', {
  headers: {
    'X-API-Key': apiKey,
    'X-API-Secret': apiSecret,
    'Content-Type': 'application/json'
  }
});

const data = await response.json();
console.log(data);
import requests
import os

api_key = os.environ.get('VARDACAL_API_KEY')
api_secret = os.environ.get('VARDACAL_API_SECRET')

headers = {
    'X-API-Key': api_key,
    'X-API-Secret': api_secret,
    'Content-Type': 'application/json'
}

response = requests.get(
    'https://api.vardacal.com/api/v1/bookings',
    headers=headers
)

data = response.json()
print(data)
require 'net/http'
require 'json'

api_key = ENV['VARDACAL_API_KEY']
api_secret = ENV['VARDACAL_API_SECRET']

uri = URI('https://api.vardacal.com/api/v1/bookings')
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true

request = Net::HTTP::Get.new(uri)
request['X-API-Key'] = api_key
request['X-API-Secret'] = api_secret
request['Content-Type'] = 'application/json'

response = http.request(request)
data = JSON.parse(response.body)
puts data
<?php
$apiKey = $_ENV['VARDACAL_API_KEY'];
$apiSecret = $_ENV['VARDACAL_API_SECRET'];

$ch = curl_init('https://api.vardacal.com/api/v1/bookings');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, [
    'X-API-Key: ' . $apiKey,
    'X-API-Secret: ' . $apiSecret,
    'Content-Type: application/json'
]);

$response = curl_exec($ch);
curl_close($ch);

$data = json_decode($response, true);
print_r($data);
?>