Skip to main content
magtyne cadence
Get started

Build on magtyne cadence.

Issue API keys, call REST endpoints, and receive signed webhooks in real time. JSON over HTTPS, no SDK required.

Base URL & versioning

All requests go over HTTPS to the versioned base below. We never break a version in place; new fields are additive, and breaking changes ship under a new version prefix.

https://magtyne-cadence.vercel.app/api/v1

Send and expect application/json. All timestamps are ISO 8601 UTC; show them in the recipient's time zone in your UI.

Authentication

Create a key under Integrations, Developer. It is shown once, so store it in a secret manager. Send it as a bearer token on every request; keys are scoped to a single workspace.

curl https://magtyne-cadence.vercel.app/api/v1/bookings \
  -H "Authorization: Bearer sk_live_your_key_here" \
  -H "Content-Type: application/json"

Rotate a key anytime; revoking it takes effect immediately. Never expose a key in client-side code.

Endpoints

The core resources. List endpoints are paginated with ?limit= (max 100) and a cursor returned as next_cursor.

MethodPathDescription
GET/v1/bookingsList bookings, filter by date, status, or event type
POST/v1/bookingsCreate a booking on behalf of an invitee
GET/v1/bookings/{id}Retrieve a single booking
POST/v1/bookings/{id}/cancelCancel a booking
POST/v1/bookings/{id}/rescheduleMove a booking to a new time
GET/v1/event-typesList your event types and their availability
GET/v1/contactsList contacts
POST/v1/contactsCreate or upsert a contact
curl -X POST https://magtyne-cadence.vercel.app/api/v1/bookings \
  -H "Authorization: Bearer sk_live_..." -H "Content-Type: application/json" \
  -d '{
    "eventType": "intro-call",
    "start": "2026-06-25T15:30:00Z",
    "invitee": { "name": "Wei Chen", "email": "wei@example.com" }
  }'

Errors

Errors return the right HTTP status and a JSON body with a stable code and a human message. Branch on code, not the message.

StatusCodeMeaning
400bad_requestThe request was malformed or failed validation
401unauthorizedMissing or invalid API key
403forbiddenThe key lacks permission for this action
404not_foundNo such resource in your workspace
409conflictThe slot is taken or the resource already exists
429rate_limitedToo many requests, back off and retry

Webhooks

Add an endpoint under Integrations, Developer. We POST a signed JSON payload the moment something happens. Each delivery carries an X-Magtyne-Signature header; verify it with your endpoint secret before trusting the request.

EventFires when
booking.createdA new booking is confirmed
booking.rescheduledA booking moves to a new time
booking.cancelledA booking is cancelled
booking.no_showAn invitee is marked a no-show
payment.succeededA Stripe payment clears
payment.refundedA payment is refunded

Verify the signature (Node)

import crypto from 'node:crypto';

function verify(rawBody, header, secret) {
  const [t, sig] = header.split(',').map((p) => p.split('=')[1]);
  const expected = crypto.createHmac('sha256', secret)
    .update(`${t}.${rawBody}`).digest('hex');
  return crypto.timingSafeEqual(Buffer.from(expected), Buffer.from(sig));
}

Example payload

{
  "event": "booking.created",
  "createdAt": "2026-06-23T14:05:00.000Z",
  "data": {
    "id": "bk_8f2c...",
    "eventType": "intro-call",
    "start": "2026-06-25T15:30:00.000Z",
    "invitee": { "name": "Wei Chen", "email": "wei@example.com" }
  }
}

Retries & idempotency

Send an Idempotency-Key header on POSTs so a retried request never double-books. We retry failed webhook deliveries with exponential backoff for 24 hours; make your handler idempotent by keying on the event id.

Rate limits

Limits apply per key and per IP, roughly 60 requests per 10 seconds on general endpoints with tighter windows on public booking and AI endpoints. A throttled request returns 429 with a Retry-After header; back off and retry.

Some REST endpoints are rolling out; webhooks and API keys are live today. Need an endpoint that is not here yet? Tell us.