[#1296] Issue with SimplyBook API - Unauthorized (401) Error on Booking Requests

system · October 28, 2024, 1:28pm

Migrated from Redmine #1296 | Author: Tadeáš Černý
Status: Feedback | Priority: High, I’m very impatient | Created: 2024-10-28

Hello,

I’m currently facing an issue with the SimplyBook API while trying to create a booking via the book method in the API. I’ve implemented the authentication process as per the documentation, and I’m able to successfully retrieve an authorization token by calling the getToken method. However, when I attempt to use this token for subsequent requests to endpoints like /admin/clients or /admin/bookings, I consistently receive a 401 Unauthorized error.

Here’s a summary of my setup and the issue:

Token Retrieval: I successfully retrieve the token at the beginning of my application using the getToken method. The token is returned correctly and stored for future use.

Booking Process:

Before creating a booking, I attempt to check if a client already exists in the system by calling the /admin/clients endpoint with the token in the X-Token header.
If the client does not exist, I then attempt to create a new client.
Finally, I call the /admin/bookings endpoint to create the booking.
Problem: Every time I send requests to the /admin/clients or /admin/bookings endpoints with the retrieved token, the response returns a 401 Unauthorized error. This error occurs even though the token was freshly retrieved and passed in the request headers as specified in the documentation.

Possible Cause: I suspect the issue may be due to the token becoming invalid too quickly or being affected by multiple token retrievals in the same session. However, I have also tried storing the token and using it consistently without repeated retrievals, but the issue persists.

Here’s a snippet of the headers I’m using for these requests:

headers: {
“Content-Type”: “application/json”,
“X-Company-Login”: companyLogin, // My company login
“X-Token”: token // Token retrieved from getToken method
}
Could you please advise on what might be causing this issue? Is there a specific way to manage token retrieval and reusability that I might be overlooking, or could there be any server-side settings affecting the token validity?

Thank you for your assistance.

system · October 29, 2024, 9:34am

Dmytro Bondarev wrote:

Hi,
If you want to use admin endpoints you should use relevant endpoints to authenticate in API.
Please see documentatyion how to get token for such case: API documentation | SimplyBook.me Online Scheduling

system · October 29, 2024, 11:16am

Tadeáš Černý wrote:

Hello,

Thank you for your response.

After reviewing the documentation you provided, I’m still a bit unsure if I might be misunderstanding the setup. My goal is to create a custom booking solution on my website, similar to a SimplyBook widget, but entirely self-built.

Here’s what I’m trying to achieve:

I’m fetching all products/services available.
I’m retrieving a list of people offering these services.
Then, I pull up available dates and times for a selected service.
This information is populated into a final form, which users can submit to book the appointment.

However, every time I attempt to make a booking (after filling in the form with the necessary details), I encounter a 401 Unauthorized error.

Could you confirm if I’m supposed to use a different authentication process for creating these bookings via API, even if I’m able to retrieve the token through the getToken method initially?

Thank you for helping me clarify this.

system · October 29, 2024, 1:04pm

Dmytro Bondarev wrote:

Hello,

If you use /admin/* endopints you have to retrieve admin token.
Since you are trying to build public booking page, then it is better to use public API.