[#1460] SimplyBook API – Access denied when calling addClient

system · August 19, 2025, 4:42pm

Migrated from Redmine #1460 | Author: Anish Jain
Status: Closed | Priority: High, I’m very impatient | Created: 2025-08-19

I’m testing the SimplyBook API on a trial account. I was able to successfully get a token, but when I try to call addClient I keep getting “Access denied”, even after regenerating the token.

Working request (getToken)
{
“jsonrpc”: “2.0”,
“method”: “getToken”,
“params”: [
“COMPANY NAME”,
“93487534kjh34kj5hk34h5k34j5”
],
“id”: 1
}

This works fine and returns a token.

Failing request (addClient)

URL: https://user-api.simplybook.me/

Payload:

{
“jsonrpc”: “2.0”,
“method”: “addClient”,
“params”: [
{
“name”: “John Do”,
“email”: “john.doe5@example.com”,
“phone”: “+11234567893”,
“password”: “3453skjfhh$h$45”
}
],
“id”: 55
}

Response:

{
“error”: {
“code”: -32600,
“message”: “Access denied”,
“data”:
},
“id”: “55”,
“jsonrpc”: “2.0”
}

What I’ve tried

Regenerated the token multiple times

Verified the API key/secret are valid

Re-ran getToken successfully each time

Still, every addClient request fails with “Access denied”

This is confusing because the very first time it worked, and now every call fails.

Has anyone seen this issue on a trial account? Do I need to pass the token differently when calling addClient?

Thanks in advance!

system · August 19, 2025, 5:54pm

Anish Jain wrote:

Company Login is anishtest

system · August 20, 2025, 7:30am

Vitaliy Kordiak wrote:

Hello Anish Jain,

Thanks for reaching out. I see the issue you’re encountering with the @addClient@ method.

The problem is that for all authenticated API calls (any call after @getToken@), the token must be passed as an HTTP header, not in the request body. The @getToken@ call works because it doesn’t require a token itself.

According to the API documentation, you need to include two headers in your @addClient@ request:

@X-Company-Login@: Your company login, which is @anishtest@.

@X-User-Token@: The token you received from the successful @getToken@ call.

Your JSON payload for @addClient@ is correct, but the request is missing these required headers for authentication, which is why you’re getting the “Access denied” error.

h3. Example Request

Here is an example of what your complete request should look like using cURL. You can adapt this to whatever HTTP client you are using:


curl -X POST \
  https://user-api.simplybook.me/admin \
  -H "Content-Type: application/json" \
  -H "X-Company-Login: anishtest" \
  -H "X-User-Token: YOUR_TOKEN_FROM_GETTOKEN_RESPONSE" \
  -d '{
    "jsonrpc": "2.0",
    "method": "addClient",
    "params": [
      {
        "name": "John Do",
        "email": "john.doe5@example.com",
        "phone": "+11234567893",
        "password": "3453skjfhh$h$45"
      }
    ],
    "id": 55
  }'

h3. Correct Workflow

Call @getToken@ to retrieve a new session token.

In your next request to @addClient@ (or any other method), construct the request with the @X-Company-Login@ and @X-User-Token@ headers, using the token you just received.

This should resolve the “Access denied” issue. Let me know if you have any other questions!

Best regards,
Vetal
Simplybook Team