ServicesGrid OS API
A REST API for everything in your workspace — members, bookings, payments, subscriptions, and webhooks. JSON in, JSON out. Authenticated with bearer keys.
Quick start
- Generate a key. In the admin dashboard go to Settings → API Keys and click Create key. Choose scopes and copy the
sk_live_…value once — we never show it again. - Make a request. Set the
Authorizationheader toBearer {your_key}and the base URL tohttps://api.servicesgridos.com/api/v1. - Listen for events. Register a webhook URL to receive real-time updates, signed with HMAC-SHA256.
Authentication
All requests authenticate with a bearer API key. Keys are tenant-scoped — every request automatically operates on your workspace's data only.
bashcurl https://api.servicesgridos.com/api/v1/members \
-H "Authorization: Bearer sk_live_abc123…"Keys are SHA-256 hashed on our side — even we cannot retrieve the raw value. If you lose a key, revoke it and create a new one. Each key carries a list of scopes (read, write, full_access) you set at creation.
Base URL & rate limits
| Base URL | https://api.servicesgridos.com/api/v1 |
|---|---|
| Content type | application/json |
| Rate limit | 120 requests / minute per API key |
| Pagination | ?page=1&limit=50 — max limit=200 |
Endpoints
The most-used endpoints are listed below. Every endpoint scoped by the tenant whose key you're using — there is no ?tenant= parameter.
Members
/membersList members (paginated, supports ?status= and ?search=)/members/:idFetch a single member by ID/membersCreate a member/members/:idUpdate member fieldsBookings
/bookingsList bookings (supports ?from= / ?to= ISO dates)/bookings/:idFetch a single booking/bookingsCreate a booking on behalf of a member/bookings/:idCancel a booking (subject to your cancellation policy)Payments
/paymentsList payments with status, amount, member/payments/:idFetch a single payment recordWebhooks
/webhooks/endpointsList your configured webhook endpoints/webhooks/endpointsRegister a new endpoint URL + event list/webhooks/endpoints/:idRemove an endpointResponse format
Successful responses follow this envelope:
json{
"success": true,
"data": { "id": "mbr_abc123", "name": "Akua Mensah", ... }
}Errors follow this shape — non-2xx HTTP status:
json{
"success": false,
"error": "Member not found",
"code": "not_found"
}Webhooks
Register an endpoint URL and subscribe to events. We deliver via POST with a JSON body, signed by X-ServicesGrid OS-Signature using HMAC-SHA256 of the raw request body and your endpoint secret.
Available events
booking.createdbooking.updatedbooking.cancelledmember.createdmember.updatedpayment.succeededpayment.failedpayment.refundedsubscription.createdsubscription.updatedsubscription.canceledcheckin.recordedVerifying signatures (Node.js example)
javascriptimport crypto from "crypto";
function verifySpectrumWebhook(rawBody, signatureHeader, endpointSecret) {
const expected = crypto
.createHmac("sha256", endpointSecret)
.update(rawBody)
.digest("hex");
// constant-time comparison
return crypto.timingSafeEqual(
Buffer.from(signatureHeader),
Buffer.from(expected)
);
}Endpoints that return non-2xx 10 times in a row are automatically disabled. You'll see the failure log in Settings → Webhooks and can re-enable manually.
Error reference
| Status | Code | Meaning |
|---|---|---|
| 400 | validation_error | Request body failed validation |
| 401 | unauthorized | Missing or invalid API key |
| 403 | forbidden | Key lacks the required scope |
| 404 | not_found | Resource does not exist or is not in your tenant |
| 409 | conflict | Resource state conflict (e.g. double-booking) |
| 429 | rate_limited | 120 req/min exceeded — retry with backoff |
| 500 | server_error | Something on our end — please report |
Ready to integrate?
Generate your first key inside the admin dashboard — it takes about 20 seconds. API access is available on supported workspaces and rollout paths.
An API that does what it says.
Versioned, documented, signed. Start with 14-day free trial and review the API-ready rollout path for your workspace.