U Pavouka · RestaurantID 1 https://api.upavouka.com/api
Dashboard Swagger UI

Partner Booking API Documentation

Use this API to authenticate partner users, check availability, prepare bookings, create bookings, and retrieve booking details.

All API payloads are JSON. Protected endpoints require a Bearer token returned by the token endpoint. The authenticated user context supplies the restaurant, partner, booking mode, payment method, booking type, partner type, language, and web user values used by booking procedures.

Connection

Base URL https://api.upavouka.com/api
Restaurant U Pavouka (RestaurantID: 1)
Content type application/json
Authorization Authorization: Bearer {token}
POST /auth/token

Authentication

Login with the partner email and password. The token response includes the access token and public user/config values that are reused by the booking endpoints.

https://api.upavouka.com/api/auth/token

FieldTypeRequired
email or usernamestringyes
passwordstringyes
RestaurantIDintegerresolved automatically from the access domain (1 on this host)
Important: Store the returned token on the client and send it in the Authorization header for every protected endpoint.
Request
curl -X POST "https://api.upavouka.com/api/auth/token" \
  -H "Content-Type: application/json" \
  -d '{
    "email": "fp@hotmail.com",
    "password": "test"
  }'
Token response example
{
  "success": true,
  "data": {
    "token": {
      "token": "***",
      "type": "Bearer",
      "expires_at": 1811314322
    }
  }
}

Response Format

Every endpoint returns a JSON envelope. Successful calls use success: true. Failed calls include an error object with a code and message.

200

Request completed successfully.

401

Bearer token is missing, expired, or invalid.

422 / 400

Validation failed or SQL procedure rejected the JSON structure.

POST /auth/token

Create token

Authenticates a partner user and returns a Bearer token. The restaurant is resolved from the access domain — on this host requests use RestaurantID: 1.

FieldTypeRequired
email or usernamestringyes
passwordstringyes
RestaurantIDintegerresolved from the access domain
Request
curl -X POST "https://api.upavouka.com/api/auth/token" \
  -H "Content-Type: application/json" \
  -d '{
    "email": "fp@hotmail.com",
    "password": "test"
  }'
Successful response example
{
  "success": true,
  "data": {
    "token": {
      "token": "***",
      "type": "Bearer",
      "expires_at": 1811314322
    }
  }
}
Invalid response example
{
  "success": false,
  "error": {
    "code": 401,
    "message": "Invalid credentials"
  }
}
GET /mytimezone

My timezone

Returns the caller's timezone resolved by IP geolocation. Falls back to the server default timezone when the IP is private or the lookup fails.

No authentication required. The timezone returned can be used as the Timezone field in the Availability endpoint.

Request
curl -X GET "https://api.upavouka.com/api/mytimezone"
Response example
{
  "success": true,
  "data": {
    "ip": "203.0.113.45",
    "timezone": "Europe/Belgrade",
    "source": "geolocation"
  },
  "error": null
}
Fallback response (private IP)
{
  "success": true,
  "data": {
    "ip": "::1",
    "timezone": "UTC",
    "source": "server_default"
  },
  "error": null
}
GET /gettimezone

All timezones

Returns every IANA timezone identifier accepted by the Timezone field of the Availability endpoint. Use this list to validate or present timezone choices to users.

No authentication required.

Request
curl -X GET "https://api.upavouka.com/api/gettimezone"
Response example
{
  "success": true,
  "data": {
    "count": 419,
    "timezones": [
      "Africa/Abidjan",
      "Africa/Accra",
      "Europe/Belgrade",
      "Europe/Berlin",
      "Europe/London",
      "US/Pacific",
      "UTC",
      "..."
    ]
  },
  "error": null
}
POST /availability

Availability

Returns availability for the authenticated user's restaurant. RestaurantID is taken from the Bearer token context. Optionally pass Timezone (IANA identifier) to localize dates; invalid values are rejected with Invalid timezone/date.

FieldTypeRequired
StartDatedateyes
EndDatedateyes
CategoryIDintegeroptional
Timezonestringoptional

Timezone accepts any IANA identifier (e.g. Europe/Belgrade). Use My timezone to detect the caller's timezone or All timezones for the full list. Invalid values are rejected with Invalid timezone/date.

Request
curl -X POST "https://api.upavouka.com/api/availability" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "StartDate": "2026-06-10",
    "EndDate": "2026-06-20",
    "Timezone": "Europe/Belgrade"
  }'
Successful response example
{
  "success": true,
  "data": [
    {
      "TargetDate": "2026-06-10",
      "ShowID": 1,
      "CategoryID": 3,
      "Available": true,
      "AvailableQuantity": 12
    }
  ],
  "statusCode": 200
}
Invalid response example
{
  "success": false,
  "data": [],
  "error": {
    "code": 401,
    "message": "Unauthorized"
  }
}
POST /booking/prepare

Prepare booking

Prepares a booking for a show/date and returns available booking items/options from the SQL procedure.

FieldTypeRequired
ShowIDintegeryes
TargetDatedate-timeyes
BookingModeintegeryes
CategoryIDintegeroptional
Request
curl -X POST "https://api.upavouka.com/api/booking/prepare" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "ShowID": 1,
    "TargetDate": "2026-06-10T00:00:00",
    "BookingMode": 3
  }'
Successful response example
{
  "success": true,
  "data": {
    "ShowID": 1,
    "TargetDate": "2026-06-10T00:00:00",
    "BookingMode": 3,
    "Items": [
      {
        "ItemKey": 123,
        "Name": "Adult",
        "Quantity": 1,
        "Price": 25
      }
    ]
  },
  "statusCode": 200
}
Invalid response example
{
  "success": false,
  "data": [],
  "error": {
    "code": 422,
    "message": "Validation error",
    "details": {
      "ShowID": [
        "The ShowID field is required and must be an integer."
      ],
      "TargetDate": [
        "The TargetDate field is required and must be a valid date (Y-m-d)."
      ],
      "BookingMode": [
        "The BookingMode field is required and must be an integer."
      ]
    }
  }
}
POST /booking/book

Create booking

Creates a booking using authenticated user context and the selected items from the prepare step.

FieldTypeRequired
ShowIDintegeryes
TargetDatedateyes
CustomerNamestringyes
Phonestringyes
Emailemailyes
Notestringoptional
Itemsarrayyes
Request
curl -X POST "https://api.upavouka.com/api/booking/book" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "ShowID": 1,
    "TargetDate": "2026-06-10",
    "CustomerName": "John Doe",
    "Phone": "+38970123456",
    "Email": "john@example.com",
    "Note": "Birthday reservation",
    "Items": [
      {
        "ItemKey": 123,
        "Quantity": 2
      }
    ]
  }'
Successful response example
{
  "success": true,
  "data": {
    "BookingID": 12345,
    "BookingNumber": "BK-12345",
    "TargetDate": "2026-06-10",
    "CustomerName": "John Doe",
    "Phone": "+38970123456",
    "Email": "john@example.com",
    "Status": "Created"
  },
  "statusCode": 200
}
Invalid response example
{
  "success": false,
  "data": [],
  "error": {
    "code": 422,
    "message": "Validation error",
    "details": {
      "ShowID": [
        "The ShowID field is required and must be an integer."
      ],
      "TargetDate": [
        "The TargetDate field is required and must be a valid date (Y-m-d)."
      ],
      "CustomerName": [
        "The CustomerName field is required and must be a non-empty string."
      ],
      "Phone": [
        "The Phone field is required and must be a valid string."
      ],
      "Email": [
        "The Email field is required and must be a valid email address."
      ],
      "Items.0.ItemKey": [
        "The ItemKey field is required and must be an integer."
      ],
      "Items.0.Quantity": [
        "The Quantity field is required and must be a positive integer."
      ]
    }
  }
}
GET /booking?BookingID={id}

Get booking

Returns one booking by ID for the authenticated user's restaurant and partner.

Request
curl -X GET "https://api.upavouka.com/api/booking?BookingID=12345" \
  -H "Authorization: Bearer YOUR_TOKEN"
Successful response example
{
  "success": true,
  "data": {
    "BookingID": 12345,
    "BookingNumber": "BK-12345",
    "TargetDate": "2026-06-10",
    "CustomerName": "John Doe",
    "Phone": "+38970123456",
    "Email": "john@example.com",
    "Status": "Created",
    "RestaurantID": 1,
    "PartnerID": 100,
    "ShowID": 1
  }
}
Invalid response example
{
  "success": false,
  "data": [],
  "error": {
    "code": 401,
    "message": "Unauthorized"
  }
}

Errors

Validation errors and SQL procedure errors are returned through the same JSON envelope.

Error response
{
  "success": false,
  "data": [],
  "statusCode": 400,
  "error": {
    "code": 102,
    "message": "Invalid JSON structure: Mandatory fields are missing.",
    "sql_response": {
      "error": 102,
      "description": "Invalid JSON structure: Mandatory fields are missing.",
      "data": []
    }
  }
}
  • 401 means authentication failed or token context is missing.
  • 422 means local request validation failed before calling SQL Server.
  • 400 can be returned by the SQL procedure when the JSON contract is rejected.

OpenAPI Resources

The interactive Swagger UI and generated OpenAPI JSON remain available for testing, SDK generation, and automated tooling.