Partner Booking API Documentation
Use this API to authenticate partner users, check availability, prepare bookings, create bookings, and retrieve booking details.
All API payloads are JSON. Protected endpoints require a Bearer token returned by the token endpoint. The authenticated user context supplies the restaurant, partner, booking mode, payment method, booking type, partner type, language, and web user values used by booking procedures.
Connection
Authentication
Login with the partner email and password. The token response includes the access token and public user/config values that are reused by the booking endpoints.
https://api.upavouka.com/api/auth/token
| Field | Type | Required |
|---|---|---|
email or username | string | yes |
password | string | yes |
RestaurantID | integer | resolved automatically from the access domain (1 on this host) |
Authorization header for every protected endpoint.
curl -X POST "https://api.upavouka.com/api/auth/token" \
-H "Content-Type: application/json" \
-d '{
"email": "fp@hotmail.com",
"password": "test"
}'
{
"success": true,
"data": {
"token": {
"token": "***",
"type": "Bearer",
"expires_at": 1811314322
}
}
}
Response Format
Every endpoint returns a JSON envelope. Successful calls use success: true. Failed calls include an error object with a code and message.
Request completed successfully.
Bearer token is missing, expired, or invalid.
Validation failed or SQL procedure rejected the JSON structure.
Create token
Authenticates a partner user and returns a Bearer token. The restaurant is resolved from the access domain — on this host requests use RestaurantID: 1.
| Field | Type | Required |
|---|---|---|
email or username | string | yes |
password | string | yes |
RestaurantID | integer | resolved from the access domain |
curl -X POST "https://api.upavouka.com/api/auth/token" \
-H "Content-Type: application/json" \
-d '{
"email": "fp@hotmail.com",
"password": "test"
}'
{
"success": true,
"data": {
"token": {
"token": "***",
"type": "Bearer",
"expires_at": 1811314322
}
}
}
{
"success": false,
"error": {
"code": 401,
"message": "Invalid credentials"
}
}
My timezone
Returns the caller's timezone resolved by IP geolocation. Falls back to the server default timezone when the IP is private or the lookup fails.
No authentication required. The timezone returned can be used as the Timezone field in the Availability endpoint.
curl -X GET "https://api.upavouka.com/api/mytimezone"
{
"success": true,
"data": {
"ip": "203.0.113.45",
"timezone": "Europe/Belgrade",
"source": "geolocation"
},
"error": null
}
{
"success": true,
"data": {
"ip": "::1",
"timezone": "UTC",
"source": "server_default"
},
"error": null
}
All timezones
Returns every IANA timezone identifier accepted by the Timezone field of the Availability endpoint. Use this list to validate or present timezone choices to users.
No authentication required.
curl -X GET "https://api.upavouka.com/api/gettimezone"
{
"success": true,
"data": {
"count": 419,
"timezones": [
"Africa/Abidjan",
"Africa/Accra",
"Europe/Belgrade",
"Europe/Berlin",
"Europe/London",
"US/Pacific",
"UTC",
"..."
]
},
"error": null
}
Availability
Returns availability for the authenticated user's restaurant. RestaurantID is taken from the Bearer token context. Optionally pass Timezone (IANA identifier) to localize dates; invalid values are rejected with Invalid timezone/date.
| Field | Type | Required |
|---|---|---|
StartDate | date | yes |
EndDate | date | yes |
CategoryID | integer | optional |
Timezone | string | optional |
Timezone accepts any IANA identifier (e.g. Europe/Belgrade). Use My timezone to detect the caller's timezone or All timezones for the full list. Invalid values are rejected with Invalid timezone/date.
curl -X POST "https://api.upavouka.com/api/availability" \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"StartDate": "2026-06-10",
"EndDate": "2026-06-20",
"Timezone": "Europe/Belgrade"
}'
{
"success": true,
"data": [
{
"TargetDate": "2026-06-10",
"ShowID": 1,
"CategoryID": 3,
"Available": true,
"AvailableQuantity": 12
}
],
"statusCode": 200
}
{
"success": false,
"data": [],
"error": {
"code": 401,
"message": "Unauthorized"
}
}
Prepare booking
Prepares a booking for a show/date and returns available booking items/options from the SQL procedure.
| Field | Type | Required |
|---|---|---|
ShowID | integer | yes |
TargetDate | date-time | yes |
BookingMode | integer | yes |
CategoryID | integer | optional |
curl -X POST "https://api.upavouka.com/api/booking/prepare" \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"ShowID": 1,
"TargetDate": "2026-06-10T00:00:00",
"BookingMode": 3
}'
{
"success": true,
"data": {
"ShowID": 1,
"TargetDate": "2026-06-10T00:00:00",
"BookingMode": 3,
"Items": [
{
"ItemKey": 123,
"Name": "Adult",
"Quantity": 1,
"Price": 25
}
]
},
"statusCode": 200
}
{
"success": false,
"data": [],
"error": {
"code": 422,
"message": "Validation error",
"details": {
"ShowID": [
"The ShowID field is required and must be an integer."
],
"TargetDate": [
"The TargetDate field is required and must be a valid date (Y-m-d)."
],
"BookingMode": [
"The BookingMode field is required and must be an integer."
]
}
}
}
Create booking
Creates a booking using authenticated user context and the selected items from the prepare step.
| Field | Type | Required |
|---|---|---|
ShowID | integer | yes |
TargetDate | date | yes |
CustomerName | string | yes |
Phone | string | yes |
Email | yes | |
Note | string | optional |
Items | array | yes |
curl -X POST "https://api.upavouka.com/api/booking/book" \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"ShowID": 1,
"TargetDate": "2026-06-10",
"CustomerName": "John Doe",
"Phone": "+38970123456",
"Email": "john@example.com",
"Note": "Birthday reservation",
"Items": [
{
"ItemKey": 123,
"Quantity": 2
}
]
}'
{
"success": true,
"data": {
"BookingID": 12345,
"BookingNumber": "BK-12345",
"TargetDate": "2026-06-10",
"CustomerName": "John Doe",
"Phone": "+38970123456",
"Email": "john@example.com",
"Status": "Created"
},
"statusCode": 200
}
{
"success": false,
"data": [],
"error": {
"code": 422,
"message": "Validation error",
"details": {
"ShowID": [
"The ShowID field is required and must be an integer."
],
"TargetDate": [
"The TargetDate field is required and must be a valid date (Y-m-d)."
],
"CustomerName": [
"The CustomerName field is required and must be a non-empty string."
],
"Phone": [
"The Phone field is required and must be a valid string."
],
"Email": [
"The Email field is required and must be a valid email address."
],
"Items.0.ItemKey": [
"The ItemKey field is required and must be an integer."
],
"Items.0.Quantity": [
"The Quantity field is required and must be a positive integer."
]
}
}
}
Get booking
Returns one booking by ID for the authenticated user's restaurant and partner.
curl -X GET "https://api.upavouka.com/api/booking?BookingID=12345" \
-H "Authorization: Bearer YOUR_TOKEN"
{
"success": true,
"data": {
"BookingID": 12345,
"BookingNumber": "BK-12345",
"TargetDate": "2026-06-10",
"CustomerName": "John Doe",
"Phone": "+38970123456",
"Email": "john@example.com",
"Status": "Created",
"RestaurantID": 1,
"PartnerID": 100,
"ShowID": 1
}
}
{
"success": false,
"data": [],
"error": {
"code": 401,
"message": "Unauthorized"
}
}
Errors
Validation errors and SQL procedure errors are returned through the same JSON envelope.
{
"success": false,
"data": [],
"statusCode": 400,
"error": {
"code": 102,
"message": "Invalid JSON structure: Mandatory fields are missing.",
"sql_response": {
"error": 102,
"description": "Invalid JSON structure: Mandatory fields are missing.",
"data": []
}
}
}
401means authentication failed or token context is missing.422means local request validation failed before calling SQL Server.400can be returned by the SQL procedure when the JSON contract is rejected.
OpenAPI Resources
The interactive Swagger UI and generated OpenAPI JSON remain available for testing, SDK generation, and automated tooling.