API Reference

All endpoints are rooted at the Schedule X Cloud API base URL.

https://cloud.schedule-x.com

Authentication Headers

Organization API token for server-side organization routes:

X-ScheduleX-Api-Key: sx_org_...

Organization API token for frontend-token exchange:

X-ScheduleX-Org-Token: sx_org_...

Frontend token for browser routes:

Authorization: Bearer sx_front_...

Users

Use the organization API token on your backend.

GET  /v1/orgs/{organizationId}/users
POST /v1/orgs/{organizationId}/users
GET  /v1/orgs/{organizationId}/memberships

Create user request:

{
  "email": "ada@example.com",
  "displayName": "Ada Lovelace",
  "role": "Member"
}

role can be Owner, Admin, Member, or Viewer.

Calendars

Use the organization API token on your backend.

GET  /v1/orgs/{organizationId}/calendars
POST /v1/orgs/{organizationId}/calendars

Create calendar request:

{
  "name": "Work",
  "slug": "work",
  "colorName": "work",
  "lightMainColor": "#2563eb",
  "lightContainerColor": "#dbeafe",
  "lightOnContainerColor": "#172554"
}

Required fields are name, slug, and colorName.

Calendar response:

{
  "id": "...",
  "organizationId": "...",
  "createdByUserId": "...",
  "name": "Work",
  "slug": "work",
  "colorName": "work",
  "lightMainColor": "#2563eb",
  "lightContainerColor": "#dbeafe",
  "lightOnContainerColor": "#172554",
  "darkMainColor": null,
  "darkContainerColor": null,
  "darkOnContainerColor": null,
  "permissionMode": "InternalOnly",
  "createdAt": "2026-06-03T10:00:00Z",
  "updatedAt": "2026-06-03T10:00:00Z",
  "deletedAt": null
}

Frontend Token Exchange

Server routes use an organization API token.

POST /v1/orgs/{organizationId}/auth/frontend-token
X-ScheduleX-Org-Token: sx_org_...
Content-Type: application/json

Request:

{
  "userId": "..."
}

Response:

{
  "token": "sx_front_...",
  "organizationId": "...",
  "userId": "...",
  "expiresAt": "2026-05-28T12:00:00Z"
}

Browser

Browser routes use a frontend token:

Authorization: Bearer sx_front_...

Load Schedule X config:

GET /v1/schedule-x/config

Optional filters:

GET /v1/schedule-x/config?from=2026-05-01T00:00:00%2B00:00&to=2026-06-01T00:00:00%2B00:00&calendarIds=work,personal

Persist events:

POST   /v1/events
PATCH  /v1/events/{eventId}
DELETE /v1/events/{eventId}

Create event request:

{
  "calendarId": "...",
  "title": "Planning",
  "description": "Weekly planning session",
  "location": "Room 12",
  "start": "2026-06-10T09:00:00+02:00",
  "end": "2026-06-10T10:00:00+02:00",
  "timeZone": "Europe/Berlin",
  "isAllDay": false,
  "isPrivate": false,
  "recurrenceRule": null,
  "recurrenceExDates": [],
  "people": ["ada@example.com"]
}

Required fields are calendarId, start, end, and timeZone. start and end accept Schedule X date-time strings with an offset. timeZone must be a valid IANA or system time zone id.

Compatibility config endpoint:

GET /v1/orgs/{organizationId}/schedule-x/config

Frontend tokens cannot use that compatibility endpoint to read another organization.

Server Event Routes

Backend code can also list and create events with an organization token:

GET  /v1/orgs/{organizationId}/events
POST /v1/orgs/{organizationId}/events

The browser routes are preferred for user-initiated calendar editing because they preserve the frontend-token user as the event writer.

Subscriptions And Entitlements

GET /v1/orgs/{organizationId}/subscription
GET /v1/orgs/{organizationId}/entitlements

These endpoints return the organization subscription and enabled feature limits for the current plan.

Errors

Error responses use a JSON error envelope:

{
  "error": {
    "code": "invalid_event_time_range",
    "message": "Event end must be after event start."
  }
}

Common statuses:

Status	Meaning
`400`	Request body or query parameters are invalid
`401`	Missing or invalid credentials
`403`	The authenticated user cannot perform the action
`404`	The organization, calendar, user, or event was not found
`409`	A unique value, such as a slug or email, already exists
`429`	Rate limit exceeded