openapi: 3.0.3 info: title: Simrik — Website booking API version: 1.0.0 description: > Minimal REST API for the **public marketing website** to list bookable services and submit appointment requests. ## Typical flow 1. **List services** — `GET /api/v1/services` — show service names, duration, and price on the booking form. 2. **Create booking** — `POST /api/v1/bookings` — send customer details, selected service IDs, and appointment **start time**. ## Appointment time Send a single ISO 8601 datetime in `scheduledAt` (appointment **start**). The website can estimate end time by summing `durationMinutes` from the selected services. ## CORS Browser calls from the marketing site require `MKT_CORS_ORIGIN` on the Simrik server (comma-separated allowed origins). ## Idempotency Send header `Idempotency-Key: ` on `POST /api/v1/bookings` so retries after network failures do not create duplicate bookings. tags: - name: Services description: Bookable services for the website picker - name: Bookings description: Submit appointment requests paths: /api/v1/services: get: tags: - Services summary: List active services description: Returns active services sorted by title. Use `id` when creating a booking; display `title`, `durationMinutes`, and `priceCents` on the website. operationId: listServices parameters: - $ref: "#/components/parameters/page" - $ref: "#/components/parameters/limit" - name: q in: query description: Optional title search (case-insensitive contains). schema: type: string maxLength: 120 - name: id in: query description: Fetch a single service by numeric ID (returns empty `docs` if inactive or missing). schema: type: integer minimum: 1 responses: "200": description: Paginated services content: application/json: schema: $ref: "#/components/schemas/ServiceListResponse" examples: sample: value: docs: - id: 1 title: Cut & blow dry slug: cut-blow-dry durationMinutes: 60 priceCents: 8500 description: Classic cut and finish. totalDocs: 1 totalPages: 1 page: 1 limit: 20 "400": $ref: "#/components/responses/ValidationErrorResponse" /api/v1/bookings: post: tags: - Bookings summary: Create booking request description: > Creates a **pending** appointment request. Salon staff confirm or adjust it in the staff portal. Triggers a “booking received” email when `customerEmail` is valid and email is configured. operationId: createBooking parameters: - name: Idempotency-Key in: header description: Optional UUID; same key returns the original response on retry. schema: type: string format: uuid requestBody: required: true content: application/json: schema: $ref: "#/components/schemas/BookingCreateRequest" examples: websiteForm: summary: Website booking form value: customerName: Jane Doe customerEmail: jane@example.com customerPhone: 021 123 4567 customerPhoneCountry: NZ scheduledAt: 2026-06-15T14:00:00.000Z serviceIds: - "1" - "3" notes: Prefer afternoon if possible. responses: "201": description: Booking created (status `pending`) content: application/json: schema: $ref: "#/components/schemas/BookingCreateResponse" examples: created: value: doc: id: 42 customerName: Jane Doe customerEmail: jane@example.com customerPhone: "+64211234567" status: pending scheduledAt: 2026-06-15T14:00:00.000Z serviceIds: - 1 - 3 notes: Prefer afternoon if possible. "400": $ref: "#/components/responses/ValidationErrorResponse" "429": description: Rate limited (60 requests per minute per IP) content: application/json: schema: $ref: "#/components/schemas/SimpleError" components: parameters: page: name: page in: query schema: type: integer minimum: 1 default: 1 limit: name: limit in: query schema: type: integer minimum: 1 maximum: 200 default: 20 responses: ValidationErrorResponse: description: Request validation failed content: application/json: schema: $ref: "#/components/schemas/ValidationError" schemas: SimpleError: type: object properties: error: type: string required: - error ValidationError: type: object properties: errors: type: object additionalProperties: true error: type: string Service: type: object description: Active salon service (category may be expanded when `depth` is used server-side). properties: id: type: integer title: type: string description: Display name for the website. slug: type: string durationMinutes: type: integer description: Service length in minutes (use to show time range on the site). priceCents: type: integer description: Price in NZD cents (4500 = $45.00). description: type: string nullable: true active: type: boolean nullable: true ServiceListResponse: type: object properties: docs: type: array items: $ref: "#/components/schemas/Service" totalDocs: type: integer totalPages: type: integer page: type: integer limit: type: integer required: - docs - totalDocs - totalPages - page - limit BookingCreateRequest: type: object required: - customerName - customerEmail - customerPhone - scheduledAt - serviceIds properties: customerName: type: string minLength: 1 maxLength: 200 description: Customer full name (stored on the booking and synced to CRM as `name`). customerEmail: type: string format: email customerPhone: type: string maxLength: 40 description: > National number for `customerPhoneCountry`, or full international form starting with `+`. Stored normalized to E.164 (e.g. `+64211234567`). customerPhoneCountry: type: string minLength: 2 maxLength: 2 default: NZ description: ISO 3166-1 alpha-2 country code for phone parsing. scheduledAt: type: string format: date-time description: Appointment **start** time (ISO 8601, UTC or offset). serviceIds: type: array minItems: 1 items: type: string pattern: ^\\d+$ description: Numeric service IDs from `GET /api/v1/services` (strings, e.g. `"1"`). Unknown or inactive IDs return `400`. notes: type: string maxLength: 2000 description: Optional message from the customer. BookingCreateResponse: type: object properties: doc: type: object properties: id: type: integer customerName: type: string customerEmail: type: string nullable: true customerPhone: type: string nullable: true status: type: string enum: - pending - confirmed - completed - cancelled scheduledAt: type: string format: date-time serviceIds: type: array items: type: integer notes: type: string nullable: true required: - id - customerName - status - scheduledAt - serviceIds required: - doc servers: - url: https://app.simrikhairandbeautysalon.com description: Current deployment