Public API Basket Authentication

When calling the baskets API for a new basket, the response will include:-

  • an Auth token associated with the basket,
  • a Session Cookie, and
  • a Basket Id.

All three of the above items are required for all subsequent baskets API calls, ie to add or remove services or attendees and to checkout the basket.

curl --location --globoff '{{basket_id}}/checkout?client[id]={{clientid}}' \
--header 'Content-Type: application/json' \
--header 'App-Id: {{app-id}}' \
--header 'Auth-Token: {{auth-token}}' \
--header 'Accept: application/json' \
--header 'Cookie: {{session-cookie}}' \
--data-raw '{
    "email": "[email protected]",
    "reference": "ABC123456",
    "no_notifications": false,
    "is_admin": false

The Auth-Token issued on the POST Baskets call ensures the booking channel is set to “Client”. Typically the Auth-Token will be valid for 15 minutes however it is configurable to your requirements for Public booking journeys.