Skip to content
API

Sessions exposes its data through two APIs with different audiences and sign-in models — pick the one that matches your integration. Both speak GraphQL today.

Two APIs

Sessions exposes two APIs with different audiences and sign-in models — both over GraphQL today. Pick the one that matches your integration.

Public API

Anonymous and embed-scoped access to public business data — discovery, schedules, checkout. Cookie or Bearer-JWT auth.

Business API

Server-to-server access to one business’s own data — participants, registrations, purchases. API-key auth with scopes.

Two authentication models

Each API signs requests its own way:

  • Public API

    — a session cookie from the Sessions web app, or an `Authorization: Bearer <jwt>` for server-to-server and embed-scoped callers.

  • Business API

    — a scoped, server-to-server API key sent as a Bearer token — no user session, bound to one business.
Public API guideBusiness API guide
API