Skip to main content

Calendar API

Connect a Google Calendar account and manage events, check availability, and schedule directly through the API.
All calendar endpoints require an authenticated session. Use the connect flow to authorize Google Calendar access before calling event endpoints.

Authentication

All calendar endpoints require a valid NextAuth session. The user identity is derived from your session — you never pass a userId directly. Unauthenticated requests receive a 401 response.

Base URL

Default response

When no action query parameter is provided, the endpoint returns a summary of available actions.

Response

FieldTypeDescription
messagestringEndpoint identifier
actionsstring[]List of supported action values for GET requests

Check connection status

Returns whether the authenticated user has a Google Calendar connected. If the request is unauthenticated, returns { "connected": false } without an error.

Query parameters

ParameterTypeRequiredDescription
actionstringYesMust be status

Response

FieldTypeDescription
connectedbooleantrue if the user has a Google Calendar connected, false otherwise

Connect calendar

Initiates the Google Calendar OAuth flow. Returns an authorization URL that the user must visit to grant calendar access. The OAuth state parameter is cryptographically signed (HMAC) to bind the callback to the authenticated session.

Request body

FieldTypeRequiredDescription
actionstringYesMust be connect

Response

Redirect the user to authUrl to begin the OAuth consent flow. After granting access, Google redirects to the callback endpoint below.

Errors

CodeDescription
401Not authenticated
400Invalid action

OAuth callback

Handles the OAuth authorization code exchange after Google redirects the user back from the consent screen. You do not call this endpoint directly — Google redirects to it automatically.

Query parameters

ParameterTypeDescription
codestringAuthorization code provided by Google
statestringHMAC-signed state token that encodes the authenticated user and a timestamp. The server verifies this signature before accepting the callback.
errorstringError code if the user denied access or an error occurred

Behavior

On success, this endpoint:
  1. Verifies the HMAC signature on the state parameter and checks that it has not expired (10-minute window).
  2. Exchanges the authorization code for access and refresh tokens.
  3. Retrieves the user’s primary calendar ID and timezone.
  4. Stores the connection for future API calls, keyed to the verified user from the signed state.
  5. Redirects to /dashboard/calendar?connected=true.

Error redirects

If an error occurs, the endpoint redirects to /dashboard/calendar with an error query parameter:
Redirect queryDescription
error=<google_error>The user denied access or Google returned an error
error=no_codeNo authorization code was present in the callback
error=missing_stateThe state parameter was not included in the callback
error=invalid_stateThe state signature is invalid or the state has expired
error=token_failedThe authorization code could not be exchanged for tokens
error=unknownAn unexpected error occurred during the callback

Start OAuth (redirect)

Redirects the browser directly to the Google OAuth consent screen. This is an alternative to the POST-based connect flow — use it when you want a simple link-based authorization. Requires an authenticated session; unauthenticated users are redirected to the login page.

Query parameters

ParameterTypeRequiredDescription
actionstringYesMust be auth

List events

Returns calendar events within a date range.

Query parameters

ParameterTypeRequiredDescription
actionstringYesMust be list
startstringNoISO 8601 start date. Defaults to now.
endstringNoISO 8601 end date. Defaults to 30 days from now.

Response

Errors

CodeDescription
401Not authenticated or calendar not connected

Check availability

Returns available and busy time slots for a given date. Slots are one hour each, from 09:00 to 23:00.

Query parameters

ParameterTypeRequiredDescription
actionstringYesMust be availability
datestringNoDate in YYYY-MM-DD format. Defaults to today.

Response

Errors

CodeDescription
401Not authenticated or calendar not connected

Create event

Creates a new calendar event.

Request body

FieldTypeRequiredDescription
actionstringYesMust be create-event
titlestringYesEvent title
startstringYesISO 8601 start time
endstringYesISO 8601 end time
descriptionstringNoEvent description
locationstringNoEvent location
attendeesstring[]NoList of attendee email addresses

Example request

Response

Errors

CodeDescription
401Not authenticated or calendar not connected
500Internal error

Update event

Updates an existing calendar event. Only the fields you include are changed.

Request body

FieldTypeRequiredDescription
actionstringYesMust be update-event
eventIdstringYesID of the event to update
titlestringNoUpdated event title
descriptionstringNoUpdated description
startstringNoUpdated start time (ISO 8601)
endstringNoUpdated end time (ISO 8601)
locationstringNoUpdated location

Response

Errors

CodeDescription
401Not authenticated or calendar not connected
500Internal error

Delete event

Deletes a calendar event.

Request body

FieldTypeRequiredDescription
actionstringYesMust be delete-event
eventIdstringYesID of the event to delete

Response

Errors

CodeDescription
401Not authenticated or calendar not connected
500Internal error

Quick add

Creates an event from a natural language string using Google Calendar’s quick-add feature.

Request body

FieldTypeRequiredDescription
actionstringYesMust be quick-add
textstringYesNatural language event description (for example, "Meeting with Sarah tomorrow at 3pm")

Response

Errors

CodeDescription
401Not authenticated or calendar not connected
500Internal error