Skip to main content

Calendar API

Connect a Google Calendar account and manage events, check availability, and schedule directly through the API.
All calendar endpoints require an authenticated session. Use the connect flow to authorize Google Calendar access before calling event endpoints.

Authentication

All calendar endpoints require a valid NextAuth session. The user identity is derived from your session — you never pass a userId directly. Unauthenticated requests receive a 401 response.

Base URL

Check connection status

Returns whether the authenticated user has a Google Calendar connected. If the request is unauthenticated, returns { "connected": false } without an error.

Query parameters

Response

Connect calendar

Initiates the Google Calendar OAuth flow. Returns an authorization URL that the user must visit to grant calendar access. The OAuth state parameter is cryptographically signed (HMAC) to bind the callback to the authenticated session.

Request body

Response

Redirect the user to authUrl to begin the OAuth consent flow. After granting access, Google redirects to the callback endpoint below.

Errors

OAuth callback

Handles the OAuth authorization code exchange after Google redirects the user back from the consent screen. You do not call this endpoint directly — Google redirects to it automatically.

Query parameters

Behavior

On success, this endpoint:
  1. Verifies the HMAC signature on the state parameter and checks that it has not expired (10-minute window).
  2. Exchanges the authorization code for access and refresh tokens.
  3. Retrieves the user’s primary calendar ID and timezone.
  4. Stores the connection for future API calls, keyed to the verified user from the signed state.
  5. Redirects to /dashboard/calendar?connected=true.

Error redirects

If an error occurs, the endpoint redirects to /dashboard/calendar with an error query parameter:

Start OAuth (redirect)

Redirects the browser directly to the Google OAuth consent screen. This is an alternative to the POST-based connect flow — use it when you want a simple link-based authorization. Requires an authenticated session; unauthenticated users are redirected to the login page.

Query parameters

List events

Returns calendar events within a date range.

Query parameters

Response

Errors

Check availability

Returns available and busy time slots for a given date. Slots are one hour each, from 09:00 to 23:00.

Query parameters

Response

Errors

Create event

Creates a new calendar event.

Request body

Example request

Response

Errors

Update event

Updates an existing calendar event. Only the fields you include are changed.

Request body

Response

Errors

Delete event

Deletes a calendar event.

Request body

Response

Errors

Quick add

Creates an event from a natural language string using Google Calendar’s quick-add feature.

Request body

Response

Errors