Skip to main content

Calendar API

Connect a Google Calendar account and manage events, check availability, and schedule directly through the API.
All calendar endpoints require an authenticated session. Use the connect flow to authorize Google Calendar access before calling event endpoints.

Authentication

All calendar endpoints require a valid NextAuth session. The user identity is derived from your session — you never pass a userId directly. Unauthenticated requests receive a 401 response.

Base URL

https://agentbot.raveculture.xyz/api/calendar

Check connection status

GET /api/calendar?action=status
Returns whether the authenticated user has a Google Calendar connected. If the request is unauthenticated, returns { "connected": false } without an error.

Query parameters

ParameterTypeRequiredDescription
actionstringYesMust be status

Response

{
  "connected": true
}
FieldTypeDescription
connectedbooleantrue if the user has a Google Calendar connected, false otherwise

Connect calendar

POST /api/calendar
Initiates the Google Calendar OAuth flow. Returns an authorization URL that the user must visit to grant calendar access. The OAuth state parameter is cryptographically signed (HMAC) to bind the callback to the authenticated session.

Request body

FieldTypeRequiredDescription
actionstringYesMust be connect

Response

{
  "authUrl": "https://accounts.google.com/o/oauth2/v2/auth?..."
}
Redirect the user to authUrl to begin the OAuth consent flow. After granting access, Google redirects to the callback endpoint below.

Errors

CodeDescription
401Not authenticated
400Invalid action

OAuth callback

GET /api/calendar/callback
Handles the OAuth authorization code exchange after Google redirects the user back from the consent screen. You do not call this endpoint directly — Google redirects to it automatically.

Query parameters

ParameterTypeDescription
codestringAuthorization code provided by Google
statestringHMAC-signed state token that encodes the authenticated user and a timestamp. The server verifies this signature before accepting the callback.
errorstringError code if the user denied access or an error occurred

Behavior

On success, this endpoint:
  1. Verifies the HMAC signature on the state parameter and checks that it has not expired (10-minute window).
  2. Exchanges the authorization code for access and refresh tokens.
  3. Retrieves the user’s primary calendar ID and timezone.
  4. Stores the connection for future API calls, keyed to the verified user from the signed state.
  5. Redirects to /dashboard/calendar?connected=true.

Error redirects

If an error occurs, the endpoint redirects to /dashboard/calendar with an error query parameter:
Redirect queryDescription
error=<google_error>The user denied access or Google returned an error
error=no_codeNo authorization code was present in the callback
error=missing_stateThe state parameter was not included in the callback
error=invalid_stateThe state signature is invalid or the state has expired
error=token_failedThe authorization code could not be exchanged for tokens
error=unknownAn unexpected error occurred during the callback

Start OAuth (redirect)

GET /api/calendar?action=auth
Redirects the browser directly to the Google OAuth consent screen. This is an alternative to the POST-based connect flow — use it when you want a simple link-based authorization. Requires an authenticated session; unauthenticated users are redirected to the login page.

Query parameters

ParameterTypeRequiredDescription
actionstringYesMust be auth

List events

GET /api/calendar?action=list
Returns calendar events within a date range.

Query parameters

ParameterTypeRequiredDescription
actionstringYesMust be list
startstringNoISO 8601 start date. Defaults to now.
endstringNoISO 8601 end date. Defaults to 30 days from now.

Response

{
  "events": [
    {
      "id": "event_abc123",
      "summary": "Team standup",
      "start": { "dateTime": "2026-03-24T10:00:00Z" },
      "end": { "dateTime": "2026-03-24T10:30:00Z" },
      "location": "Zoom"
    }
  ],
  "timezone": "America/New_York"
}

Errors

CodeDescription
401Not authenticated or calendar not connected

Check availability

GET /api/calendar?action=availability
Returns available and busy time slots for a given date. Slots are one hour each, from 09:00 to 23:00.

Query parameters

ParameterTypeRequiredDescription
actionstringYesMust be availability
datestringNoDate in YYYY-MM-DD format. Defaults to today.

Response

{
  "availableSlots": [
    { "start": "2026-03-24T09:00:00", "end": "2026-03-24T10:00:00" },
    { "start": "2026-03-24T11:00:00", "end": "2026-03-24T12:00:00" }
  ],
  "busySlots": [
    { "start": "2026-03-24T10:00:00Z", "end": "2026-03-24T11:00:00Z" }
  ],
  "date": "2026-03-24"
}

Errors

CodeDescription
401Not authenticated or calendar not connected

Create event

POST /api/calendar
Creates a new calendar event.

Request body

FieldTypeRequiredDescription
actionstringYesMust be create-event
titlestringYesEvent title
startstringYesISO 8601 start time
endstringYesISO 8601 end time
descriptionstringNoEvent description
locationstringNoEvent location
attendeesstring[]NoList of attendee email addresses

Example request

{
  "action": "create-event",
  "title": "DJ Set @ Warehouse",
  "start": "2026-03-28T22:00:00Z",
  "end": "2026-03-29T02:00:00Z",
  "location": "Warehouse 42, London",
  "attendees": ["promoter@example.com"]
}

Response

{
  "success": true,
  "eventId": "event_abc123",
  "event": {
    "id": "event_abc123",
    "summary": "DJ Set @ Warehouse",
    "start": { "dateTime": "2026-03-28T22:00:00Z" },
    "end": { "dateTime": "2026-03-29T02:00:00Z" }
  }
}

Errors

CodeDescription
401Not authenticated or calendar not connected
500Internal error

Update event

POST /api/calendar
Updates an existing calendar event. Only the fields you include are changed.

Request body

FieldTypeRequiredDescription
actionstringYesMust be update-event
eventIdstringYesID of the event to update
titlestringNoUpdated event title
descriptionstringNoUpdated description
startstringNoUpdated start time (ISO 8601)
endstringNoUpdated end time (ISO 8601)
locationstringNoUpdated location

Response

{
  "success": true,
  "event": { "id": "event_abc123", "summary": "Updated title" }
}

Errors

CodeDescription
401Not authenticated or calendar not connected
500Internal error

Delete event

POST /api/calendar
Deletes a calendar event.

Request body

FieldTypeRequiredDescription
actionstringYesMust be delete-event
eventIdstringYesID of the event to delete

Response

{
  "success": true
}

Errors

CodeDescription
401Not authenticated or calendar not connected
500Internal error

Quick add

POST /api/calendar
Creates an event from a natural language string using Google Calendar’s quick-add feature.

Request body

FieldTypeRequiredDescription
actionstringYesMust be quick-add
textstringYesNatural language event description (for example, "Meeting with Sarah tomorrow at 3pm")

Response

{
  "success": true,
  "eventId": "event_abc123"
}

Errors

CodeDescription
401Not authenticated or calendar not connected
500Internal error