API Access Types
meetergo provides two distinct API access levels, each designed for different integration scenarios:Personal Access Token
Growth plan and aboveTied to your individual user account. Ideal for personal automations and single-user integrations.
Platform API Key
Enterprise / API PlatformFull platform access for building multi-tenant applications and managing multiple users programmatically.
Personal Access Token
A Personal Access Token is scoped to your individual user account only. It can only read and write data for the specific user who created it. Best for:- Zapier automations
- Personal CRM integrations
- Syncing with Google Sheets or Airtable
- Individual workflow automation
- Cannot create new users
- Cannot query availability for other team members
- Cannot create bookings on behalf of other users
- Cannot access company-wide settings or data
Platform API Key
A Platform API Key provides full administrative access to your meetergo organization. It can create and manage users, access all resources, and perform operations across your entire account. Best for:- Building a scheduling marketplace
- White-label integrations
- Telehealth or coaching platforms
- Hiring and recruitment software
- Any multi-tenant application
- Create and manage platform users programmatically
- Access availability for all users
- Create bookings on behalf of any user
- Manage meeting types across the organization
- Access webhooks and real-time events
Need Platform API access? Book a demo to discuss your integration requirements.
API Key Format
Required Headers
| Header | Required | Description |
|---|---|---|
Authorization | Yes | Bearer <your-api-key> |
x-meetergo-api-user-id | Most endpoints | UUID of the user context |
Content-Type | POST/PUT/PATCH | application/json |
Authorization Header
User Context Header
Thex-meetergo-api-user-id header specifies which user’s context to use. Required for endpoints that operate on user-specific data.
Get your user ID by calling
/v4/user/me, or use the userId returned when creating a user.Creating API Keys
Personal Access Token
1
Navigate to Integrations
Go to my.meetergo.com/integrations and find the API card
2
Create a new token
Click Connect and give it a descriptive name (e.g., “Zapier”, “CRM Sync”)
3
Set expiration
Choose an expiration period. Tokens expire automatically for security.
4
Copy immediately
The token is shown only once. Store it securely.
Platform API Key
1
Navigate to API Settings
Go to my.meetergo.com/admin/api-keys (Settings → API tab)
2
Create a new key
Click Create API Key and give it a descriptive name (e.g., “Production”, “Staging”)
3
Set expiration
Choose 1-365 days. Keys expire automatically for security.
4
Copy immediately
The key is shown only once. Store it securely.
Example Request
Key Management
Rotation Strategy
Keys expire after 1-90 days. Plan rotation before expiration:- Create a new key before the old one expires
- Update your application to use the new key
- Old key automatically stops working after expiration
Deactivating Keys
Temporarily disable a key without deleting it:- Go to my.meetergo.com/admin/api-keys
- Find the key and click Deactivate
- Click Activate to re-enable later
Revoking Compromised Keys
If a key is compromised:- Go to my.meetergo.com/admin/api-keys
- Click Revoke to permanently delete it
- Create a new key immediately
- Update your application
Permissions
Personal Access Token Permissions
| Resource | Read | Write | Create | Delete |
|---|---|---|---|---|
| Own user profile | ✅ | ✅ | - | - |
| Own meeting types | ✅ | ✅ | ✅ | ✅ |
| Own availability | ✅ | ✅ | ✅ | ✅ |
| Own bookings | ✅ | ✅ | ✅ | ✅ |
| Other users | ❌ | ❌ | ❌ | ❌ |
| Company settings | ❌ | ❌ | - | - |
| Webhooks | ❌ | ❌ | ❌ | ❌ |
Platform API Key Permissions
| Resource | Read | Write | Create | Delete |
|---|---|---|---|---|
| All users | ✅ | ✅ | ✅ | ✅ |
| All meeting types | ✅ | ✅ | ✅ | ✅ |
| All availability | ✅ | ✅ | ✅ | ✅ |
| All bookings | ✅ | ✅ | ✅ | ✅ |
| Company settings | ✅ | ✅ | - | - |
| Webhooks | ✅ | ✅ | ✅ | ✅ |
Platform API Keys require the
x-meetergo-api-user-id header to specify which user context to use for operations.Error Responses
Missing Authorization Header
Invalid API Key
Expired API Key
Missing User Header
Invalid User
Security Best Practices
Do
- Store keys in environment variables or secrets managers
- Use different keys for development and production
- Rotate keys regularly (before the 90-day expiration)
- Monitor API usage for unexpected activity
- Use HTTPS for all requests (enforced by our API)
Don’t
- Commit keys to version control
- Share keys via email, chat, or insecure channels
- Log API keys in application logs
- Use the same key across unrelated applications
- Store keys in frontend JavaScript