Resources/The Agent API Atlas/Scheduling/Cal.com

Everything an AI agent can do with the Cal.com API.

A reference guide for building AI agents: every method, how to authenticate, and the permissions each one needs.

Endpoints41

API version2024-08-13

Last updated23 June 2026

Orientation

How the Cal.com API works.

The Cal.com API is how an app or AI agent works with a Cal.com account: reading available times, booking a meeting, rescheduling or cancelling one, managing event types, and setting availability schedules. Access is granted through an API key or an OAuth access token, where a key is account-level with full access and an OAuth token is limited to the scopes it was granted. A booking, reschedule, or cancellation can be pushed to a registered webhook URL as a named trigger.

41Endpoints

9Capability groups

15Read

26Write

16Permissions

Authentication

Cal.com v2 authenticates with either an API key or an OAuth access token, both sent as a Bearer token over HTTPS. An API key is account-level: it carries no per-endpoint scopes and can do anything the account can, with test keys prefixed cal_ and live keys cal_live_. OAuth tokens are scope-restricted and expire after 30 minutes, refreshed with a refresh token. A separate Platform OAuth model authenticates managed users with the x-cal-client-id and x-cal-secret-key headers.

Permissions

Granular permissions exist only for OAuth. An OAuth token is limited to the scopes granted at authorization, like BOOKING_READ, BOOKING_WRITE, EVENT_TYPE_WRITE, SCHEDULE_READ, or APPS_READ, with TEAM_ and ORG_ prefixed variants for team and organization endpoints, where an ORG_ scope also grants the matching TEAM_ scope. A plain API key has no such scoping, so an agent given a raw key holds full account access. Some booking and slot endpoints are public and need no scope.

Versioning

The v2 API is pinned by date through the cal-api-version header, sent per request. There is no single global version: endpoint families document their own dated version, so bookings settle on 2026-02-25, slots on 2024-09-04, event types on 2024-06-14, schedules on 2024-06-11, and webhooks on 2021-10-20, while 2024-08-13 is the version the introduction leads with. An integration sends the date each method documents.

Data model

Cal.com is resource-oriented JSON over HTTPS at https://api.cal.com/v2. The core flow is bookings made against event types within the slots a schedule and connected calendars leave open. Every response is wrapped in an envelope with a status of success or error, the payload in data, and an error object on failure. A state change can be pushed to a webhook URL as a named trigger like BOOKING_CREATED.

Connect & authenticate

Connection & authentication methods.

How an app or AI agent connects to Cal.com determines what it can reach. There is a route for making calls, a route for receiving events, and a hosted server that exposes Cal.com tools to agents, and each is governed by the key or token behind it.

Ways to connect

REST API

The v2 REST API answers at https://api.cal.com/v2, takes and returns JSON, and wraps every response in an envelope with a status of success or error. Each request must send a cal-api-version header, a dated string the method documents, and authenticate with an API key or OAuth token over HTTPS.

Best forConnecting an app or AI agent to Cal.com.

Governed byThe key or token and, for OAuth, the scopes it carries.

Docs ↗

Webhooks

Cal.com POSTs a JSON payload to a registered URL when a chosen trigger fires, like BOOKING_CREATED or BOOKING_RESCHEDULED. A webhook can carry a secret so the receiver can verify the delivery came from Cal.com, and subscriptions are managed through the webhooks endpoints.

Best forReceiving Cal.com events at an app or AI agent.

Governed byThe secret set on the webhook subscription.

Docs ↗

MCP server (Model Context Protocol)

Cal.com's first-party MCP server lets an AI agent call Cal.com through the Model Context Protocol. The hosted server at https://mcp.cal.com/mcp uses Streamable HTTP transport and OAuth 2.1, so a client handles authorization automatically, and it exposes 34 tools across user profile, event types, bookings, schedules, availability, conferencing, routing forms, and organizations. A local instance can run with an API key. The source is at github.com/calcom/cal-mcp.

Best forConnecting an AI agent to Cal.com through MCP.

Governed byThe OAuth grant or the API key behind the server.

Docs ↗

Platform OAuth (managed users)

Platform customers create managed users and call on their behalf using the x-cal-client-id and x-cal-secret-key headers, with short-lived access tokens minted per managed user. Cal.com stopped offering new Platform plan signups on 15 December 2025.

Best forEmbedding Cal.com scheduling for many end users under one platform account.

Governed byThe platform OAuth client credentials and the managed user's access token.

Docs ↗

Authentication

API key

An API key authenticates as the account that created it and is sent as a Bearer token. A key is account-level: it carries no per-endpoint scopes, so it can call everything the account can. Test keys use the cal_ prefix and live keys use cal_live_.

TokenBearer API key (cal_ / cal_live_)

Best forServer-side calls for a single account.

Docs ↗

OAuth 2.0 (app integrations)

An OAuth client uses the authorization-code flow, with PKCE for public clients, and is granted a scoped access token that expires after 30 minutes, refreshed with a refresh token. Scopes restrict the token to specific resources, like BOOKING_READ or EVENT_TYPE_WRITE. A new OAuth client starts pending until Cal.com approves it.

TokenOAuth access token (Bearer), scope-restricted

Best forApp Store integrations acting on behalf of a Cal.com user.

Docs ↗

Platform OAuth client (managed users)

A platform OAuth client authenticates with the x-cal-client-id and x-cal-secret-key headers and mints short-lived access tokens for each managed user it creates. New Platform plan signups closed on 15 December 2025.

TokenClient id + secret headers, plus per-user access tokens

Best forMulti-user scheduling embedded under one platform account.

Docs ↗

Capability map

What an AI agent can do in Cal.com.

The Cal.com API is split into areas an agent can act on, like bookings, event types, available slots, schedules, calendars, and teams. Each area has its own methods, and a write to bookings or calendars changes a real meeting or someone's availability.

Bookings

8 endpoints

Create, read, and list bookings, and cancel, reschedule, confirm, decline, or mark a no-show.

A write here creates, moves, or cancels a real meeting.

View endpoints →

Event types

5 endpoints

List, read, create, update, and delete event types, the templates people book against.

A write here changes a real event type.

View endpoints →

Slots

4 endpoints

Read available time slots and reserve, update, or release a held slot.

A write here holds or releases a real slot.

View endpoints →

Schedules & availability

5 endpoints

List, read, create, update, and delete availability schedules.

A write here changes a real availability schedule.

View endpoints →

Calendars

4 endpoints

List connected calendars, read busy times, and start or end a calendar connection.

A write here connects or disconnects a real calendar.

View endpoints →

Me (profile)

2 endpoints

Read and update the authenticated user's profile.

A write here changes the user's real profile.

View endpoints →

Teams

5 endpoints

List, read, create, update, and delete teams.

A write here changes a real team.

View endpoints →

Webhooks

4 endpoints

List, read, create, update, and delete webhook subscriptions.

A write here changes where events are sent.

View endpoints →

Organizations

4 endpoints

Manage users within an organization, used by platform and enterprise customers.

A write here creates, updates, or deletes a real organization user.

View endpoints →

Endpoint reference

Every Cal.com API method.

Filter by method, access, or permission, or search any path. Select a row for version detail, rate limits, the related webhook event, and the source.

Hide deprecated

Method	Endpoint	What it does	Access	Permission	Version
Bookings Create, read, and list bookings, and cancel, reschedule, confirm, decline, or mark a no-show.8
POST	`/v2/bookings`	Create a regular, recurring, or instant booking against an event type.	write	`BOOKING_WRITE`	Current
Sends cal-api-version 2026-02-25. Authentication is optional for public booking pages; an OAuth token needs BOOKING_WRITE. A plain API key (cal_) is account-level and carries no per-endpoint scope. Acts onbooking Permission (capability)`BOOKING_WRITE` VersionAvailable since the API’s base version Webhook event`BOOKING_CREATED` Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/v2/bookings/{uid}`	Get a single booking by its uid.	read	`BOOKING_READ`	Current
An OAuth token needs BOOKING_READ. A plain API key is account-level full access. Acts onbooking Permission (capability)`BOOKING_READ` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/v2/bookings`	Get all bookings, filterable by status, attendee, event type, and date range.	read	`BOOKING_READ`	Current
An OAuth token needs BOOKING_READ. Returning another managed user's bookings needs that user's access token. Acts onbooking Permission (capability)`BOOKING_READ` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v2/bookings/{uid}/cancel`	Cancel a booking, optionally with a cancellation reason.	write	`BOOKING_WRITE`	Current
An OAuth token needs BOOKING_WRITE. Cancelling fires the BOOKING_CANCELLED webhook. Acts onbooking Permission (capability)`BOOKING_WRITE` VersionAvailable since the API’s base version Webhook event`BOOKING_CANCELLED` Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v2/bookings/{uid}/reschedule`	Reschedule a booking to a new start time, creating a new booking linked to the old one.	write	`BOOKING_WRITE`	Current
An OAuth token needs BOOKING_WRITE. Rescheduling fires the BOOKING_RESCHEDULED webhook. Acts onbooking Permission (capability)`BOOKING_WRITE` VersionAvailable since the API’s base version Webhook event`BOOKING_RESCHEDULED` Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v2/bookings/{uid}/confirm`	Confirm a booking that requires confirmation, accepting the request.	write	`BOOKING_WRITE`	Current
An OAuth token needs BOOKING_WRITE. Only applies to event types set to require confirmation. Acts onbooking Permission (capability)`BOOKING_WRITE` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v2/bookings/{uid}/decline`	Decline a booking that requires confirmation, rejecting the request.	write	`BOOKING_WRITE`	Current
An OAuth token needs BOOKING_WRITE. Declining fires the BOOKING_REJECTED webhook. Acts onbooking Permission (capability)`BOOKING_WRITE` VersionAvailable since the API’s base version Webhook event`BOOKING_REJECTED` Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v2/bookings/{uid}/mark-absent`	Mark a host or attendee as absent (a no-show) for a booking.	write	`BOOKING_WRITE`	Current
An OAuth token needs BOOKING_WRITE. Marking absence fires the BOOKING_NO_SHOW_UPDATED webhook. Acts onbooking Permission (capability)`BOOKING_WRITE` VersionAvailable since the API’s base version Webhook event`BOOKING_NO_SHOW_UPDATED` Rate limitStandard limits apply SourceOfficial documentation ↗
Event types List, read, create, update, and delete event types, the templates people book against.5
GET	`/v2/event-types`	Get all event types for a user, the templates people book against.	read	`EVENT_TYPE_READ`	Current
Sends cal-api-version 2024-06-14. An OAuth token needs EVENT_TYPE_READ. Acts onevent type Permission (capability)`EVENT_TYPE_READ` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/v2/event-types/{eventTypeId}`	Get a single event type by id.	read	`EVENT_TYPE_READ`	Current
An OAuth token needs EVENT_TYPE_READ. Acts onevent type Permission (capability)`EVENT_TYPE_READ` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v2/event-types`	Create an event type with length, location, and booking rules.	write	`EVENT_TYPE_WRITE`	Current
An OAuth token needs EVENT_TYPE_WRITE. Acts onevent type Permission (capability)`EVENT_TYPE_WRITE` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
PATCH	`/v2/event-types/{eventTypeId}`	Update an event type's settings.	write	`EVENT_TYPE_WRITE`	Current
An OAuth token needs EVENT_TYPE_WRITE. Acts onevent type Permission (capability)`EVENT_TYPE_WRITE` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
DELETE	`/v2/event-types/{eventTypeId}`	Delete an event type.	write	`EVENT_TYPE_WRITE`	Current
An OAuth token needs EVENT_TYPE_WRITE. Removes the booking page tied to it. Acts onevent type Permission (capability)`EVENT_TYPE_WRITE` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Slots Read available time slots and reserve, update, or release a held slot.4
GET	`/v2/slots`	Get available time slots for an event type over a date range.	read	—	Current
Sends cal-api-version 2024-09-04. Public for a booking page, so no scope is required; queryable by event type id, or by event type slug plus username. Acts onslot Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v2/slots/reservations`	Reserve a slot so it is held while a booking is completed, returning a reservation uid.	write	—	Current
Sends cal-api-version 2024-09-04. Holds the slot for a limited window; the returned reservationUid is used to update or release it. Acts onslot Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
PATCH	`/v2/slots/reservations/{uid}`	Update a reserved slot, such as extending the hold.	write	—	Current
Sends cal-api-version 2024-09-04. Identified by the reservationUid from reserve a slot. Acts onslot Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
DELETE	`/v2/slots/reservations/{uid}`	Release a reserved slot so it becomes bookable again.	write	—	Current
Sends cal-api-version 2024-09-04. Frees a hold made by reserve a slot. Acts onslot Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Schedules & availability List, read, create, update, and delete availability schedules.5
GET	`/v2/schedules`	Get all availability schedules for the authenticated user.	read	`SCHEDULE_READ`	Current
Sends cal-api-version 2024-06-11. An OAuth token needs SCHEDULE_READ. Acts onschedule Permission (capability)`SCHEDULE_READ` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/v2/schedules/{scheduleId}`	Get a single availability schedule by id.	read	`SCHEDULE_READ`	Current
An OAuth token needs SCHEDULE_READ. Acts onschedule Permission (capability)`SCHEDULE_READ` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v2/schedules`	Create an availability schedule with working hours and overrides.	write	`SCHEDULE_WRITE`	Current
An OAuth token needs SCHEDULE_WRITE. Acts onschedule Permission (capability)`SCHEDULE_WRITE` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
PATCH	`/v2/schedules/{scheduleId}`	Update an availability schedule's working hours or overrides.	write	`SCHEDULE_WRITE`	Current
An OAuth token needs SCHEDULE_WRITE. Changing availability affects which slots are offered. Acts onschedule Permission (capability)`SCHEDULE_WRITE` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
DELETE	`/v2/schedules/{scheduleId}`	Delete an availability schedule.	write	`SCHEDULE_WRITE`	Current
An OAuth token needs SCHEDULE_WRITE. Acts onschedule Permission (capability)`SCHEDULE_WRITE` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Calendars List connected calendars, read busy times, and start or end a calendar connection.4
GET	`/v2/calendars`	List the calendars connected to the authenticated user.	read	`APPS_READ`	Current
An OAuth token needs APPS_READ, the scope that covers calendar and app integrations. Acts oncalendar Permission (capability)`APPS_READ` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/v2/calendars/busy-times`	Get busy times across the user's connected calendars.	read	`APPS_READ`	Current
An OAuth token needs APPS_READ. Returns when the user is unavailable, used to compute open slots. Acts oncalendar Permission (capability)`APPS_READ` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/v2/calendars/{calendar}/connect`	Get the OAuth connect URL to start connecting a Google or Outlook calendar.	read	`APPS_READ`	Current
An OAuth token needs APPS_READ. Returns a URL the user visits to grant calendar access. Acts oncalendar Permission (capability)`APPS_READ` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v2/calendars/{calendar}/disconnect`	Disconnect a connected calendar from the user.	write	`APPS_WRITE`	Current
An OAuth token needs APPS_WRITE. Removes the calendar's availability and event syncing. Acts oncalendar Permission (capability)`APPS_WRITE` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Me (profile) Read and update the authenticated user's profile.2
GET	`/v2/me`	Get the authenticated user's profile.	read	`PROFILE_READ`	Current
An OAuth token needs PROFILE_READ. A plain API key resolves to the key owner's account. Acts onprofile Permission (capability)`PROFILE_READ` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
PATCH	`/v2/me`	Update the authenticated user's profile, such as name, time zone, or week start.	write	`PROFILE_WRITE`	Current
An OAuth token needs PROFILE_WRITE. Acts onprofile Permission (capability)`PROFILE_WRITE` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Teams List, read, create, update, and delete teams.5
GET	`/v2/teams`	Get the teams the authenticated user belongs to.	read	`TEAM_READ`	Current
An OAuth token needs the team-level read scope. A plain API key returns the key owner's teams. Acts onteam Permission (capability)`TEAM_READ` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/v2/teams/{teamId}`	Get a single team by id.	read	`TEAM_READ`	Current
An OAuth token needs the team-level read scope; membership in the team is also required. Acts onteam Permission (capability)`TEAM_READ` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v2/teams`	Create a team.	write	`TEAM_WRITE`	Current
An OAuth token needs the team-level write scope. The creator becomes the team owner. Acts onteam Permission (capability)`TEAM_WRITE` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
PATCH	`/v2/teams/{teamId}`	Update a team's settings.	write	`TEAM_WRITE`	Current
An OAuth token needs the team-level write scope, and an owner or admin role on the team. Acts onteam Permission (capability)`TEAM_WRITE` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
DELETE	`/v2/teams/{teamId}`	Delete a team.	write	`TEAM_WRITE`	Current
An OAuth token needs the team-level write scope, and an owner role on the team. Acts onteam Permission (capability)`TEAM_WRITE` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Webhooks List, read, create, update, and delete webhook subscriptions.4
GET	`/v2/webhooks`	Get all webhook subscriptions for the account.	read	`WEBHOOK_READ`	Current
Sends cal-api-version 2021-10-20, the version the webhooks family documents. An OAuth token needs WEBHOOK_READ. Acts onwebhook Permission (capability)`WEBHOOK_READ` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v2/webhooks`	Create a webhook subscription, choosing the triggers and the destination URL.	write	`WEBHOOK_WRITE`	Current
Sends cal-api-version 2021-10-20. An OAuth token needs WEBHOOK_WRITE. A secret can be set to sign deliveries. Acts onwebhook Permission (capability)`WEBHOOK_WRITE` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
PATCH	`/v2/webhooks/{webhookId}`	Update a webhook subscription's triggers, URL, or active state.	write	`WEBHOOK_WRITE`	Current
Sends cal-api-version 2021-10-20. An OAuth token needs WEBHOOK_WRITE. Acts onwebhook Permission (capability)`WEBHOOK_WRITE` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
DELETE	`/v2/webhooks/{webhookId}`	Delete a webhook subscription.	write	`WEBHOOK_WRITE`	Current
Sends cal-api-version 2021-10-20. An OAuth token needs WEBHOOK_WRITE. Acts onwebhook Permission (capability)`WEBHOOK_WRITE` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Organizations Manage users within an organization, used by platform and enterprise customers.4
GET	`/v2/organizations/{orgId}/users`	Get all users in an organization (platform and enterprise).	read	`ORG_USERS_READ`	Current
An ORG_ scope automatically grants the matching TEAM_ scope. Organization endpoints are for platform and enterprise customers. Acts onorganization user Permission (capability)`ORG_USERS_READ` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v2/organizations/{orgId}/users`	Create a user within an organization.	write	`ORG_USERS_WRITE`	Current
Needs an organization-level write scope and an owner or admin role on the organization. Acts onorganization user Permission (capability)`ORG_USERS_WRITE` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
PATCH	`/v2/organizations/{orgId}/users/{userId}`	Update a user within an organization.	write	`ORG_USERS_WRITE`	Current
Needs an organization-level write scope. Acts onorganization user Permission (capability)`ORG_USERS_WRITE` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
DELETE	`/v2/organizations/{orgId}/users/{userId}`	Delete a user from an organization.	write	`ORG_USERS_WRITE`	Current
Needs an organization-level write scope and an owner or admin role on the organization. Acts onorganization user Permission (capability)`ORG_USERS_WRITE` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗

No endpoints match those filters.

Webhooks

Webhook events.

Cal.com can notify an app when something happens in an account, like a booking being created, rescheduled, or cancelled. It posts a payload describing the trigger to a registered URL, so an integration learns about activity without polling.

Event	What it signals	Triggered by
`BOOKING_CREATED`	A booking was created against an event type.	`/v2/bookings`
`BOOKING_RESCHEDULED`	A booking was rescheduled to a new time.	`/v2/bookings/{uid}/reschedule`
`BOOKING_CANCELLED`	A booking was cancelled.	`/v2/bookings/{uid}/cancel`
`BOOKING_REQUESTED`	A booking was requested on an event type that requires confirmation, and is awaiting a decision.	`/v2/bookings`
`BOOKING_REJECTED`	A booking that required confirmation was declined.	`/v2/bookings/{uid}/decline`
`BOOKING_NO_SHOW_UPDATED`	A host or attendee was marked present or absent for a booking.	`/v2/bookings/{uid}/mark-absent`
`BOOKING_PAID`	A paid booking was paid for.	In-app only
`MEETING_STARTED`	A Cal Video meeting for a booking started.	In-app only
`MEETING_ENDED`	A Cal Video meeting for a booking ended.	In-app only
`RECORDING_READY`	A Cal Video recording for a booking finished processing and is available.	In-app only
`FORM_SUBMITTED`	A routing form was submitted.	In-app only
`OOO_CREATED`	An out-of-office entry was created.	In-app only

No events match that search.

Rate limits & pagination

Rate limits, pagination & request size.

Cal.com limits how fast an app or AI agent can call, by a request rate measured per minute against the API key or token making the call.

Request rate

Cal.com meters requests by rate against the API key or token making the call, not by a per-method cost. The default is 120 requests per minute, and Cal.com can raise it on request to a higher ceiling such as 200 per minute, or further with potential charges. The same default applies to unauthenticated calls on public booking endpoints. Going over returns HTTP 429.

Pagination

List endpoints page with take and skip query parameters, where take sets the page size and skip is the offset, and some organization list endpoints use cursor-based pagination instead. The response data carries the page of results inside the success envelope.

Request size

Requests and responses are JSON. Every response is wrapped in an envelope with a status of success or error, the payload in data, and, on failure, an error object with a code and message.

Errors

Status codes & error handling.

The status codes an agent should handle, and what to do about each.

Status	Code	Meaning	What to do
400	`BAD_REQUEST`	The request was malformed or a required field is missing or invalid. The error object names the problem in its message.	Read the error message, fix the request body or parameters, and resend.
401	`UNAUTHORIZED`	Authentication is missing or invalid. Requests without authentication, and plain HTTP requests, fail.	Send a valid API key or OAuth access token as a Bearer token over HTTPS.
403	`FORBIDDEN`	The caller is authenticated but not permitted, for example an OAuth token without the required scope or a membership role too low for the action.	Grant the missing scope on the OAuth client, or use a key or role that holds the permission.
404	`NOT_FOUND`	The requested resource does not exist or is not visible to this caller.	Verify the id in the path and confirm the caller has access to it.
429	`TOO_MANY_REQUESTS`	The rate limit was exceeded, by default 120 requests per minute against the key or token.	Slow the request rate and retry with backoff, or request a higher limit from Cal.com.
500	`INTERNAL_SERVER_ERROR`	An error on Cal.com's side. It is uncommon.	Retry with backoff, and contact Cal.com support if it persists.

Versioning & freshness

Version history.

Cal.com pins the v2 API by date through the cal-api-version header. The date is chosen per request, and different endpoint families settle on different dated versions, so an integration sends the version that each method documents.

Version history

What changed, and when

Latest version2024-08-13

2024-08-13Current version

v2 dated versioning (the version the introduction leads with)

The v2 API is pinned by date through the cal-api-version header on every request. There is no single global version string: each endpoint family documents its own dated version, and the introduction leads with 2024-08-13. An integration sends the version the method it calls documents.

What changed

Bookings document cal-api-version 2026-02-25.
Slots document cal-api-version 2024-09-04.
Event types document cal-api-version 2024-06-14.
Schedules document cal-api-version 2024-06-11.
Webhooks document cal-api-version 2021-10-20.

2026-02-25Feature update

Bookings version

The dated version the bookings endpoints document, used to create, get, list, cancel, reschedule, confirm, decline, and mark absence on bookings.

2024-09-04Feature update

Slots version

The dated version the slots endpoints document, used to read available times and to reserve, update, or release a held slot.

2024-06-14Feature update

Event types version

The dated version the event-types endpoints document.

2024-06-11Feature update

Schedules version

The dated version the schedules endpoints document.

2021-10-20Feature update

Webhooks version

The dated version the webhooks endpoints document, the only version their schema accepts.

Send the dated version each method documents, and move up deliberately.

Cal.com API v2 reference ↗

Questions

Cal.com API, answered.

Do Cal.com API keys have per-endpoint permissions?+

No. A Cal.com API key is account-level. It authenticates as the account that created it and carries no scopes, so it can call any endpoint that account is entitled to. Granular, per-resource permissions exist only for OAuth access tokens, which are limited to the scopes granted at authorization. An agent handed a raw API key therefore holds full account access, which is the gap a gateway in front closes.

What is the cal-api-version header and which value do I send?+

Every v2 request must send a cal-api-version header, a dated string that pins the request to a version of the API. There is no single value for the whole API: each endpoint family documents its own date. Bookings use 2026-02-25, slots use 2024-09-04, event types use 2024-06-14, schedules use 2024-06-11, and webhooks use 2021-10-20. Send the version the method's reference page shows.

API key or OAuth, which should I use?+

An API key suits server-side automation for a single account and is the quickest to set up, but it is account-level with no scoping. OAuth suits an integration acting on behalf of a Cal.com user, gives scope-restricted tokens like BOOKING_READ or EVENT_TYPE_WRITE, and is required for an App Store listing. Platform OAuth, a separate model using client-id and secret-key headers, is for managing many end users under one platform account.

What are the rate limits?+

The default is 120 requests per minute, measured against the API key or token making the call, and the same default applies to unauthenticated calls on public booking endpoints. Cal.com can raise it on request to a higher ceiling such as 200 per minute, and further with potential charges. Exceeding the limit returns HTTP 429, so a client should slow down and retry with backoff.

How do I receive events instead of polling?+

Register a webhook that POSTs to a URL when a chosen trigger fires, such as BOOKING_CREATED, BOOKING_RESCHEDULED, BOOKING_CANCELLED, BOOKING_REQUESTED, MEETING_ENDED, or RECORDING_READY. Subscriptions are created and managed through the webhooks endpoints, which themselves send cal-api-version 2021-10-20. A secret can be set on the subscription so the receiver can verify each delivery came from Cal.com.

Does Cal.com have an official MCP server for AI agents?+

Yes. Cal.com ships a first-party Model Context Protocol server, sourced at github.com/calcom/cal-mcp. The hosted server at https://mcp.cal.com/mcp uses Streamable HTTP transport and OAuth 2.1, so a compatible client handles authorization automatically, and it exposes 34 tools across user profile, event types, bookings, schedules, availability, conferencing, routing forms, and organizations. A local instance can run with an API key instead.

How do I get available times and turn one into a booking?+

Read open times from the slots endpoint, queried by event type id, or by event type slug plus username, over a date range. To hold a slot while a booking is finalized, reserve it, which returns a reservationUid used to update or release the hold. Create the booking with the bookings endpoint, which fires the BOOKING_CREATED webhook, or BOOKING_REQUESTED if the event type requires confirmation.

What is Bollard AI?

Control what every AI agent can do in Cal.com.

Bollard AI sits between a team's AI agents and Cal.com. Grant each agent exactly the access it needs, read or write, resource by resource, and every call is checked and logged.

Set read, write, or full access per agent, never a shared Cal.com key.
Denied by default, so an agent reaches only what has been explicitly allowed.
Every call recorded in plain English: who, what, where, and the decision.

Control Cal.com access in Bollard Browse all APIs →

Cal.com

Scheduling Agent

View available slots ResourceOffReadFull use

Book meetings ActionOffReadFull use

Cancel bookings ActionOffReadFull use

Event types ResourceOffReadFull use

Per-agent access, set in Bollard AI, not in Cal.com

How the Cal.com API works.

Connection & authentication methods.

REST API

Webhooks

MCP server (Model Context Protocol)

Platform OAuth (managed users)

API key

OAuth 2.0 (app integrations)

Platform OAuth client (managed users)

What an AI agent can do in Cal.com.

Bookings

Event types

Slots

Schedules & availability

Calendars

Me (profile)

Teams

Webhooks

Organizations

Every Cal.com API method.

Bookings

Event types

Slots

Schedules & availability

Calendars

Me (profile)

Teams

Webhooks

Organizations

Webhook events.

Rate limits, pagination & request size.

Request rate

Pagination

Request size

Status codes & error handling.

Version history.

What changed, and when

Cal.com API, answered.

More scheduling API guides for agents

Google Calendar

Calendly

Acuity Scheduling

1Password

Control what every AI agent can do in Cal.com.