API documentation
REST API + webhooks. Everything you need to wire your systems into MiEspacio in a day.
Getting Started
Base URL
All API requests are made to the following base URL:
/api//v1Public endpoints can be accessed without authentication. Authenticated endpoints require a Bearer token obtained through the login endpoint.
Endpoints
Public Endpoints
These endpoints are available without authentication.
| Method | URL | Description | Auth |
|---|---|---|---|
| GET | /companies | List companies | No |
| GET | /companies/{slug} | Company details | No |
| GET | /companies/{slug}/services | Company services | No |
| GET | /companies/{slug}/reviews | Company reviews | No |
| GET | /companies/{uuid}/booking/availability | Booking availability | No |
| POST | /companies/{uuid}/bookings | Create booking | No |
| GET | /restaurants | List restaurants | No |
| GET | /events | List events | No |
| GET | /vacancies | List jobs | No |
| GET | /blog/posts | Blog posts | No |
| GET | /business-types | Business types | No |
| GET | /platform-stats | Platform statistics | No |
Authentication Endpoints
Used for obtaining and managing access tokens.
| Method | URL | Description | Auth |
|---|---|---|---|
| POST | /auth/login | Login | No |
| POST | /auth/register | Register | No |
| POST | /auth/refresh | Refresh token | Yes |
| GET | /auth/me | Current user | Yes |
Authentication
MiEspacio uses Bearer token authentication powered by Laravel Sanctum. To access authenticated endpoints:
- Send a POST request to /auth/login with your credentials.
- Include the returned token in the Authorization header of subsequent requests.
- Refresh the token before it expires using the refresh endpoint.
Example header:
Authorization: Bearer your-token-hereRate Limits
API requests are rate-limited per IP address to ensure fair usage.
| Scope | Limit |
|---|---|
| Public endpoints | 2,000 req/min |
| Booking endpoints | 300 req/min |
| Auth endpoints | 25 req/min |
When the limit is exceeded, you will receive a 429 Too Many Requests response. The Retry-After header indicates how many seconds to wait.
Response Format
All responses are returned in JSON format. Successful responses typically follow this structure:
{
"data": [
{
"id": 1,
"name": "La Maison Barcelona",
"slug": "la-maison-barcelona"
}
],
"meta": {
"current_page": 1,
"last_page": 4,
"per_page": 20,
"total": 78
}
}Paginated responses include standard Laravel pagination metadata (current_page, last_page, per_page, total).
Error Codes
The API uses standard HTTP status codes to indicate the outcome of a request.
| Code | Meaning |
|---|---|
200 | OK — Request succeeded |
201 | Created — Resource created successfully |
400 | Bad Request — Invalid request parameters |
401 | Unauthorized — Missing or invalid authentication |
403 | Forbidden — Insufficient permissions |
404 | Not Found — Resource does not exist |
422 | Unprocessable Entity — Validation errors |
429 | Too Many Requests — Rate limit exceeded |
500 | Internal Server Error — Something went wrong on our end |
Error responses include a message and, where applicable, a structured error code:
{
"message": "The selected time slot is no longer available.",
"errors": {
"slot": [
"Please choose another available time."
]
}
}