coreplus API

The coreplus API provides access to appointment booking related end points, such as clients, practitioners, availability slots and appointments. It is a RESTful API, which utilises the HTTP verbs for creating viewing objects.

If you are a developer looking to create an external consumer server to server application for your coreplus clients, then by signing up for a sandbox account you will get access to your own trial coreplus account on our sandbox server with authorisation credentials.

If you have any questions regarding the API documentation, please do not hesitate to contact us at


Access to the API is controlled by authentication and authorization permissions in coreplus. Each consumer application of the coreplus API is provided with a Consumer Id, Consumer Secret and an Access Token for authentication. The API URL, and consumer details (Consumer Id & Consumer Secret) can be found when setting up your add-on application as per the Create a coreplus add-on page

It is essential for security that you do not disclose your consumer application details to anyone outside of your team.

This API is intended for server to server transactions and is not suitable transactions directly with end user mobile or desktop applications. The API should not be called by in browser scripts. It is expected that API calls would be made by a backend service on server which may be connected to a UI.


  1. The API request will be directed to the appropriate URL for the requested endpoint. All communication with the API is done over HTTPS.
  2. The request should include an authorization header (for the purposes of this header it’s essentially a dictionary with 2 fields). The first field of the authorization headeris a key named “Authorization” and a value with an authorized Json Web Token ( ) identifying the Consumer. The second field of the authorization header will have the key “content-type” and a value of “application/json”


The Request

The following is an example of a location GET request using the Python Request library directed towards the sandbox server.

*Note that the URL mentioned below may be a different version to the current version. Please refer Current API Version

response = requests.get( "" , verify=True, headers=authorization_header, timeout=45) 

Depending on the development tools you are using there may be additional information or different values required to send an API request, but primarily an endpoint URL and an authorization header are required.


The Authorization Header

The Authorization header contains the Authorization and the content type. The Authorization format should contain the value of  “JwToken” which is then followed by a space and a Json Web Token. An example Authorization header may look like:

{"Authorization": "JwToken" + " " + eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhdWQiOiJodHRwczovL2NvcmVwbHVzLmNvbS5hdSIsImFjY2Vzc1Rva2VuIjoiMTQ0Y2QzZTItYjZkYy00OTlhLWFkNjItMjZjMDFiZmEyMGRiIiwiaHR0cE1ldGhvZCI6IkdFVCIsInVybCI6Imh0dHBzOi8vc2FuZGJveC5jb3JlcGx1cy5jb20uYXUvQVBJL0NvcmUvdjIvbG9jYXRpb24vIiwiaXNzIjoiaHR0cDovL25laWxzQXV0b3Rlc3RzLmNvbS5hdSIsIm5iZiI6MTQ5NjcyNTU2NiwiZXhwIjoxNDk2NzI1NjI2LCJjb25zdW1lcklkIjoiQ3VzdG9tRmllbGRUZXN0In0.T5Jn3hFELsVao6gHN5uLfcG8GBBtFmK-ztwv3kpgdmA,
"content-type": "application/json"}

Develop with us

Use the form to sign-up and start developing with coreplus today.

Please leave this field empty.