ApiSquare’s HTTP API is built with Next.js App Router route handlers. Every endpoint returns JSON. Public endpoints require no authentication. Admin endpoints require anDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/shadownrx/apisquare/llms.txt
Use this file to discover all available pages before exploring further.
admin_session cookie, which is issued as an HttpOnly cookie when you call POST /api/admin/login with valid credentials. All requests and responses use Content-Type: application/json.
Base URL
All Endpoints
| Method | Path | Auth | Description |
|---|---|---|---|
GET | /api | None | Service info and endpoint list |
GET | /api/healthcheck | None | Liveness probe |
POST | /api/webhook | None (Telegram signature) | Telegram webhook receiver |
GET | /api/webhook | None | Webhook verification no-op |
POST | /api/admin/login | None | Authenticate and get session cookie |
POST | /api/admin/logout | Session cookie | Invalidate session |
GET | /api/admin/reservations | Session cookie | List all reservations |
DELETE | /api/admin/reservations | Session cookie | Delete a reservation by ID |
GET | /api/admin/config | Session cookie | Get bot configuration |
PUT | /api/admin/config | Session cookie | Update bot configuration |
Authentication
ApiSquare uses two authentication tiers: Public endpoints —/api, /api/healthcheck, GET /api/webhook, and POST /api/webhook — require no authentication. Telegram delivers webhook updates to POST /api/webhook without any API key; the endpoint trusts the Telegram platform directly.
Admin endpoints — every route under /api/admin/ except POST /api/admin/login — require a valid admin_session cookie:
- Call
POST /api/admin/loginwith your admin credentials. - On success, the server sets an
HttpOnly admin_sessioncookie in the response. - Include that cookie with every subsequent admin request.
- Session tokens are stored in Vercel KV with a 7-day TTL.
- Call
POST /api/admin/logoutto invalidate the session immediately.
HTTP 401 status code.
Response Format
All responses areapplication/json. Successful responses vary by endpoint and are documented on each individual endpoint page. Error responses always follow this shape:
The Telegram webhook endpoint (
POST /api/webhook) always returns HTTP 200
with {"status":"ok"} — even when an internal error occurs — to prevent
Telegram from retrying the same update.