Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/shadownrx/apisquare/llms.txt

Use this file to discover all available pages before exploring further.

ApiSquare’s HTTP API is built with Next.js App Router route handlers. Every endpoint returns JSON. Public endpoints require no authentication. Admin endpoints require an admin_session cookie, which is issued as an HttpOnly cookie when you call POST /api/admin/login with valid credentials. All requests and responses use Content-Type: application/json.

Base URL

https://your-deployment.vercel.app

All Endpoints

MethodPathAuthDescription
GET/apiNoneService info and endpoint list
GET/api/healthcheckNoneLiveness probe
POST/api/webhookNone (Telegram signature)Telegram webhook receiver
GET/api/webhookNoneWebhook verification no-op
POST/api/admin/loginNoneAuthenticate and get session cookie
POST/api/admin/logoutSession cookieInvalidate session
GET/api/admin/reservationsSession cookieList all reservations
DELETE/api/admin/reservationsSession cookieDelete a reservation by ID
GET/api/admin/configSession cookieGet bot configuration
PUT/api/admin/configSession cookieUpdate bot configuration

Authentication

ApiSquare uses two authentication tiers: Public endpoints/api, /api/healthcheck, GET /api/webhook, and POST /api/webhook — require no authentication. Telegram delivers webhook updates to POST /api/webhook without any API key; the endpoint trusts the Telegram platform directly. Admin endpoints — every route under /api/admin/ except POST /api/admin/login — require a valid admin_session cookie:
  1. Call POST /api/admin/login with your admin credentials.
  2. On success, the server sets an HttpOnly admin_session cookie in the response.
  3. Include that cookie with every subsequent admin request.
  4. Session tokens are stored in Vercel KV with a 7-day TTL.
  5. Call POST /api/admin/logout to invalidate the session immediately.
Requests to admin endpoints that lack a valid session cookie return:
{ "error": "No autorizado" }
with an HTTP 401 status code.

Response Format

All responses are application/json. Successful responses vary by endpoint and are documented on each individual endpoint page. Error responses always follow this shape:
{ "error": "<description>" }
The Telegram webhook endpoint (POST /api/webhook) always returns HTTP 200 with {"status":"ok"} — even when an internal error occurs — to prevent Telegram from retrying the same update.

Build docs developers (and LLMs) love