Getting started
The Trybe API is a RESTful HTTP API for managing spas, clubs and the businesses that run them. Resource URLs are predictable, every response is JSON, and every endpoint uses standard HTTP verbs and status codes. This page gets you from zero to your first successful request in under five minutes.
Base URLs
Trybe runs two completely isolated environments. The hostnames are the only thing that differs between them — the API surface and request/response shapes are identical.
| Environment | API base URL | Admin app |
|---|---|---|
| Production | https://api.try.be |
https://app.try.be |
| Playground | https://api.playground.try.be |
https://app.playground.try.be |
The playground is safe to break. Emails and SMS go only to a whitelist, and the payment provider is in test mode so no real money moves. Build against playground, then flip your base URL to production when you ship.
All requests must use HTTPS. Plain HTTP requests are rejected.
Get an API key
Trybe issues long-lived personal access tokens out-of-band. Contact your Onboarding Manager with the email address of the Trybe user the token should belong to and which environment(s) you need access to. You'll receive one token per environment. Treat them like passwords — they inherit the permissions of the user they were issued for.
If you also need to authenticate end-customers (members, guests) into your own website or app, see Single Sign On. The flow described below is for server-to-server calls; SSO is for browser-driven user sessions.
Your first request
Every request includes the token in the Authorization header. Here's a
complete request that lists the sites your token can see:
curl https://api.playground.try.be/sites \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Accept: application/json"
A successful response looks like this:
{
"data": [
{
"id": "00000000-0000-0000-0000-111111111111",
"name": "Palm Tree Spa",
"brand_id": "00000000-0000-0000-0000-222222222222",
"brand_name": "Palm Tree Holdings",
"country_code": "GB",
"currency": "GBP",
"locale": "en",
"timezone": "Europe/London",
"frontend_subdomain": "palmtreespa",
"organisation_id": "00000000-0000-0000-0000-333333333333",
"organisation_name": "Palm Tree Holdings Ltd.",
"external_id": null,
"is_read_only": false,
"created_at": "2024-01-15T09:30:00+00:00",
"onboarding_completed_at": "2024-01-22T14:00:00+00:00",
"billing_customer_id": "cus_…"
}
],
"links": {
"first": "https://api.playground.try.be/sites?page=1",
"last": "https://api.playground.try.be/sites?page=1",
"prev": null,
"next": null
},
"meta": {
"current_page": 1,
"from": 1,
"to": 1,
"total": 1,
"per_page": 15,
"last_page": 1
}
}
Site IDs are the most common path parameter you'll see across the API. Keep the one that matches the venue you're integrating with handy.
Request and response basics
- Request bodies are JSON. Set
Content-Type: application/jsononPOST,PUTandPATCHrequests. - Responses are JSON, UTF-8 encoded.
- Single-resource endpoints return
{ "data": { … } }. List endpoints return{ "data": [ … ], "links": { … }, "meta": { … } }— see pagination for the meta shape. - Timestamps are ISO 8601 with timezone offsets (
2024-08-19T16:05:34+00:00). - IDs are UUIDs unless documented otherwise.
- CORS is open: all responses include a wildcard
Access-Control-Allow-Origin, so browser clients can call the API directly when that fits your architecture.
Where to go next
- Authentication — full details on the Bearer token flow, common pitfalls, and how it differs from customer SSO.
- Errors — every error shape the API returns and how to handle each one.
- Pagination —
page,per_page, and how to walk a list end-to-end. - Rate limits — current posture and the backoff patterns you should ship with regardless.
- Versioning — what's stable, what's not, and how breaking changes are handled.
- Webhooks — receive events instead of polling.
- Single Sign On — log Trybe customers into your own app.
- Booking frame — drop-in booking UI for treatments and packages.