Lumbu API

Lumbu Public API

Public REST API for Lumbu — a multi-tenant beauty-salon SaaS platform. Covers bookings, services, products, checkout, staff, webhooks, and customer authentication.

Base URL: https://api.lumbu.pt

Authentication: pass your API key as Authorization: Bearer <key>

Tenant

GET

/api/v1/tenant

Get tenant metadata

Response

TenantMetadata

Example

curl -X GET \
  "https://api.lumbu.pt/api/v1/tenant" \
  -H "Authorization: Bearer {YOUR_API_KEY}"

Onboarding

GET

/api/v1/onboarding/check

Check tenant setup completeness

Returns a structured readiness check for the tenant's salon setup. Validates services, staff, hours, locations, payments, branding, locale, and notification templates.

Response

SetupCheckResult

Example

curl -X GET \
  "https://api.lumbu.pt/api/v1/onboarding/check" \
  -H "Authorization: Bearer {YOUR_API_KEY}"

Booking

POST

/api/v1/booking/slots

Retrieve available booking slots

Request body

SlotsRequest

Example

curl -X POST \
  "https://api.lumbu.pt/api/v1/booking/slots" \
  -H "Authorization: Bearer {YOUR_API_KEY}" \
  -H "Content-Type: application/json" \
  -d '{}'

POST

/api/v1/booking/book

Create a new booking

Request body

BookRequest

Response

BookResponse

Example

curl -X POST \
  "https://api.lumbu.pt/api/v1/booking/book" \
  -H "Authorization: Bearer {YOUR_API_KEY}" \
  -H "Content-Type: application/json" \
  -d '{}'

POST

/api/v1/booking/cancel

Cancel an existing booking

Request body

CancelRequest

Response

OkResponse

Example

curl -X POST \
  "https://api.lumbu.pt/api/v1/booking/cancel" \
  -H "Authorization: Bearer {YOUR_API_KEY}" \
  -H "Content-Type: application/json" \
  -d '{}'

POST

/api/v1/booking/reschedule

Reschedule a booking to a new time

Request body

RescheduleRequest

Response

RescheduleResponse

Example

curl -X POST \
  "https://api.lumbu.pt/api/v1/booking/reschedule" \
  -H "Authorization: Bearer {YOUR_API_KEY}" \
  -H "Content-Type: application/json" \
  -d '{}'

Services

GET

/api/v1/services

List services

Parameters

Name	In	Type	Required	Description
		string	no	—
		string	no	—
active	query	string	no	Filter by active status[true, false]
booking_enabled	query	string	no	Filter by booking-enabled flag[true, false]
updated_since	query	string (date-time)	no	Only return services updated on or after this timestamp

Response

PaginatedServiceList

Example

curl -X GET \
  "https://api.lumbu.pt/api/v1/services" \
  -H "Authorization: Bearer {YOUR_API_KEY}"

GET

/api/v1/service-categories

List service categories with nested services

Checkout

POST

/api/v1/checkout

Create a Stripe checkout session

Request body

CheckoutRequest

Response

CheckoutResponse

Example

curl -X POST \
  "https://api.lumbu.pt/api/v1/checkout" \
  -H "Authorization: Bearer {YOUR_API_KEY}" \
  -H "Content-Type: application/json" \
  -d '{}'

Customer

POST

/api/v1/customer/appointments

Get appointment detail and customer history

Request body

object

Response

CustomerAppointmentsResponse

Example

curl -X POST \
  "https://api.lumbu.pt/api/v1/customer/appointments" \
  -H "Authorization: Bearer {YOUR_API_KEY}" \
  -H "Content-Type: application/json" \
  -d '{}'

Staff

GET

/api/v1/staff

List staff members

Parameters

Name	In	Type	Required	Description
		string	no	—
		string	no	—
active	query	string	no	Filter by active status[true, false]
location_id	query	string (uuid)	no	Filter by location (team) ID
updated_since	query	string (date-time)	no	Only return staff updated on or after this timestamp

Response

PaginatedStaffList

Example

curl -X GET \
  "https://api.lumbu.pt/api/v1/staff" \
  -H "Authorization: Bearer {YOUR_API_KEY}"

GET

/api/v1/team-members

List team member assignments

Parameters

Name	In	Type	Required	Description
		string	no	—
		string	no	—
location_id	query	string (uuid)	no	Filter by location (team) ID
staff_id	query	string (uuid)	no	Filter by staff ID
joined_since	query	string (date-time)	no	Only return memberships created on or after this timestamp

Response

PaginatedTeamMemberList

Example

curl -X GET \
  "https://api.lumbu.pt/api/v1/team-members" \
  -H "Authorization: Bearer {YOUR_API_KEY}"

GET

/api/v1/staff-availability

Get computed staff availability

Parameters

Name	In	Type	Required	Description
from	query	string	yes	Start date (YYYY-MM-DD)
staff_id	query	string (uuid)	no	Filter by staff ID
days	query	integer	no	Number of days to look ahead

Example

curl -X GET \
  "https://api.lumbu.pt/api/v1/staff-availability" \
  -H "Authorization: Bearer {YOUR_API_KEY}"

GET

/api/v1/staff-hours

List staff recurring weekly hours

Parameters

Name	In	Type	Required	Description
		string	no	—
		string	no	—
staff_id	query	string (uuid)	no	Filter by staff ID
location_id	query	string (uuid)	no	Filter by location (team) ID

Response

PaginatedStaffHoursList

Example

curl -X GET \
  "https://api.lumbu.pt/api/v1/staff-hours" \
  -H "Authorization: Bearer {YOUR_API_KEY}"

GET

/api/v1/staff-time-off

List staff time-off periods

Parameters

Name	In	Type	Required	Description
		string	no	—
		string	no	—
staff_id	query	string (uuid)	no	Filter by staff ID
location_id	query	string (uuid)	no	Filter by location (team) ID
start_at_gte	query	string (date-time)	no	Filter time-off starting on or after this timestamp
start_at_lte	query	string (date-time)	no	Filter time-off starting on or before this timestamp

Response

PaginatedStaffTimeOffList

Example

curl -X GET \
  "https://api.lumbu.pt/api/v1/staff-time-off" \
  -H "Authorization: Bearer {YOUR_API_KEY}"

Auth

POST

/api/v1/auth/signin

Request body

SignInRequest

Response

SignInResponse

Example

curl -X POST \
  "https://api.lumbu.pt/api/v1/auth/signin" \
  -H "Authorization: Bearer {YOUR_API_KEY}" \
  -H "Content-Type: application/json" \
  -d '{}'

POST

/api/v1/auth/signup

Create a new customer account

Request body

SignUpRequest

Response

SignUpResponse

Example

curl -X POST \
  "https://api.lumbu.pt/api/v1/auth/signup" \
  -H "Authorization: Bearer {YOUR_API_KEY}" \
  -H "Content-Type: application/json" \
  -d '{}'

POST

/api/v1/auth/magic-link

Send a passwordless magic link email

Request body

MagicLinkRequest

Response

OkResponse

Example

curl -X POST \
  "https://api.lumbu.pt/api/v1/auth/magic-link" \
  -H "Authorization: Bearer {YOUR_API_KEY}" \
  -H "Content-Type: application/json" \
  -d '{}'

POST

/api/v1/auth/refresh

Refresh an authentication token

Request body

RefreshRequest

Response

RefreshResponse

Example

curl -X POST \
  "https://api.lumbu.pt/api/v1/auth/refresh" \
  -H "Authorization: Bearer {YOUR_API_KEY}" \
  -H "Content-Type: application/json" \
  -d '{}'

Products

plugin

GET

/api/v1/products

List products

Parameters

Name	In	Type	Required	Description
		string	no	—
		string	no	—
active	query	string	no	Filter by active_for_sale status (defaults to true)[true, false]
category_id	query	string (uuid)	no	Filter by product category
updated_since	query	string (date-time)	no	Only return products updated on or after this timestamp

Response

PaginatedProductList

Example

curl -X GET \
  "https://api.lumbu.pt/api/v1/products" \
  -H "Authorization: Bearer {YOUR_API_KEY}"

GET

/api/v1/products/{id}

Get product detail by ID or slug

Parameters

Name	In	Type	Required	Description
id	path	string	yes	Product UUID or slug

Response

ProductDetail

Example

curl -X GET \
  "https://api.lumbu.pt/api/v1/products/{id}" \
  -H "Authorization: Bearer {YOUR_API_KEY}"

GET

/api/v1/product-categories

List product categories with product counts

Other

plugin

GET

/api/v1/appointments

List appointments

Parameters

Name	In	Type	Required	Description
		string	no	—
		string	no	—
start_at_gte	query	string (date-time)	no	Filter appointments starting on or after this timestamp
start_at_lte	query	string (date-time)	no	Filter appointments starting on or before this timestamp
status	query	string	no	Filter by appointment status[requested, confirmed, cancelled, completed, no_show]
location_id	query	string (uuid)	no	Filter by location (team) ID
staff_id	query	string (uuid)	no	Filter by staff ID
service_id	query	string (uuid)	no	Filter by service ID
updated_since	query	string (date-time)	no	Only return appointments updated on or after this timestamp

Response

PaginatedAppointmentList

Example

curl -X GET \
  "https://api.lumbu.pt/api/v1/appointments" \
  -H "Authorization: Bearer {YOUR_API_KEY}"

GET

/api/v1/appointment-feedback

List appointment feedback entries

Parameters

Name	In	Type	Required	Description
		string	no	—
		string	no	—
appointment_id	query	string (uuid)	no	Filter by appointment ID
updated_since	query	string (date-time)	no	Only return feedback updated on or after this timestamp

Response

PaginatedFeedbackList

Example

curl -X GET \
  "https://api.lumbu.pt/api/v1/appointment-feedback" \
  -H "Authorization: Bearer {YOUR_API_KEY}"

GET

/api/v1/locations

List locations

Parameters

Name	In	Type	Required	Description
		string	no	—
		string	no	—
is_active	query	string	no	Filter by active status[true, false]
updated_since	query	string (date-time)	no	Only return locations updated on or after this timestamp

Response

PaginatedLocationList

Example

curl -X GET \
  "https://api.lumbu.pt/api/v1/locations" \
  -H "Authorization: Bearer {YOUR_API_KEY}"

GET

/api/v1/waitlist

List waitlist entries

Parameters

Name	In	Type	Required	Description
		string	no	—
		string	no	—
location_id	query	string (uuid)	no	Filter by location (team) ID
service_id	query	string (uuid)	no	Filter by service ID
staff_id	query	string (uuid)	no	Filter by staff ID
created_at_gte	query	string (date-time)	no	Filter entries created on or after this timestamp
created_at_lte	query	string (date-time)	no	Filter entries created on or before this timestamp

Response

PaginatedWaitlistList

Example

curl -X GET \
  "https://api.lumbu.pt/api/v1/waitlist" \
  -H "Authorization: Bearer {YOUR_API_KEY}"

POST

/api/v1/gift-cards/validate

Validate a gift card code

Request body

object

Response

GiftCardValidationResponse

Example

curl -X POST \
  "https://api.lumbu.pt/api/v1/gift-cards/validate" \
  -H "Authorization: Bearer {YOUR_API_KEY}" \
  -H "Content-Type: application/json" \
  -d '{}'

GET

/api/v1/referral/validate

Validate a referral code format

Parameters

Name	In	Type	Required	Description
code	query	string	yes	Referral code to validate (alphanumeric, 3-50 chars, hyphens/underscores allowed)

Response

ReferralValidationResponse

Example

curl -X GET \
  "https://api.lumbu.pt/api/v1/referral/validate" \
  -H "Authorization: Bearer {YOUR_API_KEY}"

POST

/api/v1/orders/lookup

Look up an order by session ID or access token

Request body

OrderLookupRequest

Response

Order

Example

curl -X POST \
  "https://api.lumbu.pt/api/v1/orders/lookup" \
  -H "Authorization: Bearer {YOUR_API_KEY}" \
  -H "Content-Type: application/json" \
  -d '{}'

Webhooks

plugin

GET

/api/v1/webhooks

List webhook subscriptions

POST

/api/v1/webhooks

Request body

CreateWebhookRequest

Response

WebhookSubscriptionCreated

Example

curl -X POST \
  "https://api.lumbu.pt/api/v1/webhooks" \
  -H "Authorization: Bearer {YOUR_API_KEY}" \
  -H "Content-Type: application/json" \
  -d '{}'

DELETE

/api/v1/webhooks/{id}

Delete a webhook subscription

Parameters

Name	In	Type	Required	Description
id	path	string (uuid)	yes	Webhook subscription ID

Response

OkResponse

Example

curl -X DELETE \
  "https://api.lumbu.pt/api/v1/webhooks/{id}" \
  -H "Authorization: Bearer {YOUR_API_KEY}"