Tiquo
Advantages of TiquoPlatform OverviewOrganization SettingsAccount SetupAppearance SettingsSubscription & FeesWhat is a Sublocation?Import Your DataCustom Domains
BookingsEnquiriesOrdersOrder ItemsProductsAnalyticsCRMIntegrationsLocationsMarketingMobile AppsOperationsPaymentsTeam
Devices OverviewWeb ApplicationiOS AppAndroid AppPDQ TerminalsAccessories
API IntroductionAuthenticationAdmin APIClient APICustomer AuthenticationTracking Pixel
Security & Compliance OverviewInfrastructure & Platform SecurityIdentity & Access ManagementPayments SecurityThreat Detection & MonitoringData Protection & Compliance
API and AuthenticationClient API

Client API

Customer-facing API for building applications on top of Tiquo

Client API

The Client API lets you build customer-facing applications where your customers can view their own profile, order history, bookings, and enquiries. It is designed for use in browsers, mobile apps, and any client-side environment.

Base URL

https://edge.tiquo.app/api/client/v1

Authentication

Every request to the Client API requires a valid JWT access token in the Authorization header. Tokens are issued to customers through one of two authentication methods:

  • DOM Package - Email OTP flow for browser-based apps
  • OAuth/OIDC - Authorization code flow for more complex integrations
Authorization: Bearer eyJhbGciOiJSUzI1NiJ9...

Access tokens expire after 1 hour. Use the refresh endpoint to get a new token pair before the current token expires.

See the Customer Authentication page for more details on how tokens are obtained and managed.

CORS

The Client API supports CORS for browser-based requests. All origins are allowed since access is controlled through token-based authentication rather than origin restrictions.

Available Endpoints

MethodEndpointDescription
GET/profileGet the authenticated customer's profile
PATCH/profileUpdate the authenticated customer's profile
GET/ordersGet the customer's order history
GET/bookingsGet the customer's booking history
GET/enquiriesGet the customer's enquiry history
POST/refreshRefresh an expired access token

Data Scope

All Client API responses are scoped to the authenticated customer. A customer can only see their own data. There is no way to access another customer's records through this API.

Rate Limits

Rate limits are applied per user. If a customer exceeds the limit, they will receive a 429 status code until the window resets.

Response Format

All responses follow a consistent structure:

{
  "success": true,
  "data": { ... }
}

Error responses:

{
  "success": false,
  "error": "Invalid or expired token"
}

Common Errors

StatusMeaning
400Bad request or no customer profile linked to this account
401Missing, invalid, or expired JWT token
500Internal server error

Locations

Admin API endpoints for managing locations

Get Profile

Retrieve the authenticated customer's profile

On this page

Client APIBase URLAuthenticationCORSAvailable EndpointsData ScopeRate LimitsResponse FormatCommon Errors