Overview
Welcome to the Tor4You API documentation.
Getting started
Using the Tor4You API, you will be able obtain information about your account staff and services, detemine appointment availability, make and delete timeslots, retrieve customer information, make and delete appointments, and much more.
Before you start, you will need to do the following:
- Create a Tor4You account
- Obtain your API credentials
- Open your account to the API
Usage limits
API usage is limited by maximum number of requests per day and per minute. To increase you usage limits, please contact us.
Custom options
We frequently add and customize endpoints based on requests and suggestions from our users.If you find that there are more things that you would like to do with our API, please do not hesitate to contact us.
API Playground
After reading the documentation, you can view and interact with a real time demo of the API in the
API Playground.
Quesions and comments
If you have any questions or comments, please do not hestitate to contact us.
Making API calls
Method
API calls are made using GET, or POST with 'Content-Type', 'application/x-www-form-urlencoded' as indicated in each call description.
Authorization
All API calls need to be authenticated and authorized. There are two authorization methods you can shoose from:
Method 1: API Key (recommended)
In order to autenticate and authorize your API call, you will need to add a header called "torkey" with your call. For example:
"torkey" : "12345-skie75fytailksecRFaonsw3ehoaeWCrs9odin8Ysego48isoyfnHsw9nfvp8w32"
Method 2: Signed Parameters
This method is more secure but is more difficult to implement.
In order to autenticate and authorize your API call, you will need to send the following parameters:
- siteid - your siteid
- key - your API public key
- dt - the date and hour the call is made (YYYYMMDDHHNN)
- sh - a digital signature
The digital signature is obtained by calculating a SHA256 hash of siteid+key+dt+apicall+your secret key.
Example
Lets say you are trying to send the following parameters to "addcust" on Dec 31,2020 at 10:34AM, and your secret key is "secret"
- siteid - 123456
- key - abcdefg
- dt - 202012311034
- p1 - abcd
- p2 - efgh
- p3 - hijk
The signature will be
SHA256 (123456abcdefg202012311034addcustsecret)
which is
2394f3d48822809e9942417686544704c1447eb3b20595d7465a7ff4658958cb
so your entire query will be:
tor4you.co.il/api/addcust?siteid=123456&key=abcdefg&dt=202012311034&p1=abcd&p2=efgh&p3=hijk&sh=2394f3d48822809e9942417686544704c1447eb3b20595d7465a7ff4658958cb
Postman
When using
Postman and the signed parameters authorization method (see Making API calls), you will need to calculate two dynamic variables - dt (the time) and sh (the signature). Below is some sample code to calculate the requred parameters.
Add the code under the Scripts / Pre req tab.
The script will calculate dt and sh and automatically add the parameters siteid,key,dt and sh to the request.
Of course this is just a simple example and your setup may be different.
Example
const moment = require('moment');
const Crypto = require('crypto-js');
const siteid=[YOUR SITEID];
const apiKey='[YOUR API KEY]';
const secret='[YOUR API SECRET]';
const method='[CURRENT METHOD]';
const dt=moment().format("YYYYMMDDHHmm");
const sh=Crypto.SHA256(siteid+apiKey+dt+method+secret).toString();
pm.variables.set("apiKey", apiKey);
pm.variables.set("siteid", siteid);
pm.variables.set("dt", dt);
pm.variables.set("sh",sh);
pm.request.addQueryParams("siteid={{siteid}}");
pm.request.addQueryParams("key={{apiKey}}");
pm.request.addQueryParams("dt={{dt}}");
pm.request.addQueryParams("sh={{sh}}");
Responses
All API responses are in JSON format.
All responses return either status=1 for success, with additional information, or status=0, with an error message.
Successful response:
Unsuccessful response:
Webhooks
It is much more efficient to receive a notification when something happens than to keep polling the API periodically.
Tor4You can send an update to an endpoint on your system whenever an appointment is made, changed or deleted.
You can activate and configure this option from the settings menu.
Updates are made using POST in JSON format and include all of the relevant appointment information, together with an action:
- 1 - create
- 2 - update
- 3 - cancel
- 5 - expire
If a webhook notification fails for any reason (does not return status 200), the system will try again after 2, 4, 8, 60, 120, 240, 960 and 1440 minutes after which time the update will become inactive. If you have fixed the error on your end and would like to reset the sending, you can reset the count from the settings menu.
If you would like us to notify you of additional changes as they occur using web hooks please contact us.
Sample Webhook Data
Fields explained:
|
id
|
id of the webhook notification. This is not site specific.
|
|
action
|
appointment action. 1-create, 2-update, 3-cancel, 5-expire
|
|
apptid
|
unique appointment id
|
|
apptstatus
|
appointment status. 1-live, 0-cancelled, 5-expired
|
|
customerid
|
unique customer id
|
|
showstatus
|
did the customer show up. 0-not updated, 1 - yes, 2 - no
|
|
iscoming
|
did the customer confirm they are coming. 0-not updated, 1 - yes, 2 - no
|
|
tmp_expire_date
|
appointment will automatically expire if no action (such as payment) is taken
|
|
af1 - af10
|
custom fields related to appointment
|
|
cf1 - cf10
|
custom fields related to customer
|
|
marketing
|
if customer agreed to receive marketing
|
|
sh
|
a digital SHA256 signature of (id + the key shown in the settings menu)
|
|
updateby
|
the staffid that made the update. 99 for external users
|
General site information
URL: | https://www.tor4you.co.il/api/siteinfo |
Method | GET |
Parameters: |
| Name |
Type |
Required |
Comments |
authentication
parameters |
|
no |
siteid, key, dt and sh parameters are required only when using the signed parmeters authentication method - see making api calls |
|
|
Sample Response: |
|
Branches
URL: | https://www.tor4you.co.il/api/branches |
Method | GET |
Parameters: |
| Name |
Type |
Required |
Comments |
authentication
parameters |
|
no |
siteid, key, dt and sh parameters are required only when using the signed parmeters authentication method - see making api calls |
| showcancelled |
numeric |
no |
default = 0 |
|
|
Sample Response: |
|
Staff
URL: | https://www.tor4you.co.il/api/staff |
Method | GET |
Parameters: |
| Name |
Type |
Required |
Comments |
authentication
parameters |
|
no |
siteid, key, dt and sh parameters are required only when using the signed parmeters authentication method - see making api calls |
| showcancelled |
numeric |
no |
default = 0 |
|
|
Sample Response: |
|
Services
URL: | https://www.tor4you.co.il/api/services |
Method | GET |
Parameters: |
| Name |
Type |
Required |
Comments |
authentication
parameters |
|
no |
siteid, key, dt and sh parameters are required only when using the signed parmeters authentication method - see making api calls |
| showcancelled |
numeric |
no |
default = 0 |
|
|
Sample Response: |
|
Staff / Service
URL: | https://www.tor4you.co.il/api/staffservice |
Method | GET |
Parameters: |
| Name |
Type |
Required |
Comments |
authentication
parameters |
|
no |
siteid, key, dt and sh parameters are required only when using the signed parmeters authentication method - see making api calls |
| showcancelled |
numeric |
no |
default = 0 |
|
|
Sample Response: |
|
Slot info
URL: | https://www.tor4you.co.il/api/slotinfo |
Method | GET |
Parameters: |
| Name |
Type |
Required |
Comments |
authentication
parameters |
|
no |
siteid, key, dt and sh parameters are required only when using the signed parmeters authentication method - see making api calls |
| slotid |
numeric |
yes |
|
|
|
Sample Response: |
|
Add slot
URL: | https://www.tor4you.co.il/api/addslot |
Method | POST |
Parameters: |
| Name |
Type |
Required |
Comments |
authentication
parameters |
|
no |
siteid, key, dt and sh parameters are required only when using the signed parmeters authentication method - see making api calls |
| staff |
numeric |
yes |
|
| services |
string |
no |
defalut = 0 (all services) |
| from |
YYYYMMDDhhmm |
yes |
|
| to |
YYYYMMDDhhmm |
yes |
|
| maxmembers |
numeric |
no |
default = 1 |
| zoom |
url |
no |
|
|
|
Sample Response: |
|
Delete slot
URL: | https://www.tor4you.co.il/api/delslot |
Method | POST |
Parameters: |
| Name |
Type |
Required |
Comments |
authentication
parameters |
|
no |
siteid, key, dt and sh parameters are required only when using the signed parmeters authentication method - see making api calls |
| slotid |
numeric |
yes |
|
| vfib |
string |
yes |
|
|
|
Sample Response: |
|
List time slots
The call is limited to a maximum of 1000 time slots or 60 days.
URL: | https://www.tor4you.co.il/api/slotlist |
Method | GET |
Parameters: |
| Name |
Type |
Required |
Comments |
authentication
parameters |
|
no |
siteid, key, dt and sh parameters are required only when using the signed parmeters authentication method - see making api calls |
| showcancelled |
numeric |
no |
0 - no (default), 1 - yes |
| from |
YYYYMMDD |
yes |
|
| to |
YYYYMMDD |
yes |
|
| service |
numeric |
no |
|
| staff |
numeric |
no |
|
|
|
Sample Response: |
|
Appointment Info
URL: | https://www.tor4you.co.il/api/apptinfo |
Method | GET |
Parameters: |
| Name |
Type |
Required |
Comments |
authentication
parameters |
|
no |
siteid, key, dt and sh parameters are required only when using the signed parmeters authentication method - see making api calls |
| apptid |
numeric |
yes |
|
|
|
Sample Response: |
|
Appointment History
URL: | https://www.tor4you.co.il/api/appthistory |
Method | GET |
Parameters: |
| Name |
Type |
Required |
Comments |
authentication
parameters |
|
no |
siteid, key, dt and sh parameters are required only when using the signed parmeters authentication method - see making api calls |
| apptid |
numeric |
yes |
|
|
|
Sample Response: |
|
Add appointment
URL: | https://www.tor4you.co.il/api/addappt |
Method | POST |
Parameters: |
| Name |
Type |
Required |
Comments |
authentication
parameters |
|
no |
siteid, key, dt and sh parameters are required only when using the signed parmeters authentication method - see making api calls |
| slotid |
numeric |
yes* |
specify slotid and vfib when using time slots, from and to dates otherwise |
| vfib |
string |
yes* |
specify slotid and vfib when using time slots, from and to dates otherwise |
| from |
YYYYMMDDhhmm |
yes* |
specify slotid and vfib when using time slots, from and to dates otherwise |
| to |
YYYYMMDDhhmm |
yes* |
specify slotid and vfib when using time slots, from and to dates otherwise |
| staff |
numeric |
yes |
|
| service |
numeric |
yes |
|
| islozamin |
numeric |
no |
default = 0. if islozamin = 1 then all customer fields are ignored. |
| tz |
numeric |
yes* |
required when istz=2 |
| first |
string |
yes |
|
| last |
string |
yes |
|
| email |
string |
no |
must be valid email |
| cell |
numeric |
yes |
10 digits starting with 05 |
| street |
string |
no |
|
| city |
string |
no |
|
| participants |
numeric |
no |
default = 1 |
| color |
numeric |
no |
0 - 9, default = 0 |
| notes |
string |
no |
|
| ax1 - ax10 |
string |
no |
If in use, appointment extra fields 1-10 |
| cx1 - cx10 |
string |
no |
If in use, customer extra fields 1-10 |
| zoom |
string |
no |
specif only if not using time slots |
| sendnotice |
numeric |
no |
applies notice settings from site |
|
|
Sample Response: |
|
Delete appointment
URL: | https://www.tor4you.co.il/api/delappt |
Method | POST |
Parameters: |
| Name |
Type |
Required |
Comments |
authentication
parameters |
|
no |
siteid, key, dt and sh parameters are required only when using the signed parmeters authentication method - see making api calls |
| apptid |
numeric |
yes |
|
| vfib |
string |
yes |
|
| sendnotice |
numeric |
no |
applies notice settings from site |
|
|
Sample Response: |
|
List appointments
This endoint returns multiple appointments based on search criteria.
Important: If you are using this endpoint to regularly retrieve the same queries (for example each hour getting all of today's appointments), you MUST use the last updated (lu) parameter.
The lu parameter indicates the datetime of the latest information you already have. If there is no new information, the endpoint will return "no new information".
For example: a call is made on 1/1/2020 12:34:56.000 to retrieve all of today's appointments. The endpoint will return the appointments and a parameter lu=20200101123456000. The next time the same call is made, it should include the parameter lu=20200101123456000. If there are changes to the appointments after the lu value, the endpoint will return the information normally. If there are no updates, it will return "no new information".
The call is limited to a maximum of 1000 appointments or 60 days.
URL: | https://www.tor4you.co.il/api/apptlist |
Method | GET |
Parameters: |
| Name |
Type |
Required |
Comments |
authentication
parameters |
|
no |
siteid, key, dt and sh parameters are required only when using the signed parmeters authentication method - see making api calls |
| format |
numeric |
no |
1 - short (default), 2 - long |
| showcancelled |
numeric |
no |
0 - no (default), 1 - yes |
| from |
YYYYMMDD |
yes (or use createdate) |
Enter either from and to for appointment date, or createfrom and createto for appointment create date |
| to |
YYYYMMDD |
yes (or use createdate) |
Enter either from and to for appointment date, or createfrom and createto for appointment create date |
| createfrom |
YYYYMMDD |
yes (or use appointment date) |
Enter either from and to for appointment date, or createfrom and createto for appointment create date |
| createto |
YYYYMMDD |
yes (or use appointment date) |
Enter either from and to for appointment date, or createfrom and createto for appointment create date |
| service |
numeric |
no |
|
| staff |
numeric |
no |
|
| customer |
numeric |
no |
|
| slotid |
numeric |
no |
|
|
|
Sample Response: |
|
Current Appointment Lookup by Cell or Tz
This endoint performs a lookup of a customer's appointmnets.
The default call returns the customer's appointments
for the current day.
To include past or future appointments, use the showpast or showfuture flags.
The lookup can be performed by the customer's cell or tz.
URL: | https://www.tor4you.co.il/api/apptbycellortz |
Method | GET |
Parameters: |
| Name |
Type |
Required |
Comments |
authentication
parameters |
|
no |
siteid, key, dt and sh parameters are required only when using the signed parmeters authentication method - see making api calls |
| showcancelled |
numeric |
no |
0 - no (default), 1 - yes |
| showpast |
numeric |
no |
0 - no (default), 1 - yes |
| showfuture |
numeric |
no |
0 - no (default), 1 - yes |
| cell |
numeric |
yes, or tz |
10 digits starting with 05 |
| tz |
numeric |
yes, or cell |
9 digits |
|
|
Sample Response: |
|
Update Show Status
This endoint can be used to update whether a customer has shown up for a specific appointment.
URL: | https://www.tor4you.co.il/api/showstatus |
Method | GET |
Parameters: |
| Name |
Type |
Required |
Comments |
authentication
parameters |
|
no |
siteid, key, dt and sh parameters are required only when using the signed parmeters authentication method - see making api calls |
| apptid |
numeric |
yes |
id of appointmnet to be updated |
| vfib |
string |
yes |
vfib of appointmnet to be updated |
| showstatus |
numeric |
yes |
0 - not updated, 1 - show, 2 - noshow |
|
|
Sample Response: |
|
Update Extra Fields
This endoint can be used to update extra fields AF1 - AF10 of a specific appointment.
URL: | https://www.tor4you.co.il/api/updateaf |
Method | POST |
Parameters: |
| Name |
Type |
Required |
Comments |
authentication
parameters |
|
no |
siteid, key, dt and sh parameters are required only when using the signed parmeters authentication method - see making api calls |
| apptid |
numeric |
yes |
id of appointmnet to be updated |
| vfib |
string |
yes |
vfib of appointmnet to be updated |
| af1 - af10 |
text |
no |
Send only the fields you wish to update.
TO SET AN EMPTY VALUE, SEND MINUS (-) |
|
|
Sample Response: |
|
Update Iscoming Status
This endoint can be used to update whether a customer has responded that they will show up for a specific appointment.
URL: | https://www.tor4you.co.il/api/iscoming |
Method | GET |
Parameters: |
| Name |
Type |
Required |
Comments |
authentication
parameters |
|
no |
siteid, key, dt and sh parameters are required only when using the signed parmeters authentication method - see making api calls |
| apptid |
numeric |
yes |
id of appointmnet to be updated |
| vfib |
string |
yes |
vfib of appointmnet to be updated |
| iscoming |
numeric |
yes |
0 - not updated, 1 - will show, 2 - will not show |
|
|
Sample Response: |
|
Subscription Info
URL: | https://www.tor4you.co.il/api/subinfo |
Method | GET |
Parameters: |
| Name |
Type |
Required |
Comments |
authentication
parameters |
|
no |
siteid, key, dt and sh parameters are required only when using the signed parmeters authentication method - see making api calls |
| customerid |
numeric |
yes |
|
|
|
Sample Response: |
|
Subscription Usage
URL: | https://www.tor4you.co.il/api/subusage |
Method | GET |
Parameters: |
| Name |
Type |
Required |
Comments |
authentication
parameters |
|
no |
siteid, key, dt and sh parameters are required only when using the signed parmeters authentication method - see making api calls |
| subid |
numeric |
yes |
|
|
|
Sample Response: |
|
Customer Info
URL: | https://www.tor4you.co.il/api/custinfo |
Method | GET |
Parameters: |
| Name |
Type |
Required |
Comments |
authentication
parameters |
|
no |
siteid, key, dt and sh parameters are required only when using the signed parmeters authentication method - see making api calls |
| customerid |
numeric |
yes |
|
|
|
Sample Response: |
|
Add Customer
URL: | https://www.tor4you.co.il/api/addcust |
Method | POST |
Parameters: |
| Name |
Type |
Required |
Comments |
authentication
parameters |
|
no |
siteid, key, dt and sh parameters are required only when using the signed parmeters authentication method - see making api calls |
| tz |
numeric |
no |
unique, required based on site settings |
| first |
string |
yes |
first + cell must be unique |
| last |
string |
yes |
|
| email |
string |
no |
|
| cell |
numeric |
yes |
first + cell must be unique |
| street |
string |
no |
|
| city |
string |
no |
|
| cx1 - cx10 |
string |
no |
|
|
|
Sample Response: |
|
Edit Customer
URL: | https://www.tor4you.co.il/api/editcust |
Method | POST |
Parameters: |
| Name |
Type |
Required |
Comments |
authentication
parameters |
|
no |
siteid, key, dt and sh parameters are required only when using the signed parmeters authentication method - see making api calls |
| customerid |
numeric |
yes |
|
| tz |
numeric |
no |
unique, required based on site settings |
| first |
string |
yes |
first + cell must be unique |
| last |
string |
yes |
|
| email |
string |
no |
|
| cell |
numeric |
yes |
first + cell must be unique |
| street |
string |
no |
|
| city |
string |
no |
|
| cx1 - cx10 |
string |
no |
|
|
|
IMPORTANT
| Updating customer info will NOT trigger a webhook notice of customer's appointments
Not sending a field is equal to sending a field. For example if a customer's city is Tel Aviv and you send an update without speifying a new value for city, the city field will be updated with blank.
|
Sample Response: |
|
Delete customer
URL: | https://www.tor4you.co.il/api/delcust |
Method | POST |
Parameters: |
| Name |
Type |
Required |
Comments |
authentication
parameters |
|
no |
siteid, key, dt and sh parameters are required only when using the signed parmeters authentication method - see making api calls |
| customerid |
numeric |
yes |
|
| vfib |
string |
yes |
|
|
|
Sample Response: |
|
List customers
The call is limited to a maximum of 500 customers.
URL: | https://www.tor4you.co.il/api/custlist |
Method | GET |
Parameters: |
| Name |
Type |
Required |
Comments |
authentication
parameters |
|
no |
siteid, key, dt and sh parameters are required only when using the signed parmeters authentication method - see making api calls |
| showcancelled |
numeric |
no |
0 - no (default), 1 - yes |
| minid |
numeric |
no |
|
| maxid |
numeric |
no |
|
| mincreatedate |
YYYYMMDD |
no |
|
| maxcreatedate |
YYYYMMDD |
no |
|
| hasappointment |
numeric |
no |
1 - yes, 2 - no, blank - any |
| hasfutureappointment |
numeric |
no |
1 - yes, 2 - no, blank - any |
|
|
Sample Response: |
|
List customer appointments
The call is limited to a maximum of 25 appointments.
URL: | https://www.tor4you.co.il/api/custappts |
Method | GET |
Parameters: |
| Name |
Type |
Required |
Comments |
authentication
parameters |
|
no |
siteid, key, dt and sh parameters are required only when using the signed parmeters authentication method - see making api calls |
| showcancelled |
numeric |
no |
0 - no (default), 1 - yes |
| showpast |
numeric |
no |
0 - no (default), 1 - yes |
| tz |
numeric |
yes* |
9 digits. Either customerid or tz or first name and cell must be provided |
| first |
string |
yes* |
Either customerid or tz or first name and cell must be provided |
| cell |
numeric |
yes* |
10 digits starting with 05. Either customerid or tz or first name and cell must be provided |
| customerid |
numeric |
yes* |
Either customerid or tz or first name and cell must be provided |
|
|
Sample Response: |
|
Availability
This endpoint is used to find available time slots or appointment times based on specific criteria. The availability returned is according to rules that apply to external customers as (for example minimum and maximum time periods, external services, etc.)
The call is limited to a maximum of 500 available spots or 31 days (60 days for timeslot accounts).
To enable selection of dates first, you can set the dateonly parameter to 1. The endpoint will return all available dates, and after the user makes a seclection of the requested date, send dateonly=0 and the requested date, and the endpoint wil return the available times.
When not using slots, the openhours returned are uniqe and randomly distirbuted among the available staff to ensure equal allocation. For example if there are five available staff at the same date, only one will be selected randomly and shown.
URL: | https://www.tor4you.co.il/api/availability |
Method | GET |
Parameters: |
| Name |
Type |
Required |
Comments |
authentication
parameters |
|
no |
siteid, key, dt and sh parameters are required only when using the signed parmeters authentication method - see making api calls |
| from |
YYYYMMDD |
yes |
|
| to |
YYYYMMDD |
yes |
|
| service |
numeric |
yes |
|
| staff |
numeric |
no |
|
| branch |
numeric |
no |
|
| participants |
numeric |
no |
default = 1 |
| dateonly |
numeric |
no |
default = 0.
Whether to return only dates or all available dates and times. |
| internal |
numeric |
no |
default = 0.
Whether to allow services that external users are not allowed to book. |
|
|
Sample Response using dateonly=1: |
|
Sample Response using dateonly=0 (using slots): |
|
Sample Response using dateonly=0 (without slots): |
|
Contact Us
We are always interested in what our users have to say. If you wish to contact us regarding the following:
- technical support
- usage limits
- bugs and problems
- special requests and custom options
- just to say hello
please do not hesitate to
contact us.
We look forward to hearing from you.