API

Create trips, manage itineraries, and collaborate through a simple REST API.

Authentication Rate limiting Errors Idempotency Endpoints SDKs MCP Server

Authentication

All API requests require an API key sent as a Bearer token in the Authorization header.

Generate a key in Settings → API Keys. Copy the key immediately. It won't be shown again.

curl https://keen-sturgeon-487.convex.site/api/v1/trips \
  -H "Authorization: Bearer osk_your_key_here"

Scopes

The four base scopes are trips:read, trips:write, messages:read, and messages:write. Each can be limited to a single trip by appending :<tripId>. For example, a key with only the scope trips:write:jx7abc... can create and update content on that one trip but nothing else. In the settings UI, leave "Limit to trip" blank for a key that works everywhere, or paste a trip ID to scope it down.

SDKs

You do not need a client to use the REST API, but the official TypeScript SDK takes care of the tedious bits: auto-generated idempotency keys, retry with exponential backoff on 429 and 5xx, cursor pagination iterators, typed errors, and an unauthenticated share-token consumer.

TypeScript

npm install @osoto/api-client

import { OsotoClient } from '@osoto/api-client';

const client = new OsotoClient({
  apiKey: process.env.OSOTO_API_KEY!,
  baseUrl: 'https://keen-sturgeon-487.convex.site/api/v1',
});

const me = await client.me();
const { _id: tripId } = await client.createTrip({
  groupId: me.defaultGroupId!,
  title: 'Cotswolds',
  startDate: '2026-07-15',
  endDate: '2026-07-22',
});

// Async iterator loops every page automatically.
for await (const leg of client.iterateLegs(tripId)) {
  console.log(leg.title);
}

Model Context Protocol

Agents that speak MCP (Claude Desktop, Claude Code, Cursor, Windsurf, OpenClaw) can consume the REST API through @osoto/mcp-server without writing any client code.

npx @osoto/mcp-server

Full MCP setup instructions →

Rate limiting

API keys are limited to 60 requests per minute. Rate limit status is returned in response headers.

Parameter	Type	Description
X-RateLimit-Limit	integer	Requests allowed per window
X-RateLimit-Remaining	integer	Requests remaining in current window
Retry-After	integer	Seconds until the window resets (only on 429)

Idempotency and retries

Retries are safe. You have two tools for making sure a flaky network does not create duplicates: an Idempotency-Key header for individual mutations, and a clientRef field for upserting rows by a caller-supplied identifier.

Idempotency-Key header

Any POST, PATCH, or DELETE may include an Idempotency-Key header (max 255 characters). Retries with the same key replay the cached response; retries with the same key but a different body return 409 IDEMPOTENCY_CONFLICT. Cached responses expire after 24 hours.

curl -X POST https://keen-sturgeon-487.convex.site/api/v1/trips \
  -H "Authorization: Bearer osk_..." \
  -H "Idempotency-Key: create-trip-42" \
  -H "Content-Type: application/json" \
  -d '{"groupId":"...","title":"Cotswolds","startDate":"2026-07-15","endDate":"2026-07-22"}'

clientRef field

Pass a clientRef when creating legs, action items, map pins, or stays. It is unique per trip (or per leg for stays). Passing the same value on a retry diff-merges into the existing row instead of inserting a duplicate. clientRef pairs naturally with the batch upsert endpoints when importing a full itinerary.

Errors

Errors return a JSON object with a code and message.

{
  "error": {
    "code": "VALIDATION_ERROR",
    "message": "Missing required fields: title, startDate",
    "requestId": "req_0f9a8b7c-...",
    "details": [
      { "path": "title", "reason": "required" },
      { "path": "startDate", "reason": "required" }
    ]
  }
}

Every response carries an X-Request-Id header (mirrored in error.requestId for error responses). Include it when filing support issues so we can trace the request end-to-end.

Parameter	Type	Description
UNAUTHORIZED	401	Invalid or missing API key
FORBIDDEN	403	Key lacks required scope or trip access
NOT_FOUND	404	Resource does not exist
VALIDATION_ERROR	400	Missing or invalid request fields
IDEMPOTENCY_CONFLICT	409	Same Idempotency-Key was replayed with a different request body
RATE_LIMITED	429	Too many requests

Endpoints

Me

GET/me

Return the authenticated user, their groups, and the default group ID. Call this once at startup to discover groupId values for trip creation.

curl https://keen-sturgeon-487.convex.site/api/v1/me \
  -H "Authorization: Bearer osk_..."

Trips

GET/trips

List all trips the authenticated user has access to.

curl https://keen-sturgeon-487.convex.site/api/v1/trips \
  -H "Authorization: Bearer osk_..."

POST/trips

Create a new trip.

Parameter	Type	Description
groupId*	string	Group to create the trip in
title*	string	Trip title
startDate*	string	Start date (YYYY-MM-DD)
endDate*	string	End date (YYYY-MM-DD)

curl -X POST https://keen-sturgeon-487.convex.site/api/v1/trips \
  -H "Authorization: Bearer osk_..." \
  -H "Content-Type: application/json" \
  -d '{"groupId":"...","title":"Summer in the Cotswolds","startDate":"2026-07-15","endDate":"2026-07-22"}'

GET/trips/{tripId}

Get trip details.

GET/trips/{tripId}/export

Canonical trip snapshot. Returns trip, legs, map pins, action items, commitments, and members in a single response. Use this to answer questions like "where am I staying on Tuesday" without issuing multiple reads.

curl https://keen-sturgeon-487.convex.site/api/v1/trips/TRIP_ID/export \
  -H "Authorization: Bearer osk_..."

POST/trips/{tripId}/sync

Diff-based snapshot import. Pass any combination of legs, actionItems, and mapPins; items with a matching clientRef are diff-merged, items without are created. Set dryRun=true to preview the change set without writing. Returns per-category created/updated/errors counts and per-item outcomes.

curl -X POST "https://keen-sturgeon-487.convex.site/api/v1/trips/TRIP_ID/sync?dryRun=true" \
  -H "Authorization: Bearer osk_..." \
  -H "Content-Type: application/json" \
  -d '{"legs":[{"order":0,"title":"Tokyo","destination":"Tokyo","startDate":"2026-07-15","endDate":"2026-07-20","timezone":"Asia/Tokyo","clientRef":"leg-tok-1"}],"mapPins":[{"name":"Sensoji","lat":35.7148,"lng":139.7967,"clientRef":"pin-sensoji"}]}'

PATCH/trips/{tripId}

Update trip metadata.

Parameter	Type	Description
title	string	New title
startDate	string	New start date
endDate	string	New end date
status	string	draft, active, or completed

DELETE/trips/{tripId}

Archive a trip (sets status to completed).

Trip legs

GET/trips/{tripId}/legs

List legs for a trip, sorted by order.

Parameter	Type	Description
limit	integer	Max results (default 100, max 200)
cursor	string	Pagination cursor from previous response

POST/trips/{tripId}/legs

Add a trip leg.

Parameter	Type	Description
order*	number	Sort order (0-based)
title*	string	Leg title
destination*	string	Destination name
startDate*	string	Start date
endDate*	string	End date
timezone*	string	IANA timezone (e.g., Europe/London)
accommodation	object	Accommodation details
flights	array	Flight details
rentalCar	object	Rental car details
clientRef	string	Caller-supplied unique reference (per trip). Retries upsert instead of duplicating.

POST/trips/{tripId}/legs:batch

Batch upsert up to 50 legs in a single call. Items with a matching clientRef are diff-merged; items without are created. Partial success: a 207 response lists per-item results.

curl -X POST https://keen-sturgeon-487.convex.site/api/v1/trips/TRIP_ID/legs:batch \
  -H "Authorization: Bearer osk_..." \
  -H "Content-Type: application/json" \
  -d '{"items":[{"order":0,"title":"Tokyo","destination":"Tokyo","startDate":"2026-07-15","endDate":"2026-07-20","timezone":"Asia/Tokyo","clientRef":"leg-tok-1"}]}'

PATCH/trips/{tripId}/legs/{legId}

Update a trip leg.

DELETE/trips/{tripId}/legs/{legId}

Remove a trip leg.

Action items

GET/trips/{tripId}/action-items

List checklist items for a trip.

POST/trips/{tripId}/action-items

Create a checklist item.

Parameter	Type	Description
text*	string	Item text
urgency*	string	now, before_trip, or nice_to_have
owner	string	User ID to assign
clientRef	string	Caller-supplied unique reference (per trip). Retries upsert instead of duplicating.

POST/trips/{tripId}/action-items:batch

Batch upsert up to 50 action items. Supports clientRef for retry-safe upserts.

PATCH/trips/{tripId}/action-items/{itemId}

Update or toggle completion on an action item.

DELETE/trips/{tripId}/action-items/{itemId}

Remove an action item.

Commitments

GET/trips/{tripId}/commitments

List scheduled events on a trip: dinners, activities, birthdays, meetings. Paginated — default limit 100, max 200, ordered by startDate and startTime.

POST/trips/{tripId}/commitments

Create a scheduled event. Optionally link it to a leg or a map pin.

Parameter	Type	Description
title*	string	Event title
startDate*	string	Date (YYYY-MM-DD)
category*	string	dinner, activity, birthday, meeting, or other
startTime	string	Local time HH:mm (24-hour)
endTime	string	Local time HH:mm (24-hour)
isAllDay	boolean	True for all-day events (startTime and endTime are ignored)
timezone	string	IANA timezone (e.g., Europe/London)
legId	string	Link to an existing trip leg
mapPinId	string	Link to an existing map pin
notes	string	Free-form notes about the event

PATCH/trips/{tripId}/commitments/{commitmentId}

Update a commitment.

DELETE/trips/{tripId}/commitments/{commitmentId}

Remove a commitment.

Map pins

GET/trips/{tripId}/map-pins

List map pins for a trip.

POST/trips/{tripId}/map-pins

Pin a place on the trip map.

Parameter	Type	Description
name*	string	Place name
lat*	number	Latitude
lng*	number	Longitude
category	string	Category (e.g., restaurant, hotel)
notes	string	Notes about the place
clientRef	string	Caller-supplied unique reference (per trip). Retries upsert instead of duplicating.

POST/trips/{tripId}/map-pins:batch

Batch upsert up to 50 map pins. Supports clientRef for retry-safe upserts.

PATCH/trips/{tripId}/map-pins/{pinId}

Update a map pin.

DELETE/trips/{tripId}/map-pins/{pinId}

Remove a map pin.

Messages

GET/trips/{tripId}/channels

List channels for a trip.

GET/trips/{tripId}/channels/{channelId}/messages

List messages in a channel. Paginated: pass cursor for next page.

Parameter	Type	Description
limit	integer	Max results (default 50, max 100)
cursor	string	Pagination cursor from previous response

POST/trips/{tripId}/channels/{channelId}/messages

Send a message to a channel.

Parameter	Type	Description
content*	string	Message content
parentId	string	Reply to a message ID

Trip members

GET/trips/{tripId}/members

List members of a trip with their roles and contact info.

Shared (no auth)

Generate a share token with POST /trips/{tripId}/share-token. The token grants unauthenticated read access to the safe projection of the trip. Sensitive fields like wifiPassword, doorCode, hostPhone, confirmationNumber, and check-in instructions are stripped. Revoke with DELETE /trips/{tripId}/share-token.

GET/shared/trips/{token}

Read-only share view. No Authorization header required.

curl https://keen-sturgeon-487.convex.site/api/v1/shared/trips/SHARE_TOKEN

GET/shared/trips/{token}/export

Canonical share snapshot with the same shape as /trips/{tripId}/export but using the safe-allowlist projection.