Manage booking
This set of endpoints allows partners to manage the full lifecycle of an active Booking—the finalized status of a confirmed Offer. Use these operations to handle customer-initiated changes, updates, or complete cancellations after the initial purchase.
Once an Offer has been successfully converted into a Booking via the Confirm Offer endpoint, all post-purchase actions related to modifying the secured product(s) are handled through the Booking Management suite.
These endpoints are essential for providing a flexible and robust customer experience, ensuring that your customers can adjust their plans as needed.
Required scopes
This endpoint requires the following scopes:
- : Read-only access to view booking details.
Authorizations
OAuth2clientCredentialsRequiredToken URL:
XONE API Access Token
To get started with the XONE API, you'll first need to obtain an access token. This token acts as a digital key, granting your application permission to make API calls.
This process uses the OAuth 2.0 Client Credentials Grant flow. You'll use your unique client ID and client secret to request a token, which you then include in subsequent API requests.
🔑 Authentication Steps
- Request Token: Send a "Retrieve Token" request to the XONE authorization server's token endpoint.
- Include Credentials: In the request body, provide your
client_idandclient_secretas a JSON object. - Use Token: The server will respond with an
access_tokenthat you can now use to authenticate your API calls by including it in the Authorization header as aBearertoken.
Path parameters
partner_idstringRequired
Responses
200
200 OK
application/json
401
401 Unauthorized
application/json
get
/api/partners/{partner_id}/bookingsGET /api/partners/{partner_id}/bookings HTTP/1.1
Host: api.xone.xcover.com
Authorization: Bearer YOUR_OAUTH2_TOKEN
Accept: */*
{
"data": [
{
"provider_reference": "text",
"language": "text",
"provider_customer_id": null,
"status": "text",
"currency": "text",
"price": 1,
"security_token": "text",
"created_at": "2025-11-20T11:50:02.276Z",
"updated_at": "2025-11-20T11:50:02.276Z",
"is_instant_booking": true,
"policies": [
{
"status": "text",
"policy_start_date": "2025-11-20T11:50:02.276Z",
"policy_end_date": "2025-11-20T11:50:02.276Z",
"price": 1,
"tax": 1,
"commission": 1,
"cover_amount": null,
"policy_type": "text",
"policy_code": "text",
"policy_version": "text",
"policy_content": {
"title": "text",
"header": null,
"description": "text",
"optout_msg": "text",
"inclusions": [],
"exclusions": [],
"disclaimer": "text",
"disclaimer_html": "text",
"payment_disclaimer": "text",
"in_path_disclaimer": "text"
},
"claim_selector_id": "text",
"pds_url": "https://example.com",
"extra_fields": {
"retail_premium": "text",
"uw_fee": "text",
"get_tickets": [
{
"type": "text",
"price": 1,
"scanned_at": null
}
],
"cg_revenue": "text"
},
"confirmed_at": "2025-11-20T11:50:02.276Z",
"cancelled_at": null,
"created_at": "2025-11-20T11:50:02.276Z",
"updated_at": "2025-11-20T11:50:02.276Z",
"policy_start_date_tz_offset": "text",
"policy_end_date_tz_offset": "text",
"id": "text"
}
],
"id": "text",
"quote": {
"uuid": "text"
},
"partner": {
"uuid": "text",
"name": "text"
},
"coi": {
"url": "https://example.com",
"pdf": "https://example.com"
},
"account_url": "https://example.com",
"fnol_link": "https://example.com",
"sign_up_url": "https://example.com"
}
],
"links": {
"first": "https://example.com",
"last": "https://example.com",
"prev": null,
"next": "https://example.com"
},
"meta": {
"current_page": 1,
"from": 1,
"last_page": 1,
"links": [
{
"url": null,
"label": "text",
"active": true
}
],
"path": "https://example.com",
"per_page": 1,
"to": 1,
"total": 1
}
}Required scopes
This endpoint requires the following scopes:
- : Permission to modify existing bookings.
Authorizations
OAuth2clientCredentialsRequiredToken URL:
XONE API Access Token
To get started with the XONE API, you'll first need to obtain an access token. This token acts as a digital key, granting your application permission to make API calls.
This process uses the OAuth 2.0 Client Credentials Grant flow. You'll use your unique client ID and client secret to request a token, which you then include in subsequent API requests.
🔑 Authentication Steps
- Request Token: Send a "Retrieve Token" request to the XONE authorization server's token endpoint.
- Include Credentials: In the request body, provide your
client_idandclient_secretas a JSON object. - Use Token: The server will respond with an
access_tokenthat you can now use to authenticate your API calls by including it in the Authorization header as aBearertoken.
Path parameters
partner_idstringRequired
booking_idstringRequired
Body
Responses
200
200 OK
application/json
401
401 Unauthorized
application/json
422
422 Unprocessable Entity
application/json
patch
/api/partners/{partner_id}/bookings/{booking_id}/previewPATCH /api/partners/{partner_id}/bookings/{booking_id}/preview HTTP/1.1
Host: api.xone.xcover.com
Authorization: Bearer YOUR_OAUTH2_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 146
{
"policies": [
{
"id": "text",
"policy_start_date": "2025-11-20T11:50:02.276Z",
"update_fields": {
"insured": [
{
"first_name": "text",
"last_name": "text"
}
]
}
}
]
}{
"data": {
"id": "text",
"provider_reference": "text",
"language": "text",
"provider_customer_id": null,
"status": "text",
"currency": "text",
"price": 1,
"security_token": "text",
"created_at": "2025-11-20T11:50:02.276Z",
"updated_at": "2025-11-20T11:50:02.276Z",
"is_instant_booking": true,
"policies": [
{
"status": "text"
}
],
"policyholder": {
"first_name": "text",
"last_name": "text",
"email": "[email protected]",
"phone": "text",
"country": "text",
"date_of_birth": null,
"address1": "text",
"address2": null,
"city": "text",
"region": "text",
"postcode": "text",
"created_at": "2025-11-20T11:50:02.276Z",
"updated_at": "2025-11-20T11:50:02.276Z",
"id": "text"
},
"quote": {
"uuid": "text"
},
"cancellations": [],
"partner": {
"uuid": "text",
"name": "text"
},
"coi": {
"url": "https://example.com",
"pdf": "https://example.com"
},
"account_url": "https://example.com",
"fnol_link": "https://example.com",
"sign_up_url": "https://example.com"
}
}Required scopes
This endpoint requires the following scopes:
- : Permission to cancel bookings.
Authorizations
OAuth2clientCredentialsRequiredToken URL:
XONE API Access Token
To get started with the XONE API, you'll first need to obtain an access token. This token acts as a digital key, granting your application permission to make API calls.
This process uses the OAuth 2.0 Client Credentials Grant flow. You'll use your unique client ID and client secret to request a token, which you then include in subsequent API requests.
🔑 Authentication Steps
- Request Token: Send a "Retrieve Token" request to the XONE authorization server's token endpoint.
- Include Credentials: In the request body, provide your
client_idandclient_secretas a JSON object. - Use Token: The server will respond with an
access_tokenthat you can now use to authenticate your API calls by including it in the Authorization header as aBearertoken.
Path parameters
partner_idstringRequired
booking_idstringRequired
Body
Responses
200
200 OK
application/json
401
401 Unauthorized
application/json
422
422 Unprocessable Entity
application/json
delete
/api/partners/{partner_id}/bookings/{booking_id}DELETE /api/partners/{partner_id}/bookings/{booking_id} HTTP/1.1
Host: api.xone.xcover.com
Authorization: Bearer YOUR_OAUTH2_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 44
{
"policies": [
{
"id": "text",
"reason": "text"
}
]
}{
"data": {
"provider_reference": "text",
"language": "text",
"provider_customer_id": null,
"status": "text",
"currency": "text",
"price": 1,
"security_token": "text",
"created_at": "2025-11-20T11:50:02.276Z",
"updated_at": "2025-11-20T11:50:02.276Z",
"is_instant_booking": true,
"policies": [
{
"status": "text",
"policy_start_date": "2025-11-20T11:50:02.276Z",
"policy_end_date": "2025-11-20T11:50:02.276Z",
"price": 1,
"tax": 1,
"commission": 1,
"cover_amount": 1,
"policy_type": "text",
"policy_code": "text",
"policy_version": "text",
"policy_content": {
"title": "text",
"header": null,
"description": "text",
"optout_msg": "text",
"inclusions": [],
"exclusions": [],
"disclaimer": "text",
"disclaimer_html": "text",
"payment_disclaimer": "text",
"in_path_disclaimer": "text"
},
"claim_selector_id": "text",
"pds_url": "https://example.com",
"extra_fields": {
"retail_premium": "text",
"uw_fee": "text",
"get_tickets": [
{
"type": "text",
"price": 1,
"scanned_at": null
}
],
"event_midnight": "2025-11-20T11:50:02.276Z",
"cg_revenue": "text"
},
"confirmed_at": "2025-11-20T11:50:02.276Z",
"cancelled_at": "2025-11-20T11:50:02.276Z",
"created_at": "2025-11-20T11:50:02.276Z",
"updated_at": "2025-11-20T11:50:02.276Z",
"policy_start_date_tz_offset": "text",
"policy_end_date_tz_offset": "text",
"id": "text"
}
],
"policyholder": {
"first_name": "text",
"last_name": "text",
"email": "[email protected]",
"phone": "text",
"country": "text",
"date_of_birth": null,
"address1": "text",
"address2": null,
"city": "text",
"region": "text",
"postcode": "text",
"created_at": "2025-11-20T11:50:02.276Z",
"updated_at": "2025-11-20T11:50:02.276Z",
"id": "text"
},
"cancellations": [
{
"provider_reference": null,
"created_at": "2025-11-20T11:50:02.276Z",
"updated_at": "2025-11-20T11:50:02.276Z",
"confirmed_at": "2025-11-20T11:50:02.276Z",
"deleted_at": null,
"id": "text",
"total_refund": 1,
"total_refund_formatted": "text",
"policies": [
{
"id": "text",
"refund_value": 1,
"adjustment_fee": 1
}
]
}
],
"id": "text",
"quote": {
"uuid": "text"
},
"partner": {
"uuid": "text",
"name": "text"
},
"coi": {
"url": "https://example.com",
"pdf": "https://example.com"
},
"account_url": "https://example.com",
"fnol_link": "https://example.com",
"sign_up_url": "https://example.com"
}
}Required scopes
This endpoint requires the following scopes:
- : Permission to modify existing bookings.
Authorizations
OAuth2clientCredentialsRequiredToken URL:
XONE API Access Token
To get started with the XONE API, you'll first need to obtain an access token. This token acts as a digital key, granting your application permission to make API calls.
This process uses the OAuth 2.0 Client Credentials Grant flow. You'll use your unique client ID and client secret to request a token, which you then include in subsequent API requests.
🔑 Authentication Steps
- Request Token: Send a "Retrieve Token" request to the XONE authorization server's token endpoint.
- Include Credentials: In the request body, provide your
client_idandclient_secretas a JSON object. - Use Token: The server will respond with an
access_tokenthat you can now use to authenticate your API calls by including it in the Authorization header as aBearertoken.
Path parameters
partner_idstringRequired
booking_idstringRequired
Body
Responses
200
200 OK
application/json
401
401 Unauthorized
application/json
422
422 Unprocessable Entity
application/json
patch
/api/partners/{partner_id}/bookings/{booking_id}PATCH /api/partners/{partner_id}/bookings/{booking_id} HTTP/1.1
Host: api.xone.xcover.com
Authorization: Bearer YOUR_OAUTH2_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 146
{
"policies": [
{
"id": "text",
"policy_start_date": "2025-11-20T11:50:02.276Z",
"update_fields": {
"insured": [
{
"first_name": "text",
"last_name": "text"
}
]
}
}
]
}{
"data": {
"provider_reference": "text",
"language": "text",
"provider_customer_id": null,
"status": "text",
"currency": "text",
"price": 1,
"security_token": "text",
"created_at": "2025-11-20T11:50:02.276Z",
"updated_at": "2025-11-20T11:50:02.276Z",
"is_instant_booking": true,
"policies": [
{
"status": "text",
"policy_start_date": "2025-11-20T11:50:02.276Z",
"policy_end_date": "2025-11-20T11:50:02.276Z",
"price": 1,
"tax": 1,
"commission": 1,
"cover_amount": 1,
"policy_type": "text",
"policy_code": "text",
"policy_version": "text",
"policy_content": {
"title": "text",
"header": null,
"description": "text",
"optout_msg": "text",
"inclusions": [],
"exclusions": [],
"disclaimer": "text",
"disclaimer_html": "text",
"payment_disclaimer": "text",
"in_path_disclaimer": "text"
},
"claim_selector_id": "text",
"pds_url": "https://example.com",
"extra_fields": {
"retail_premium": "text",
"uw_fee": "text",
"get_tickets": [
{
"type": "text",
"price": 1,
"scanned_at": null
}
],
"event_midnight": "2025-11-20T11:50:02.276Z",
"cg_revenue": "text"
},
"confirmed_at": "2025-11-20T11:50:02.276Z",
"cancelled_at": null,
"created_at": "2025-11-20T11:50:02.276Z",
"updated_at": "2025-11-20T11:50:02.276Z",
"policy_start_date_tz_offset": "text",
"policy_end_date_tz_offset": "text",
"id": "text"
}
],
"policyholder": {
"first_name": "text",
"last_name": "text",
"email": "[email protected]",
"phone": "text",
"country": "text",
"date_of_birth": null,
"address1": "text",
"address2": null,
"city": "text",
"region": "text",
"postcode": "text",
"created_at": "2025-11-20T11:50:02.276Z",
"updated_at": "2025-11-20T11:50:02.276Z",
"id": "text"
},
"id": "text",
"quote": {
"uuid": "text"
},
"cancellations": [],
"partner": {
"uuid": "text",
"name": "text"
},
"coi": {
"url": "https://example.com",
"pdf": "https://example.com"
},
"account_url": "https://example.com",
"fnol_link": "https://example.com",
"sign_up_url": "https://example.com"
}
}Required scopes
This endpoint requires the following scopes:
- : Permission to cancel bookings.
Authorizations
OAuth2clientCredentialsRequiredToken URL:
XONE API Access Token
To get started with the XONE API, you'll first need to obtain an access token. This token acts as a digital key, granting your application permission to make API calls.
This process uses the OAuth 2.0 Client Credentials Grant flow. You'll use your unique client ID and client secret to request a token, which you then include in subsequent API requests.
🔑 Authentication Steps
- Request Token: Send a "Retrieve Token" request to the XONE authorization server's token endpoint.
- Include Credentials: In the request body, provide your
client_idandclient_secretas a JSON object. - Use Token: The server will respond with an
access_tokenthat you can now use to authenticate your API calls by including it in the Authorization header as aBearertoken.
Path parameters
partner_idstringRequired
booking_idstringRequired
cancellation_idstringRequired
Body
reasonstringOptional
Responses
200
200 OK
application/json
401
401 Unauthorized
application/json
422
422 Unprocessable Entity
application/json
post
/api/partners/{partner_id}/bookings/{booking_id}/cancellations/{cancellation_id}POST /api/partners/{partner_id}/bookings/{booking_id}/cancellations/{cancellation_id} HTTP/1.1
Host: api.xone.xcover.com
Authorization: Bearer YOUR_OAUTH2_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 17
{
"reason": "text"
}{
"data": {
"provider_reference": "text",
"language": "text",
"provider_customer_id": null,
"status": "text",
"currency": "text",
"price": 1,
"security_token": "text",
"created_at": "2025-11-20T11:50:02.276Z",
"updated_at": "2025-11-20T11:50:02.276Z",
"is_instant_booking": true,
"policies": [
{
"status": "text",
"policy_start_date": "2025-11-20T11:50:02.276Z",
"policy_end_date": "2025-11-20T11:50:02.276Z",
"price": 1,
"tax": 1,
"commission": 1,
"cover_amount": 1,
"policy_type": "text",
"policy_code": "text",
"policy_version": "text",
"policy_content": {
"title": "text",
"header": null,
"description": "text",
"optout_msg": "text",
"inclusions": [],
"exclusions": [],
"disclaimer": "text",
"disclaimer_html": "text",
"payment_disclaimer": "text",
"in_path_disclaimer": "text"
},
"claim_selector_id": "text",
"pds_url": "https://example.com",
"extra_fields": {
"retail_premium": "text",
"uw_fee": "text",
"get_tickets": [
{
"type": "text",
"price": 1,
"scanned_at": null
}
],
"event_midnight": "2025-11-20T11:50:02.276Z",
"cg_revenue": "text"
},
"confirmed_at": "2025-11-20T11:50:02.276Z",
"cancelled_at": "2025-11-20T11:50:02.276Z",
"created_at": "2025-11-20T11:50:02.276Z",
"updated_at": "2025-11-20T11:50:02.276Z",
"policy_start_date_tz_offset": "text",
"policy_end_date_tz_offset": "text",
"id": "text"
}
],
"cancellations": [
{
"provider_reference": "text",
"created_at": "2025-11-20T11:50:02.276Z",
"updated_at": "2025-11-20T11:50:02.276Z",
"confirmed_at": "2025-11-20T11:50:02.276Z",
"deleted_at": null,
"id": "text",
"total_refund": 1,
"total_refund_formatted": "text",
"policies": [
{
"id": "text",
"refund_value": 1,
"adjustment_fee": 1
}
]
}
],
"id": "text",
"quote": {
"uuid": "text"
},
"partner": {
"uuid": "text",
"name": "text"
},
"coi": {
"url": "https://example.com",
"pdf": "https://example.com"
},
"account_url": "https://example.com",
"fnol_link": "https://example.com",
"sign_up_url": "https://example.com"
}
}Last updated