Skip to main content
As an example, you can view our OAuth flow in action on Zapier. Try to connect your Cal.com account here. To enable OAuth in one of your apps, you will need a Client ID, Client Secret, Authorization URL, Access Token Request URL, and Refresh Token Request URL.

Get your OAuth “Continue with Cal.com” Badge

OAuth Client Credentials

You can create an OAuth client via the following page https://app.cal.com/settings/developer/oauth. The OAuth client will be in a “pending” state and not yet ready to use. An admin from Cal.com will then review your OAuth client and you will receive an email if it was accepted or rejected. If it was accepted then your OAuth client is ready to be used.

Authorization URL

To initiate the OAuth flow, direct users to the following authorization URL:
  • https://app.cal.com/auth/oauth2/authorize
  • URL Parameters:
    • client_id
    • state: A securely generated random string to mitigate CSRF attacks
    • redirect_uri: This is where users will be redirected after authorization
After users click Allow, they will be redirected to the redirect_uri with the code (authorization code) and state as URL parameters.

Access Token Request

Endpoint: POST https://app.cal.com/api/auth/oauth/token Request Body:
  • code: The authorization code received in the redirect URI
  • client_id
  • client_secret
  • grant_type: “authorization_code”
  • redirect_uri
Response: 
{
    access_token: “exampleAccessToken”
    refresh_token: “exampleRefreshToken”
}

Refresh Token Request

Endpoint: POST https://app.cal.com/api/auth/oauth/refreshToken Headers:
  • Authorization: Bearer exampleRefreshToken
Request Body:
  • grant_type: “refresh_token”
  • client_id
  • client_secret
Response: 
{
    access_token: “exampleAccessToken”,
    refresh_token: "exampleRefreshToken"
}

Testing OAuth Credentials

To verify the correct setup and functionality of OAuth credentials you can use the following endpoint: GET https://api.cal.com/v2/me Headers:
  • Authorization: Bearer exampleAccessToken