Authentication
Bearer API keys per tenant, scoped by role. Keys can be rotated and revoked from the dashboard. Production keys never expire by default; rotation policies available.
API Reference
An API you’d actually want to ship on.
Public REST API, OpenAPI 3.1 spec, type-safe SDKs in TypeScript and Python, and a webhook firehose with HMAC signatures.
POST /v1/bookings
curl https://api.gogoengine.com/v1/bookings \
-H "Authorization: Bearer ${GOGO_API_KEY}" \
-H "Content-Type: application/json" \
-d '{
"unit_id": "unit_8d9a",
"starts_at": "2026-06-12T15:00:00Z",
"ends_at": "2026-06-15T17:00:00Z",
"customer": { "email": "patel@example.com", "name": "Anika Patel" },
"deposit_policy": "marine_standard",
"rate_plan_id": "rp_summer_weekend"
}'response · 201 created
{
"id": "bkg_4Z9q",
"status": "confirmed",
"starts_at": "2026-06-12T15:00:00Z",
"ends_at": "2026-06-15T17:00:00Z",
"total": { "amount": 1047.00, "currency": "USD" },
"deposit": { "auth_id": "pi_3Nq...", "amount": 500.00, "released_at": null },
"agreement_url": "https://harborview.gogoengine.com/sign/agr_x9e2",
"links": { "manage_url": "https://harborview.gogoengine.com/portal/booking/bkg_4Z9q" }
}Foundations
The conventions we ship on.
Pagination
Cursor-based pagination on every list endpoint. starting_after and ending_before parameters with sensible 100-record default page size.
Errors
RFC 9457 problem-details JSON. Stable error codes, machine-readable details, request IDs traceable in logs.
Idempotency
All POST endpoints accept Idempotency-Key. Duplicate keys return the original response without re-executing.
Rate limits
Per-tenant limits scaled to your plan. Higher limits on Studio and above. Headers include X-RateLimit-Remaining and X-RateLimit-Reset.
Versioning
URL-versioned (/v1, /v2). New versions are additive when possible. Breaking changes get 12 months of overlap.