Docs
Home Quickstart API reference Changelog
← chronapilot.com v 2026-05-12

ChronaPilot Connect

Connect is the platform offering — what you use when your application has many end-users, each with their own calendar.

Mental model

ChronaPilot Connect lets a platform read and write calendars on behalf of its end-users — a multi-tenant OAuth pattern:

1. Your platform redirects the user to ChronaPilot's authorize endpoint. 2. The user grants scopes. 3. ChronaPilot redirects back with an authorization code. 4. Your server exchanges the code for an access token plus a connected_account_id (cpa_…). 5. You include the access token on every call to act on that user's behalf.

Authorize flow

text
https://api.chronapilot.com/oauth/authorize
  ?client_id=cli_4eC39HqLyjWDarjtT1zdp7dc
  &redirect_uri=https://your-app.com/oauth/callback
  &response_type=code
  &scope=events:read+events:write+calendars:read+webhooks:manage
  &state=<random>
  &code_challenge=<sha256-base64url>
  &code_challenge_method=S256

Use PKCE for public clients (mobile, SPA). For confidential clients, you may omit PKCE and authenticate at the token endpoint with client_secret.

Token exchange

curl
curl https://api.chronapilot.com/oauth/token \
  -X POST \
  -d grant_type=authorization_code \
  -d code=<auth-code> \
  -d redirect_uri=https://your-app.com/oauth/callback \
  -d code_verifier=<pkce-verifier> \
  -d client_id=cli_4eC39HqLyjWDarjtT1zdp7dc

Response:

JSON
{
  "access_token": "cat_1abc2def3ghi4jkl",
  "token_type": "Bearer",
  "expires_in": 3600,
  "refresh_token": "crt_5mno6pqr7stu8vwx",
  "scope": "events:read events:write calendars:read webhooks:manage",
  "connected_account_id": "cpa_9yza0bcd1efg"
}

Acting on behalf of an account

Pass the access token like any API key:

curl
curl https://api.chronapilot.com/v1/events \
  -H "Authorization: Bearer cat_1abc2def3ghi4jkl"

Or, if you prefer a single platform key plus impersonation, pass the connected account ID in a header:

curl
curl https://api.chronapilot.com/v1/events \
  -H "Authorization: Bearer sk_live_…" \
  -H "Chronapilot-Account: cpa_9yza0bcd1efg"

Webhook routing

Webhooks fired for events on a connected account are sent to the endpoints registered against that account, plus any platform-level endpoints that elected to receive Connect events. Each delivery carries:

JSON
{
  "account": "cpa_9yza0bcd1efg",
  "type": "event.created",
  "data": { … }
}

Provider connections vs Connect accounts

These are two different concepts that sometimes confuse new developers:

  • Connect account (cpa_…) — your end-user, on ChronaPilot.
  • Provider connection (con_…) — that user's OAuth to Google or Microsoft Calendar.

A Connect account has zero or many provider connections.

© 2026 ChronaPilot · A SpaceBeacon company · Vancouver, BC 🇨🇦
Privacy Terms platform@chronapilot.com