Application API
Clear API and contract surface for Calendar, grouped under the application instead of split across generic reference sections.
App IDs:
app_topolo_calendar Repos:
Hosts:
https://calendar.topolo.app https://calendar.stg.topolo.us Dependencies: topolo-auth, topolo-chat, topolo-nexus, topolo-notify, applications-packages
Depends on Topolo Auth: yes
Type: curated
Source: system-apps/TopoloDocs/src/content/public/applications/calendar.mdx
Source exists: no
Calendar is a Worker + D1 + per-host Durable Object application. Runtime app identity resolves from the Auth-owned service slug topolo-calendar instead of checked-in concrete app_* ids. D1 is the system of record for hosts, event types, availability rules and overrides, bookings, attendees, delivery receipts, persisted slot holds, recurrence series/exceptions, external calendar metadata, encrypted external calendar credentials, OAuth callback state, and imported external busy blocks. CalendarHostDO (keyed by host handle) serialises concurrent booking attempts, writes holds through to D1, caches availability windows, and confirms bookings only after persistence succeeds. Calendar emits `calendar.booking.invite_requested`, `calendar.booking.updated`, `calendar.booking.cancelled`, and `calendar.booking.reminder_due` through TopoloNotify; Calendar builds the RFC5545 ICS payload with stable UID, incrementing sequence, REQUEST/CANCEL methods, and TopoloNotify owns template rendering, external recipient routing, Nexus attachment forwarding, retries, dispatch audit rows, provider identity, and optional provider message ids when the provider returns one. Public booking pages (/<handle>/<event-type>) plus availability/hold/confirm and token-backed manage endpoints are unauthenticated by design. Public manage links support invitee view, cancel, and reschedule without a Topolo account. Admin APIs cover booking detail/edit/reschedule/cancel/resend, availability override CRUD, Google Calendar OAuth FreeBusy sync, Microsoft Graph getSchedule sync, CalDAV REPORT sync, manual/ICS busy-block import, and provider connection removal. Recurrence supports daily/weekly/monthly frequency with interval, count/until, exception dates, and 18-month materialization. Meeting sessions remain owned by Topolo Chat; `chat_meeting` bookings call Chat's internal Calendar bridge and store the returned guest URL in `meetingProviderRef`, while external meeting providers store host-configured links or instructions. The public root renders the shared Topolo LandingPage from Auth-managed Calendar landing config. The admin `/login` route renders the shared first-party Topolo login on the app origin, and signed users enter the shared `TopoloAppShell`. Calendar exposes `GET /api/widget` with the shared `@topolo/sdk` widget response contract. Admin endpoints require bearer tokens validated by @topolo/auth-middleware against the resolved Calendar app id and enforce route-level Calendar permissions.
API key scopes in Auth catalog: 11
No global OpenAPI security scheme is declared.
api_keys.write availability.read availability.write bookings.read bookings.write embed.issue event_types.read event_types.write external_sync.write host.read host.write Wrangler surfaces: none detected
Environment variables: none derived
Routes: workers.dev fallback or no explicit route declared
Observability enabled: no explicit signal found
Wrangler surfaces: No wrangler file detected in scanned surface
This application does not yet have a source-controlled OpenAPI spec in the docs platform. The current API page is derived from the registered contract source and repository surface.