This short guide walks a client through the exact steps to generate a Cal.com API key (token), locate the Event ID for the event you want integrated, and securely share those values with our team so we can complete the integration.
Before you start (prerequisites)
You must be logged into the Cal.com account that owns the event (or have Org/Admin access).
Know which event you want connected (example: “15‑min Intro Call” or “Onboarding — New Customer”).
If you must send via email, follow the "How to share securely" section below.
Part A — Generate an API key (token)
Note: Cal.com’s UI labels may vary by account or version. If you don’t see the exact menu names below, look for Settings, Integrations, Developers, or API / API Keys.
Sign in to your Cal.com account at Cal.com using the account that manages the event.
Open Account Settings (or Organization / Team Settings if your event is in an org account).
Locate the section labeled API Keys, Developers, Integrations, or API / Access Tokens.
Click Create New API Key (or Generate Token / New Token).
Give the key a clear descriptive name, e.g.:
Aurora Integration - <Your Company>.If there are permission scope options, choose the minimal permissions required (usually read access to events/bookings and write access to create bookings if you want the integration to create events). If you’re unsure which scopes to allow, provide a note to our team and we’ll advise.
If offered an expiration date, consider setting a short expiry for initial testing (you can extend later) or leave it permanent and rotate later — up to you.
Click Generate / Create.
Important: Copy the token immediately — many systems only display the token once. Save it in a secure password manager or temporary secure file.
Record: Copy the API key value (it will look like a long string of letters/numbers). You will provide this to our team in the secure sharing step.
Part B — Find the Event ID
There are two common ways to get an Event ID:
Option 1 — From the event page URL
In Cal.com, go to Events and open the specific event you want to integrate.
Look at your browser’s address bar. The Event ID is commonly visible in the URL. Example patterns you might see:
https://cal.com/<your-org>/events/<event-id>https://app.cal.com/organizations/<org-id>/events/<event-id>
Copy the string that appears after
/events/— that is the Event ID. It may be a UUID (long dashed string) or a shorter ID depending on Cal.com.
Option 2 — From the event settings page
Open the event in Cal.com and view Event Settings or Advanced settings.
Look for a field labeled
Event ID,ID, orPublic URL(the ID is often shown with the public link). Copy it.
If you cannot locate the Event ID, take a screenshot of the event settings page (hide any sensitive keys) and send it to us; we can point to the ID field for you.
Part C — How to share the API key + Event ID with us (securely)
If you must use email (least secure):
Put the API key and Event ID in a short email, but password-protect the file (ZIP with password) and send the password in a separate message/channel (e.g., SMS or chat).
What to send (copy/paste or in the secure share):
Cal.com account email:
you@example.comAPI Key (token):
<paste-the-api-key-here>Event ID:
<paste-event-id-here>Environment:
productionorstaging(tell us where we should connect)Optional: A note if tests should be done on a specific date/time range or if the event has blackout/availability restrictions.
Example quick message (use secure share):
Cal.com
account email: ops@yourcompany.com
API Key (token): sk_live_XXXXXXXXXXXXXXXXXXXXXXXX
Event ID: 9f6b3d2c-1a2b-4c3d-8e7f-0123456789ab
Environment: production
Note: Please test using a demo booking slot on Mondays between 10–12 only.
Part D — What we’ll do after you send it
We'll confirm receipt (we will not store or expose the key publicly).
We'll configure the integration to use that API key against the provided Event ID.
We'll perform a test booking with a dummy/test contact and confirm webhooks/callbacks work (or ask you to approve a test booking).
When tests pass, we’ll confirm everything’s working and recommend whether to rotate the key or keep it.
Security & best practices
Only share keys via secure channels. Never post API keys in public chat, public tickets, or an unprotected document.
Name the key clearly so you know which integration it belongs to.
Rotate and revoke the key after setup or if you suspect it has been exposed.
Limit permissions (scopes) to only what the integration needs, if Cal.com supports scoped tokens.
Revoke old tokens when creating new ones.
Troubleshooting
Key rejected / 401 errors: Make sure there are no leading/trailing spaces when pasting the key. Ensure the token was copied fully.
Event not found: Confirm the Event ID matches the correct organization/account. Make sure the event still exists and is active.
Permissions error: The API key might lack required scopes. Either re-generate with broader scopes temporarily or contact your Cal.com admin for developer permissions.
We can't find the Event ID: Send a screenshot of the event page (hide any sensitive data) and we’ll point out where the ID is.
FAQ
