Book a spa treatment on an existing stay

  • Services
  • 6 routes
How do I book and verify a spa appointment for a customer who already has a booking?

This scenario documents the API flow used to book a spa treatment for a customer who already has a Club Med booking. The documented flow starts from the booking detail to retrieve the stay product_id, then continues with the resort spa catalog, treatment availability, booking creation, and booking verification.

When a request body schema is not exposed by the available documentation, it is explicitly marked as not verifiable.

Overview

This journey covers the business need of booking a spa treatment for an authenticated customer who already owns a valid Club Med booking.

The scenario is built on six verified routes: one booking detail route to retrieve the product_id, two spa catalog routes, two booking spa routes, and one optional cancellation route.

Prerequisites

  • The customer must have a valid customer_id.
  • The booking must be known through a valid booking_id.
  • The customer must be authenticated with a valid bearer token for customer routes.
  • The accept-language and x-api-key headers are required on the selected routes.
  • The booking must contain a stay with a usable product_id.
  • The targeted resort must expose a spa and at least one available treatment during the requested period.

Important

POST/v0/customers/{customer_id}/bookings/{booking_id}/spas confirms that a spa service can be booked with a desired slot and employee, but the exact request body schema is not visible in the available documentation. The detailed payload therefore cannot be documented here without risk of error.

Process workflow

Legend:
Mandatory
Optional
1

Retrieve the stay and product_id

Mandatory

Use GET/v3/customers/{customer_id}/bookings/{booking_id} to retrieve the stay context and capture the product_id required by the spa catalog routes.

Prerequisites

Prepare customer_id, booking_id. Keep x-api-key and, when the route is customer-scoped, a valid bearer token.

Calling CURL

curl -X GET \
  -H "x-api-key: YOUR_API_KEY" \
  -H "accept-language: en-US" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  "https://api.clubmed.com/v3/customers/{customer_id}/bookings/{booking_id}"

Example answer

{
  "id": "booking-1",
  "booking_status": "OPTION",
  "payment_status": "PENDING",
  "stays": [
    {
      "product_id": "product-1",
      "label": "Club Med Valmorel"
    }
  ]
}

info: Keep the returned product_id from the stay to query the spa catalog for the same resort.

Response codes

  • 200 OK: the expected data is returned.
  • 400 Bad Request: the request is invalid or incomplete.
  • 401 Unauthorized: the token is missing or invalid.
  • 403 Forbidden: access is denied in this context.
  • 404 Not Found: the requested resource cannot be found.
GET/v3/customers/{customer_id}/bookings/{booking_id}
See more
2

List the resort spa offering

Mandatory

Use GET/v0/products/{product_id}/spas to list the spa cares, prices, and booking rules available for the resort.

Prerequisites

Prepare product_id. Keep x-api-key and, when the route is customer-scoped, a valid bearer token.

Calling CURL

curl -X GET \
  -H "x-api-key: YOUR_API_KEY" \
  -H "accept-language: en-US" \
  "https://api.clubmed.com/v0/products/{product_id}/spas"

Example answer

{
  "label": "Club Med Spa",
  "currency": "EUR",
  "cares": [
    {
      "id": "care-1",
      "label": "Relaxing massage",
      "price": 120,
      "duration": 50
    }
  ],
  "cancellation_hours_limit": 24
}

info: Reuse care ids, prices, and cancellation limits to guide the customer toward the right spa service.

Response codes

  • 200 OK: the expected data is returned.
  • 400 Bad Request: the request is invalid or incomplete.
  • 404 Not Found: the requested resource cannot be found.
GET/v0/products/{product_id}/spas
See more
3

Check treatment availability slots

Mandatory

Use GET/v0/products/{product_id}/spas/cares/{care_code} to list the time slots available for one spa care over the requested period.

Prerequisites

Prepare product_id, care_code. Keep x-api-key and, when the route is customer-scoped, a valid bearer token.

Calling CURL

curl -X GET \
  -H "x-api-key: YOUR_API_KEY" \
  -H "accept-language: en-US" \
  "https://api.clubmed.com/v0/products/{product_id}/spas/cares/{care_code}?start_date=2026-07-10T00:00:00.000Z&end_date=2026-07-17T23:59:59.999Z&date_format=ISO"

Example answer

[
  {
    "start_date_time": "2026-07-10T10:00:00Z",
    "end_date_time": "2026-07-10T10:50:00Z",
    "employees": [
      {
        "id": "employee-1",
        "name": "Emma"
      }
    ]
  }
]

info: Cross the returned slots with the employee_id options before submitting the spa booking request.

Response codes

  • 200 OK: the expected data is returned.
  • 400 Bad Request: the request is invalid or incomplete.
  • 404 Not Found: the requested resource cannot be found.
GET/v0/products/{product_id}/spas/cares/{care_code}
See more
4

Book the spa treatment

Mandatory

Use POST/v0/customers/{customer_id}/bookings/{booking_id}/spas to create the spa appointment on an existing booking.

Prerequisites

Prepare customer_id, booking_id. Keep x-api-key and, when the route is customer-scoped, a valid bearer token. Validate the request body before the call to avoid a validation error.

Calling CURL

curl -X POST \
  -H "x-api-key: YOUR_API_KEY" \
  -H "accept-language: en-US" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"product_id": "product-1", "care_code": "care-1", "start_date_time": "2026-07-10T10:00:00Z", "employee_id": "employee-1"}' \
  "https://api.clubmed.com/v0/customers/{customer_id}/bookings/{booking_id}/spas"

Example answer

{
  "booking_number": "BK-1001",
  "status": "Confirmed",
  "appointment_id": "spa-appointment-1",
  "price": {
    "amount": 120,
    "currency": "EUR"
  }
}

info: Keep the returned appointment_id to re-read or cancel the spa booking later.

Response codes

  • 200 OK: the operation succeeds and the resource is returned.
  • 400 Bad Request: the body or parameters are invalid.
  • 401 Unauthorized: the token is missing or invalid.
  • 403 Forbidden: access is denied in this context.
  • 404 Not Found: the target resource cannot be found.
POST/v0/customers/{customer_id}/bookings/{booking_id}/spas
See more
5

Verify spa appointments on the booking

Mandatory

Use GET/v0/customers/{customer_id}/bookings/{booking_id}/spas to read back the spa appointments currently attached to the booking.

Prerequisites

Prepare customer_id, booking_id. Keep x-api-key and, when the route is customer-scoped, a valid bearer token.

Calling CURL

curl -X GET \
  -H "x-api-key: YOUR_API_KEY" \
  -H "accept-language: en-US" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  "https://api.clubmed.com/v0/customers/{customer_id}/bookings/{booking_id}/spas"

Example answer

[
  {
    "appointment_id": "spa-appointment-1",
    "status": "Confirmed",
    "spa_care": "Relaxing massage",
    "start_date_time": "2026-07-10T10:00:00Z"
  }
]

info: Use this read-back to confirm the appointment status, selected care, and slot after booking.

Response codes

  • 200 OK: the expected data is returned.
  • 400 Bad Request: the request is invalid or incomplete.
  • 401 Unauthorized: the token is missing or invalid.
  • 403 Forbidden: access is denied in this context.
  • 404 Not Found: the requested resource cannot be found.
GET/v0/customers/{customer_id}/bookings/{booking_id}/spas
See more
6

Cancel a spa appointment

Optional

Use DELETE /v0/customers/{customer_id}/bookings/{booking_id}/spas/{appointment_id} to cancel a spa appointment.

Prerequisites

Prepare customer_id, booking_id, appointment_id. Keep x-api-key and, when the route is customer-scoped, a valid bearer token.

Calling CURL

curl -X DELETE \
  -H "x-api-key: YOUR_API_KEY" \
  -H "accept-language: en-US" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  "https://api.clubmed.com/v0/customers/{customer_id}/bookings/{booking_id}/spas/{appointment_id}"

Example answer

HTTP/1.1 204 No Content

info: Success may be returned without a response body. Read the resource again afterwards if you need to display the final state.

Response codes

  • 204 No Content: the operation is applied successfully.
  • 400 Bad Request: the body or parameters are invalid.
  • 401 Unauthorized: the token is missing or invalid.
  • 403 Forbidden: access is denied in this context.
  • 404 Not Found: the target resource cannot be found.
DELETE/v0/customers/{customer_id}/bookings/{booking_id}/spas/{appointment_id}
See more