---
uuid: fae393aa-d090-416b-b12a-c3e20c15982d
date_created: 2026-01-21T15:43:06.480Z
date_updated: 2026-04-03T16:40:10.235Z
seo_url: book-spa-treatment-from-existing-booking
category: Services
routes: 
  - GET /v3/customers/{customer_id}/bookings/{booking_id}
  - GET /v0/products/{product_id}/spas
  - GET /v0/products/{product_id}/spas/cares/{care_code}
  - POST /v0/customers/{customer_id}/bookings/{booking_id}/spas
  - GET /v0/customers/{customer_id}/bookings/{booking_id}/spas
  - DELETE /v0/customers/{customer_id}/bookings/{booking_id}/spas/{appointment_id}
---

# Book a spa treatment on an existing stay

This scenario documents the API flow used to book a spa treatment for a customer who already has a Club Med booking. The documented flow starts from the booking detail to retrieve the stay `product_id`, then continues with the resort spa catalog, treatment availability, booking creation, and booking verification.

When a request body schema is not exposed by the available documentation, it is explicitly marked as not verifiable.

## Flow

```mermaid
flowchart LR
    step0["Retrieve the stay and product_id"]
    step1["List the resort spa offering"]
    step2["Check treatment availability slots"]
    step3["Book the spa treatment"]
    step4["Verify spa appointments on the booking"]
    step5["Cancel a spa appointment"]
    step0 --> step1
    step1 --> step2
    step2 --> step3
    step3 --> step4
    step4 --> step5
    classDef optional fill:transparent,stroke:#ffffff,color:#ffffff,stroke-width:1px,stroke-dasharray: 6\,4
    class step5 optional
```

## Overview

This journey covers the business need of booking a spa treatment for an authenticated customer who already owns a valid Club Med booking.

The scenario is built on six verified routes: one booking detail route to retrieve the `product_id`, two spa catalog routes, two booking spa routes, and one optional cancellation route.

## Prerequisites

* The customer must have a valid `customer_id`.
* The booking must be known through a valid `booking_id`.
* The customer must be authenticated with a valid bearer token for customer routes.
* The `accept-language` and `x-api-key` headers are required on the selected routes.
* The booking must contain a stay with a usable `product_id`.
* The targeted resort must expose a spa and at least one available treatment during the requested period.

\:::warning Important
`POST /v0/customers/{customer_id}/bookings/{booking_id}/spas` confirms that a spa service can be booked with a desired slot and employee, but the exact request body schema is not visible in the available documentation. The detailed payload therefore cannot be documented here without risk of error.
\:::

## 1 - Retrieve the stay and product\_id

Use `GET /v3/customers/{customer_id}/bookings/{booking_id}` to retrieve the stay context and capture the `product_id` required by the spa catalog routes.

#### Prerequisites

Prepare `customer_id`, `booking_id`. Keep `x-api-key` and, when the route is customer-scoped, a valid bearer token.

#### Calling CURL

```bash
curl -X GET \
  -H "x-api-key: YOUR_API_KEY" \
  -H "accept-language: en-US" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  "https://api.clubmed.com/v3/customers/{customer_id}/bookings/{booking_id}"
```

#### Example answer

```json
{
  "id": "booking-1",
  "booking_status": "OPTION",
  "payment_status": "PENDING",
  "stays": [
    {
      "product_id": "product-1",
      "label": "Club Med Valmorel"
    }
  ]
}
```

> **info:** Keep the returned `product_id` from the stay to query the spa catalog for the same resort.

***

**Response codes**

* `200 OK`: the expected data is returned.
* `400 Bad Request`: the request is invalid or incomplete.
* `401 Unauthorized`: the token is missing or invalid.
* `403 Forbidden`: access is denied in this context.
* `404 Not Found`: the requested resource cannot be found.

**Related route**: [GET https://api.clubmed.com//v3/customers/{customer\_id}/bookings/{booking\_id}](https://api.clubmed.com/doc?search=GET%20%2Fv3%2Fcustomers%2F%7Bcustomer_id%7D%2Fbookings%2F%7Bbooking_id%7D)

## 2 - List the resort spa offering

Use `GET /v0/products/{product_id}/spas` to list the spa cares, prices, and booking rules available for the resort.

#### Prerequisites

Prepare `product_id`. Keep `x-api-key` and, when the route is customer-scoped, a valid bearer token.

#### Calling CURL

```bash
curl -X GET \
  -H "x-api-key: YOUR_API_KEY" \
  -H "accept-language: en-US" \
  "https://api.clubmed.com/v0/products/{product_id}/spas"
```

#### Example answer

```json
{
  "label": "Club Med Spa",
  "currency": "EUR",
  "cares": [
    {
      "id": "care-1",
      "label": "Relaxing massage",
      "price": 120,
      "duration": 50
    }
  ],
  "cancellation_hours_limit": 24
}
```

> **info:** Reuse care ids, prices, and cancellation limits to guide the customer toward the right spa service.

***

**Response codes**

* `200 OK`: the expected data is returned.
* `400 Bad Request`: the request is invalid or incomplete.
* `404 Not Found`: the requested resource cannot be found.

**Related route**: [GET https://api.clubmed.com//v0/products/{product\_id}/spas](https://api.clubmed.com/doc?search=GET%20%2Fv0%2Fproducts%2F%7Bproduct_id%7D%2Fspas)

## 3 - Check treatment availability slots

Use `GET /v0/products/{product_id}/spas/cares/{care_code}` to list the time slots available for one spa care over the requested period.

#### Prerequisites

Prepare `product_id`, `care_code`. Keep `x-api-key` and, when the route is customer-scoped, a valid bearer token.

#### Calling CURL

```bash
curl -X GET \
  -H "x-api-key: YOUR_API_KEY" \
  -H "accept-language: en-US" \
  "https://api.clubmed.com/v0/products/{product_id}/spas/cares/{care_code}?start_date=2026-07-10T00:00:00.000Z&end_date=2026-07-17T23:59:59.999Z&date_format=ISO"
```

#### Example answer

```json
[
  {
    "start_date_time": "2026-07-10T10:00:00Z",
    "end_date_time": "2026-07-10T10:50:00Z",
    "employees": [
      {
        "id": "employee-1",
        "name": "Emma"
      }
    ]
  }
]
```

> **info:** Cross the returned slots with the `employee_id` options before submitting the spa booking request.

***

**Response codes**

* `200 OK`: the expected data is returned.
* `400 Bad Request`: the request is invalid or incomplete.
* `404 Not Found`: the requested resource cannot be found.

**Related route**: [GET https://api.clubmed.com//v0/products/{product\_id}/spas/cares/{care\_code}](https://api.clubmed.com/doc?search=GET%20%2Fv0%2Fproducts%2F%7Bproduct_id%7D%2Fspas%2Fcares%2F%7Bcare_code%7D)

## 4 - Book the spa treatment

Use `POST /v0/customers/{customer_id}/bookings/{booking_id}/spas` to create the spa appointment on an existing booking.

#### Prerequisites

Prepare `customer_id`, `booking_id`. Keep `x-api-key` and, when the route is customer-scoped, a valid bearer token. Validate the request body before the call to avoid a validation error.

#### Calling CURL

```bash
curl -X POST \
  -H "x-api-key: YOUR_API_KEY" \
  -H "accept-language: en-US" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"product_id": "product-1", "care_code": "care-1", "start_date_time": "2026-07-10T10:00:00Z", "employee_id": "employee-1"}' \
  "https://api.clubmed.com/v0/customers/{customer_id}/bookings/{booking_id}/spas"
```

#### Example answer

```json
{
  "booking_number": "BK-1001",
  "status": "Confirmed",
  "appointment_id": "spa-appointment-1",
  "price": {
    "amount": 120,
    "currency": "EUR"
  }
}
```

> **info:** Keep the returned `appointment_id` to re-read or cancel the spa booking later.

***

**Response codes**

* `200 OK`: the operation succeeds and the resource is returned.
* `400 Bad Request`: the body or parameters are invalid.
* `401 Unauthorized`: the token is missing or invalid.
* `403 Forbidden`: access is denied in this context.
* `404 Not Found`: the target resource cannot be found.

**Related route**: [POST https://api.clubmed.com//v0/customers/{customer\_id}/bookings/{booking\_id}/spas](https://api.clubmed.com/doc?search=POST%20%2Fv0%2Fcustomers%2F%7Bcustomer_id%7D%2Fbookings%2F%7Bbooking_id%7D%2Fspas)

## 5 - Verify spa appointments on the booking

Use `GET /v0/customers/{customer_id}/bookings/{booking_id}/spas` to read back the spa appointments currently attached to the booking.

#### Prerequisites

Prepare `customer_id`, `booking_id`. Keep `x-api-key` and, when the route is customer-scoped, a valid bearer token.

#### Calling CURL

```bash
curl -X GET \
  -H "x-api-key: YOUR_API_KEY" \
  -H "accept-language: en-US" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  "https://api.clubmed.com/v0/customers/{customer_id}/bookings/{booking_id}/spas"
```

#### Example answer

```json
[
  {
    "appointment_id": "spa-appointment-1",
    "status": "Confirmed",
    "spa_care": "Relaxing massage",
    "start_date_time": "2026-07-10T10:00:00Z"
  }
]
```

> **info:** Use this read-back to confirm the appointment status, selected care, and slot after booking.

***

**Response codes**

* `200 OK`: the expected data is returned.
* `400 Bad Request`: the request is invalid or incomplete.
* `401 Unauthorized`: the token is missing or invalid.
* `403 Forbidden`: access is denied in this context.
* `404 Not Found`: the requested resource cannot be found.

**Related route**: [GET https://api.clubmed.com//v0/customers/{customer\_id}/bookings/{booking\_id}/spas](https://api.clubmed.com/doc?search=GET%20%2Fv0%2Fcustomers%2F%7Bcustomer_id%7D%2Fbookings%2F%7Bbooking_id%7D%2Fspas)

## 6 - Cancel a spa appointment

Use `DELETE /v0/customers/{customer_id}/bookings/{booking_id}/spas/{appointment_id}` to cancel a spa appointment.

#### Prerequisites

Prepare `customer_id`, `booking_id`, `appointment_id`. Keep `x-api-key` and, when the route is customer-scoped, a valid bearer token.

#### Calling CURL

```bash
curl -X DELETE \
  -H "x-api-key: YOUR_API_KEY" \
  -H "accept-language: en-US" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  "https://api.clubmed.com/v0/customers/{customer_id}/bookings/{booking_id}/spas/{appointment_id}"
```

#### Example answer

```http
HTTP/1.1 204 No Content
```

> **info:** Success may be returned without a response body. Read the resource again afterwards if you need to display the final state.

***

**Response codes**

* `204 No Content`: the operation is applied successfully.
* `400 Bad Request`: the body or parameters are invalid.
* `401 Unauthorized`: the token is missing or invalid.
* `403 Forbidden`: access is denied in this context.
* `404 Not Found`: the target resource cannot be found.

**Related route**: [DELETE https://api.clubmed.com//v0/customers/{customer\_id}/bookings/{booking\_id}/spas/{appointment\_id}](https://api.clubmed.com/doc?search=DELETE%20%2Fv0%2Fcustomers%2F%7Bcustomer_id%7D%2Fbookings%2F%7Bbooking_id%7D%2Fspas%2F%7Bappointment_id%7D)