Developer FAQs

How do I verify my application for production?

In order to verify your application, please email with your Application Client ID and the possible redirect_uri values you will be using with the request authorization flow.

Read More

What if my authorization URL is dynamic?

Any dynamic values you need for your authorization process, can be passed through the process using the state parameter.

Read More

Why aren’t my events appearing when I read a user’s events?

By default we don’t return events your application has created when you query the Read Events endpoint.

Read More

Why do I keep getting errors.unknown_or_used when requesting an access_token?

The code that is generated when a user goes through the authorization process is restricted in a number of ways. This error means one of two things:

Read More

Why do I get invalid_grant when requesting access token?

This signifies that the code is unrecognized or has already been used, or that the redirect_uri does not match the one given when requesting the user’s authorization.

Read More

Why do I get the same account_id and refresh_token for different users?

By default when a user authorizes multiple calendar service accounts with your application the Cronofy API links those service accounts under one Cronofy account. This makes sense in production but can create some, on the face of it, odd behaviour in development.

Read More

Why do get duplicate events?

If you’re getting duplicated events when you edit existing events, it may be because of how you’re using event_id and event_uid values.

Read More

Why do I get a CORS error : “No ‘Access-Control-Allow-Origin’ header is present on the requested resource”?

If you try to pass an access_token (either personal or generated from an authorization exchange) from a browser XMLHttp request for example you will receive an error:

No 'Access-Control-Allow-Origin' header is present on the requested resource


The 'Access-Control-Allow-Origin' header has a value that is not equal to the supplied origin
Read More

Why do access_tokens expire and how can you refresh them?

Our API expires the access_token in order to reduce the risk of your users’ calendar data being compromised. When you obtain authorization to access a user’s calendar, a refresh_token will be issued alongside the access_token to allow your application to obtain a new access_token without user involvement.

Read More

Why doesn't Cronofy issue event ids?

We don’t issue IDs to events, instead we require that developers provide an event_idwhen upserting an event to a user’s calendar. This is then used to identify the event when making subsquent updates/deletes.

Read More

What is the difference between event_id and event_uid

The event_id is only used for events that your application creates, what we call managed events. This is an ID that your application specifies. We use it as a key for an application’s managed events.

Read More

Do Applications Calendars count towards synced users?

Application Calendars act as an accounts as far as the API is concerned but only count as 15 of an account for billing purposes.

Read More