Developer FAQs

What rate limits are there?

Cronofy sets rate limits on a per application basis. This is part of a broader service delivery strategy which means we can provide a 99.99% uptime service commitment as part of the Cronofy API Service Level Agreement.

By default these limits are 50 requests per second, and 500 requests per minute.

How do I verify my application for production?

There is no separate process required with Google or Microsoft to approve your application for production. As Cronofy manages all calendar and conferencing connections as part of our infrastructure we can approve with a simple verification step.

What if my authorization URL is dynamic?

Any dynamic values you need for your authorization process, can be passed through the process using the state parameter.

Why are my profiles disconnecting from Cronofy?

There are multiple potential reasons behind disconnections between your calendar provider and Cronofy.

Why aren’t my events appearing when I read a user’s events?

By default we don’t return events your application has created when you query the Read Events endpoint.

How to acknowledge a calendar reconnection via Cronofy's API?

Profiles can become disconnected between Cronofy and the Calendar server.

What should I do if I need to revoke all authorizations for my application?

It is not possible to revoke authorizations in bulk. This is a deliberate decision to avoid the possibility of revoking multiple authorizations by mistake, so the only way to revoke multiple authorizations is to use our Revoke Authorization API for every user account that needs to be revoked.

Why do I keep getting errors.unknown_or_used when requesting an access_token?

The code that is generated when a user goes through the authorization process is restricted in a number of ways. This error means one of two things:

Why do you need access to my Google Drive?

This level of authorization is required to attach files to any new events in order to process it through our API call.

How does Cronofy handle Daylight Saving Time?

Cronofy specifies all event times in UTC (Coordinated Universal Time). The UTC time defines when the event starts.

Events can also specify the timezone that they should be displayed in when shown to users. When you provide the Cronofy API with a timezone for an event, we send this information to the calendar provider, and the calendar provider will handle how best to display the event. The specified timezone does not change when the event is occurring.

This allows calendar viewers, such as Google Calendar or Microsoft Outlook, to show that events have a specified timezone, which can be useful to convey the local time of the host or the location of the event.

Why do I get invalid_grant when requesting access token?

This signifies that the code is unrecognized or has already been used, or that the redirect_uri does not match the one given when requesting the user’s authorization.

Why do I get the same account_id and refresh_token for different users?

By default when a user authorizes multiple calendar service accounts with your application the Cronofy API links those service accounts under one Cronofy account. This makes sense in production but can create some, on the face of it, odd behaviour in development.

Why do I get duplicate events?

If you’re getting duplicated events when you edit existing events, it may be because of how you’re using event_id and event_uid values.

How can events be evenly distributed across multiple recipients?

When making Availability Queries to create events for a team of people, it can be common to want to assign those events evenly.

For example, if Alice and Bob are being chosen to hold interviews and Alice has 3 more booked than Bob, we might want to make Bob more likely to be chosen. However, we don’t want to remove Alice from the Availability Query until Bob catches up, in case Alice can offer a time that Bob is not available. We still want to fall back to Alice if Bob isn’t available.

How can I revoke a conferencing profile?

It is not possible to revoke access to a conferencing profile as this is added on a user level, not an application level.

This means that multiple applications could access a conferencing profile, and removing it would remove access to all.

Microsoft Outlook.com API deprecation

This page describes what Cronofy is doing in response to Microsoft deprecating their Outlook.com API later this year. Please note that Outlook.com is a separate integration from Microsoft 365 and Exchange. What’s happening? The version of the Outlook.com API that Cronofy uses is being deprecated on November 30th 2022. To ensure continued service Cronofy is migrating its Outlook integration’s API usage, in line with Microsoft’s recommendations, to newer endpoints within the Graph API suite. Read More

What would be the recommended way to sync all events inside an end users calendar with my application?

By utilising Push Notifications, Read Events, and regular weekly syncs you will be certain that all events are pushed across from the Calendar Provider to your application.

Why am I getting no conferencing dial-in details on my event?

Some common issues we’ve seen for each conferencing provider.

Why do I get a CORS error : “No ‘Access-Control-Allow-Origin’ header is present on the requested resource”?

If you try to pass an access_token (either personal or generated from an authorization exchange) from a browser XMLHttp request for example you will receive an error:

No 'Access-Control-Allow-Origin' header is present on the requested resource

The 'Access-Control-Allow-Origin' header has a value that is not equal to the supplied origin

Will I receive notifications for events that are newly created?

Assuming you are subscribed to all events, including external, you will receive notifications about newly created events.

How can I hide or show developer tools?

Depending on the account type, developer tools may be shown or hidden automatically; however, you can also manually adjust the visibility of the Developer section in your account.

How can I review the authorized connections to my application and generate reports?

If your account has the necessary role (Owner or Admin) within the Organizational Unit related to your application, you should be able to view the number of Synced Accounts, Synced Resources and Enterprise Connects as well as generate reports regarding the authorized users and the accounts connected via Enterprise Connect.

How do I get my customers to add Cronofy to their list of allowed Microsoft Graph Applications?

IT Administrators might have to go through an extra step in order to add Cronofy to their list of allowed Microsoft Graph Applications. You will need to send your customers an admin consent link - found in the Credentials section of the Cronofy Portal - and have them manually approve access.

Why do access_tokens expire and how can you refresh them?

Our API expires the access_token in order to reduce the risk of your users’ calendar data being compromised. When you obtain authorization to access a user’s calendar, a refresh_token will be issued alongside the access_token to allow your application to obtain a new access_token without user involvement.

Why do I only get 20 results from an Availability query?

By default we only return 20 slots or periods from an Availability query. You can change this by using the max_results parameter.

Why doesn't Cronofy issue event ids?

We don’t issue IDs to events, instead we require that developers provide an event_idwhen upserting an event to a user’s calendar. This is then used to identify the event when making subsquent updates/deletes.

What is the difference between event_id and event_uid

The event_id is only used for events that your application creates, what we call managed events. This is an ID that your application specifies. We use it as a key for an application’s managed events.

Why can't I avoid notifying attendees when updating an event?

While some calendar providers allow you to suppress notifications being sent to attendees when an event is changed, not all do.

This means any change may result in notifications, and so your application integration should account for them being sent.

Do Applications Calendars count towards synced users?

Application Calendars are billed separately to synced users/accounts. Each plan comes with an included allowance of Application Calendars and an overage rate that applies if you use more than that.

What counts as a synced user towards the pricing plan user cap?

End Users are billed per OAuth client per month. Each plan comes with an included allowance of synced users and an overage rate that applies if you use more than that.

We will count the total synced users from all applications in production under the same billing Organisational Unit (OU).

Why can I use integrated conferencing with Graph API if MS Teams is disabled for an account?

Microsoft Teams license is linked not only to a specific license held by the user, but it is also linked to a Microsoft Teams Meeting Policy, which is a global policy that is active by default for all users.

To disable Microsoft Teams for certain users, these users will need to have a new Teams Meeting Policy applied to their accounts.

Why do events in secondary Google calendars appear in my primary calendar too?

Due to the original implementation of Google Calendars, and to provide consistency with Microsoft calendar behaviour, Cronofy adds the primary calendar as the event Organizer.