MyDiveTag

For developers

Build on the diver identity layer.

Public REST API for shop websites, partner platforms, and bespoke builds. TypeScript SDK, OpenAPI spec, signed webhooks. Scoped keys, immediate revocation, per-tier rate limits.

Open the API reference TypeScript SDK on GitHub

What's available

A REST API shaped for dive operations

Activities

Read the activity catalogue (courses, day trips, gear hire, charters) and per-shop schedules.

Bookings

Create, read, update, and cancel bookings. Hooks into Stripe Connect Express on the business's Stripe account.

Customers

Look up divers by email or QR. Verified cert payload, medical status flag, waivers on file with that shop.

Waivers

Get the active waiver template, post a signature with metadata, retrieve signed PDFs.

Cylinders + gear

Search cylinders by serial, list service records, write new test/service entries.

Webhooks

Signed outbound events. HMAC-SHA256, timestamp window, retry with exponential backoff up to 24 hours.

Authentication

Scoped API keys, no OAuth dance

API key format

mdt_live_AbCdEf0123456789AbCdEf0123
mdt_test_XyZ0987654321XyZ0987654321

Test keys use the test Stripe environment and a sandbox dataset. Live keys hit production with full audit logging.

Sending the key

curl https://api.mydivetag.com/v1/bookings \
  -H "Authorization: Bearer mdt_live_..." \
  -H "Content-Type: application/json"

Keys are argon2id-hashed at rest. Last-used IP recorded; new-IP-block alerts go to the business owner. Revocation effective within 30 seconds platform-wide.

Scopes

Each key is scoped to a subset of permissions (read_activities, write_bookings, read_customers, write_customers, send_marketing, etc.) and bound to a single business. Cross-business access is impossible at the database layer thanks to Postgres Row-Level Security.

Rate limits

Predictable, per-key, configurable per tier

Tier Default limit Burst
Service 60 req/min 120 req/min for 60 s
Bookings 100 req/min 200 req/min for 60 s
Multi-shop Configurable on request Configurable on request

Limits return 429 Too Many Requests with a Retry-After header.

Ready to build?

Grab a test key in your shop dashboard, hit the sandbox, then ask for live access when you're ready.

Open API reference Talk to a human