Booking Flow
How the Pathé app goes from a showtime to an authenticated booking URL loaded in a WebView.
Get showtimes — pick a refCmd
Fetch the showtimes for a cinema on a date. Each showtime object contains a
refCmd (e.g. V0003S123353) — the Vista booking reference —
and a direct url field. The refCmd is what you pass to the
tunnel endpoint in the next step.
curl -s 'https://apps.pathe.nl/api/v4/cinema/188/showtimes/2026-06-05?language=nl' \ -H 'x-lcpg-mobile-key: and/8.0/prd/fuLi-79Qu8wEeMn5m7m2_Me86YG82srEvP5WPTeh95uC67bH43HJ'
[
{
"show": "40576", // show/movie ID
"theater": "191",
"status": "available",
"time": "2026-06-05T21:00:00+0200",
"refCmd": "V0003S123353", // ← Vista booking ref — use this in step 2
"url": "https://s.pathe.nl/nl/V0003S123353/booking",
"tags": ["imax"],
"version": "ov", // ov = original, nl = Dutch dubbed
"is3d": false,
"auditoriumName": "14 IMAX",
"reservabilityEnd": "2026-06-05T21:00:00+0200"
},
...
]
Call the WebView tunnel — get an authenticated URL
POST to /api/app/webview with the refCmd as i.
The server signs a short-lived JWT (2h TTL) with your account details and returns
a booking URL that embeds it. This is the URL the app loads in its WebView.
Requires a valid Authorization: Bearer token.
curl -s -X POST 'https://s.pathe.nl/api/app/webview' \
-H 'Authorization: Bearer <access_token>' \
-H 'x-lcpg-mobile-key: and/8.0/prd/fuLi-79Qu8wEeMn5m7m2_Me86YG82srEvP5WPTeh95uC67bH43HJ' \
-H 'Content-Type: application/json' \
-d '{
"i": "V0003S123353",
"car": "0",
"c": "",
"v": "10.6",
"o": "android"
}'
{
"u": "https://s.pathe.nl/fr/V0003S123353/booking?a=android&v=10.6&jwt=eyJ...",
"cookies": [
{
"name": "cmd-cgp-authtoken",
"value": "{\"jwt\": eyJ...}" // set this cookie in the WebView
}
]
}
jwt= query param):
contains iat, exp (2h), roles,
username, id (Auth0 user ID), icu,
salesforceId, email, lastName,
firstName, postalCode.
Open the URL in a WebView
Load u in an Android WebView. Set the cmd-cgp-authtoken
cookie on the s.pathe.nl domain before loading so the booking site
recognises the session. The user then selects seats and pays inside the WebView.
// 1. Set the auth cookie CookieManager.getInstance().setCookie( "https://s.pathe.nl", "cmd-cgp-authtoken=" + tunnelResponse.cookies[0].value ) // 2. Load the booking URL webView.loadUrl(tunnelResponse.u)
s.pathe.nl/fr/{refCmd}/booking?a=android&v=10.6&jwt=...
└─ Seat selection
└─ Ticket type / price
└─ Payment (iDEAL / card)
└─ Confirmation + barcode
Schemas
| Field | Type | Description | |
|---|---|---|---|
| i | string | required | Vista booking reference from refCmd (e.g. V0003S123353) |
| car | string | required | Loyalty card ID, or "0" for none |
| l | string | optional | User email (from account; can be omitted) |
| c | string | required | Postal code, or "" |
| v | string | required | App version — use "10.6" |
| o | string | required | OS — use "android" |
| Field | Type | Description |
|---|---|---|
| u | string | Authenticated booking URL to load in WebView (contains ?jwt=...) |
| cookies | array | Cookies to set in WebView. Contains one entry: cmd-cgp-authtoken |
Live Demo
Requires the gateway to be running on port 8765 and a valid bearer token.