Using the Equaticket Public API
In this article
Using the Equaticket Public API
6 min read · integrations
Using the Equaticket Public API
The Equaticket Public API lets you build custom integrations directly against your event data — create and publish events, read orders and attendees, and manage webhook subscriptions from your own backend. Every plan includes API access with both test and live keys.
Getting your API keys
- Go to Dashboard → Settings → Developer → API Keys
- Click Create API key
- Give the key a name (e.g., "My integration"), choose the scopes you need, and select Test or Live
- Copy the key immediately — it is shown only once
Keys starting with sk_live_ are live keys. Keys starting with sk_test_ are test keys. Test keys are completely isolated from your live data.
Authentication
Include your key in the Authorization header on every request:
Authorization: Bearer sk_live_...All v1 API endpoints are under https://app.equaticket.com/api/v1/.
curl https://app.equaticket.com/api/v1/events \
-H "Authorization: Bearer sk_live_..."Scopes
Each key is granted one or more scopes at creation. Select only the scopes your integration needs.
| Scope | What it allows |
|---|---|
events:read | List and get events and ticket types |
events:write | Create, update, publish, and cancel events |
ticket_types:write | Create, update, and delete ticket types |
orders:read | List and get orders |
attendees:read | List attendees (tickets) |
webhooks:read | List webhook subscriptions and delivery history |
webhooks:write | Create, update, and delete webhook subscriptions |
Scopes cannot be changed after a key is created — create a new key if you need a different scope set.
Test mode
Test keys (sk_test_...) work against a fully isolated copy of your data where livemode: false. Test-mode orders and tickets are created with is_test_data: true and are excluded from your dashboard analytics, billing quotas, and email sends.
Use test keys to build and validate your integration before going live. Reset your test data at any time from Dashboard → Settings → Developer → API Keys → Reset test data, or by calling POST /api/settings/api-keys/reset-test-data.
Rate limits
Rate limits are scoped to your subscription tier and apply per API key.
| Plan | Requests per minute |
|---|---|
| Free | 60 |
| Starter | 100 |
| Growth | 300 |
| Pro | 600 |
When you exceed the rate limit, the API returns 429 Too Many Requests. The error body is:
{
"error": {
"code": "rate_limited",
"message": "Too many requests. Retry after the window resets.",
"request_id": "req_..."
}
}Pagination
List endpoints use cursor-based pagination on (created_at, id) descending:
# First page
GET /api/v1/orders?limit=50
# Next page — pass the cursor from the previous response
GET /api/v1/orders?limit=50&cursor=eyJjcmVhdGVkX2F0Ii4uLn0=Response shape:
{
"livemode": true,
"data": [...],
"has_more": true,
"next_cursor": "eyJjcmVhdGVkX2F0Ii4uLn0="
}When has_more is false, you have reached the end of the list. next_cursor is null on the last page.
Idempotency
POST endpoints accept an optional Idempotency-Key header (UUID, max 256 chars). If you retry a request with the same key and the same parameters, the original response is returned and the Idempotent-Replayed: true header is set. Keys expire after 24 hours.
curl -X POST https://app.equaticket.com/api/v1/events \
-H "Authorization: Bearer sk_live_..." \
-H "Idempotency-Key: 550e8400-e29b-41d4-a716-446655440000" \
-H "Content-Type: application/json" \
-d '{ ... }'Use idempotency keys whenever you need to retry safely after a network timeout without risking duplicate records.
Request IDs
Every response includes an X-Request-Id: req_... header. If you contact support about an API issue, include this value — it allows direct log lookup.
You can pass your own X-Request-Id in the request and it will be echoed back in the response.
Error responses
All errors follow the same envelope:
{
"error": {
"code": "validation_error",
"message": "Human-readable description",
"request_id": "req_...",
"param": "starts_at",
"doc_url": "https://equaticket.com/help/organizers/public-api"
}
}param is present for validation errors and identifies the specific field that failed.
Common error codes:
| HTTP | Code | Meaning |
|---|---|---|
| 400 | validation_error | Invalid or missing request body field |
| 401 | unauthorized | Missing or invalid API key |
| 403 | forbidden | Key lacks the required scope |
| 404 | not_found | Resource not found or not owned by your org |
| 409 | conflict | Action not valid for the resource's current state |
| 422 | unprocessable | Business rule violation (see message for detail) |
| 429 | rate_limited | Too many requests — back off and retry |
| 500 | internal_error | Unexpected server error |
Common workflows
Create and publish an event
# 1. Create the event
curl -X POST https://app.equaticket.com/api/v1/events \
-H "Authorization: Bearer sk_live_..." \
-H "Content-Type: application/json" \
-d '{
"title": "Spring Workshop",
"slug": "spring-workshop-2026",
"timezone": "America/Chicago",
"starts_at": "2026-09-15T18:00:00Z",
"currency": "usd"
}'
# 2. Add a ticket type (use the event ID from step 1)
curl -X POST https://app.equaticket.com/api/v1/events/EVENT_ID/ticket-types \
-H "Authorization: Bearer sk_live_..." \
-H "Content-Type: application/json" \
-d '{
"name": "General Admission",
"price": 2500,
"currency": "usd",
"quantity_total": 100
}'
# 3. Publish
curl -X POST https://app.equaticket.com/api/v1/events/EVENT_ID/publish \
-H "Authorization: Bearer sk_live_..."Stripe Connect must be active on your account before you can publish paid events.
Read orders
# All orders for the org
GET /api/v1/orders
# Orders for a specific event
GET /api/v1/events/EVENT_ID/orders
# Filter by status
GET /api/v1/orders?status=confirmed
# Filter by buyer email (exact match)
GET /api/v1/orders?buyer_email=jane@example.comRead attendees
# All attendees for the org
GET /api/v1/attendees
# Attendees for a specific event
GET /api/v1/events/EVENT_ID/attendees
# Only checked-in attendees
GET /api/v1/events/EVENT_ID/attendees?checked_in=trueBuild a public event listing (no auth)
# All published events for your org — no API key required
GET /api/v1/public/events?org_slug=YOUR_ORG_SLUGThis endpoint returns published events with no authentication, so you can build a public events page without exposing your API key.
Managing your API keys
| Action | Where |
|---|---|
| List keys | Dashboard → Settings → Developer → API Keys |
| Create a key | Same page → Create API key |
| Revoke a key | Key row → Revoke |
| View recent activity | Same page → Activity log |
Keep your live keys secure. Never expose them in client-side JavaScript or commit them to a repository. If a key is compromised, revoke it immediately from the dashboard — any in-flight requests using that key will fail after revocation.
Webhooks
On Growth and Pro plans, you can subscribe an HTTPS endpoint to receive real-time notifications when orders are placed, refunded, sold out, or tickets are scanned. See the Outbound Webhooks guide for full setup instructions and signature verification code.
API Terms of Service
Before creating your first API key, your organization's owner or admin must accept the Equaticket API Terms of Service. This is a one-time step. If key creation returns 403 api_terms_required, go to Dashboard → Settings → Developer → API Keys and accept the terms.
Still need help?
Contact support and include your X-Request-Id if you're troubleshooting a specific API call.
Still need help?
If this article didn't answer your question, our support team is here.
Contact Support