Tickets API

REST API endpoints for buyer ticket lookup and attendee management.

Tickets are issued for event products. These endpoints power no-login buyer access (airline-PNR style) using the short access code from the confirmation email plus the purchase email, and a per-seat attendee view via the token embedded in each attendee link/QR code.

For security, ticket lookup responds with a uniform 404 for an unknown code, an email mismatch, or an order with no tickets — the endpoint never reveals whether a code exists.

Get Tickets

GET /api/v1/tickets/:code

Looks up an order's tickets by the access code (from the ticket confirmation email) and the purchase email. Returns the order's ticket lines with event details and per-seat attendee entries. Each seat carries its own token for the attendee link.

Query Parameters

curl \
  -H "Authorization: Bearer your_api_key" \
  "https://your-store.yns.store/api/v1/tickets/A1B2C3?email=jane@example.com"

Response

{
  "code": "A1B2C3",
  "order": {
    "id": "0191abc0-1234-7def-8000-000000000001",
    "lookup": 1042,
    "createdAt": "2024-06-15T10:30:00.000Z",
    "status": "paid",
    "currency": "usd",
    "totalGross": 9000
  },
  "buyerEmail": "jane@example.com",
  "lines": [
    {
      "lineItemId": "0191abc0-2222-7def-8000-000000000010",
      "product": {
        "id": "0191abc0-0000-7000-8000-000000000100",
        "name": "Summer Festival Pass",
        "slug": "summer-festival-pass",
        "image": "https://cdn.example.com/festival.jpg"
      },
      "event": {
        "startsAt": "2024-08-01T18:00:00.000Z",
        "location": "Central Park, New York",
        "guestLabel": "Attendee",
        "guest": null
      },
      "seats": [
        {
          "token": "tok_8f3a1c9b2e7d4f60a1b2c3d4e5f60718",
          "name": "Jane Doe",
          "email": "jane@example.com"
        },
        {
          "token": "tok_1a2b3c4d5e6f70819a8b7c6d5e4f3021",
          "name": null,
          "email": null
        }
      ]
    }
  ]
}

A 404 is returned for an unknown code, email mismatch, or an order with no tickets.

Update Tickets

PATCH /api/v1/tickets/:code

Buyer bulk-edit of attendee names and emails, verified by access code plus purchase email (same uniform 404 on mismatch). Seat tokens not belonging to the order are silently ignored. Returns the updated ticket bundle (same shape as GET).

Request Body

curl -X PATCH \
  -H "Authorization: Bearer your_api_key" \
  -H "Content-Type: application/json" \
  -d '{
    "email": "jane@example.com",
    "seats": [
      {
        "token": "tok_1a2b3c4d5e6f70819a8b7c6d5e4f3021",
        "name": "John Smith",
        "email": "john@example.com"
      }
    ]
  }' \
  https://your-store.yns.store/api/v1/tickets/A1B2C3

Response (200)

Returns the updated ticket bundle (same shape as GET /api/v1/tickets/:code).

Get Attendee Ticket

GET /api/v1/tickets/attendee/:token

Attendee ticket view by per-seat token — the capability embedded in the attendee link/QR code. Returns only that seat's details plus event/product display data, never the buyer's access code or other seats. View-only: attendee details can only be edited by the buyer via PATCH /api/v1/tickets/:code.

curl \
  -H "Authorization: Bearer your_api_key" \
  https://your-store.yns.store/api/v1/tickets/attendee/tok_8f3a1c9b2e7d4f60a1b2c3d4e5f60718

Response

{
  "token": "tok_8f3a1c9b2e7d4f60a1b2c3d4e5f60718",
  "attendee": {
    "name": "Jane Doe",
    "email": "jane@example.com"
  },
  "product": {
    "name": "Summer Festival Pass",
    "slug": "summer-festival-pass",
    "image": "https://cdn.example.com/festival.jpg"
  },
  "event": {
    "startsAt": "2024-08-01T18:00:00.000Z",
    "location": "Central Park, New York",
    "guestLabel": "Attendee",
    "guest": null
  },
  "orderStatus": "paid"
}

A 404 is returned when the token does not match a ticket.