API Reference

Build powerful integrations with the TicketWave REST API. Manage events, orders, tickets, and affiliates programmatically.

REST APIJSON responsesJWT authentication

Authentication

All API requests require a JWT Bearer token in the Authorization header.

Request Header

Authorization: Bearer YOUR_JWT_TOKEN

How to get your API key

Create an account at ticketwavehq.com/signup
Log in via POST /api/auth/login with your email and password
The response includes a JWT token valid for 7 days
Include this token in the Authorization: Bearer header

Base URL

https://app.ticketwavehq.com

Rate Limits

API requests are rate limited to ensure fair usage and platform stability.

Endpoint Type	Limit
Admin endpoints	60 requests / minute
Scanner endpoints	120 requests / minute
Public endpoints	30 requests / minute
Checkout	10 requests / minute

Rate-limited responses return 429 Too Many Requests. All responses include X-RateLimit-Remaining headers.

Endpoints

All endpoints return JSON. Successful responses use 200 or 201. Errors return an {"error": "message"} body.

Events

GET/api/admin/eventsList all events for your account

POST/api/admin/eventsCreate a new event with ticket tiers and add-ons

GET/api/admin/events/:idGet event details including tiers and sales data

PUT/api/admin/events/:idUpdate event details, status, or tiers

DELETE/api/admin/events/:idDelete a draft event

POST/api/admin/events/:id/cancelCancel event and auto-refund all orders

POST/api/admin/events/:id/duplicateClone an event with new dates

GET/api/admin/events/:id/liveReal-time check-in stats for live events

Orders

GET/api/admin/ordersList orders with filters (date, status, event)

GET/api/admin/orders/:idFull order details with tickets and add-ons

POST/api/admin/orders/:id/refundRefund an order (full or partial)

POST/api/admin/orders/:id/resendResend confirmation email and tickets

Tickets

POST/api/scanScan a QR code and check in a ticket

POST/api/admin/tickets/transferTransfer a ticket to a new holder

Customers

GET/api/admin/customersList all customers with order history

GET/api/admin/customers/exportExport customer list as CSV

Affiliates

GET/api/admin/affiliatesList all affiliates with earnings

POST/api/admin/affiliatesRegister a new affiliate

GET/api/admin/affiliates/:id/linksGet affiliate tracking links

Webhooks

GET/api/admin/webhooks/configGet current webhook configuration

PUT/api/admin/webhooks/configSet webhook URL and subscribed events

Code Examples

curl

# List your events
curl -H "Authorization: Bearer YOUR_TOKEN" \
  https://app.ticketwavehq.com/api/admin/events

# Create an event
curl -X POST \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "title": "Summer Pool Party",
    "venueId": "venue-uuid",
    "date": "2026-07-15",
    "startTime": "14:00",
    "totalCapacity": 500,
    "tiers": [
      { "name": "General", "price": 25, "quantity": 400 },
      { "name": "VIP", "price": 75, "quantity": 100 }
    ]
  }' \
  https://app.ticketwavehq.com/api/admin/events

JavaScript / Node.js

const API_URL = "https://app.ticketwavehq.com";
const TOKEN = "YOUR_TOKEN";

// List events
const events = await fetch(`${API_URL}/api/admin/events`, {
  headers: { Authorization: `Bearer ${TOKEN}` },
}).then(r => r.json());

console.log(events);

// Refund an order
const refund = await fetch(
  `${API_URL}/api/admin/orders/${orderId}/refund`,
  {
    method: "POST",
    headers: {
      Authorization: `Bearer ${TOKEN}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify({ reason: "customer_request" }),
  }
).then(r => r.json());

Python

import requests

API_URL = "https://app.ticketwavehq.com"
TOKEN = "YOUR_TOKEN"
headers = {"Authorization": f"Bearer {TOKEN}"}

# List events
events = requests.get(f"{API_URL}/api/admin/events", headers=headers).json()

# Create an event
new_event = requests.post(
    f"{API_URL}/api/admin/events",
    headers=headers,
    json={
        "title": "Summer Pool Party",
        "venueId": "venue-uuid",
        "date": "2026-07-15",
        "startTime": "14:00",
        "totalCapacity": 500,
        "tiers": [
            {"name": "General", "price": 25, "quantity": 400},
            {"name": "VIP", "price": 75, "quantity": 100},
        ],
    },
).json()
print(new_event)

Webhook Events

Configure your webhook endpoint via the API or Settings page. Each event sends a POST request with a JSON body signed with HMAC-SHA256.

Webhook Headers

X-TicketWave-Signature: <HMAC-SHA256 of request body>
X-TicketWave-Event: order.created
Content-Type: application/json

Verifying Signatures (Node.js)

const crypto = require("crypto");

function verifyWebhook(body, signature, secret) {
  const expected = crypto
    .createHmac("sha256", secret)
    .update(body)
    .digest("hex");
  return crypto.timingSafeEqual(
    Buffer.from(signature),
    Buffer.from(expected)
  );
}

Event	Description
order.created	Fired when a new order is paid. Includes order details, customer info, and tickets.
order.refunded	Fired when an order is fully or partially refunded. Includes refund amount and reason.
event.published	Fired when an event status changes to published (goes live for ticket sales).
event.cancelled	Fired when an event is cancelled. All orders are auto-refunded.
checkin.completed	Fired each time a ticket is scanned at the door. Includes ticket and gate info.
webhook.ping	Sent when you first configure your webhook URL to verify the endpoint works.

Response Format

Success (200)

{
  "id": "evt_abc123",
  "title": "Summer Pool Party",
  "status": "published",
  "date": "2026-07-15"
}

Error (400/401/404)

{
  "error": "Missing required fields"
}

Ready to build?

Create an account to get your API key. No credit card required.