Back to Documentation

Authentication

Public and Private Data

In order to read or write private data using the Eventbrite API, you will need to supply additional user-authentication tokens. This extra information lets us know who should be authorized to access private data during the request.

Whenever you provide additional user access tokens, both public and private data will be available.

API Method Authentication Modes

Authentication: Optional

API methods supporting optional authentication can return publicly available information with just an app_key.

Some of these methods return additional private data when matching user-authentication tokens are supplied.

Authentication: Required

Some API Method calls are designed exclusively for private data access.

These requests will be rejected when matching user credentials are not included.

Authentication Parameters

Each API method accepts a set of authentication parameters in addition to it’s stated arguments. Choose the arguments that best fit your intended use-case:

token definition
app_key An application key (also referred to as an API key), identifies the application that is contacting the API. All API requests must include some form of application identification. If this is the only authentication token provided, the API request will be limited to publicly available data. Application keys have a default rate-limit of 1000 requests per day. Your API keys can be managed on this page.
access_token RECOMMENDEDOAuth2 access tokens are tied to a user account and an application key. Since the user-authorized application can also be identified via this token, it is the only authentication parameter that does not require an application key to be provided as well. Be careful not to expose these tokens to other users! Additional request headers are required when using access_tokens to contact our API: “Authorization: Bearer YOUR_ACCESS_TOKEN_HERE“. You can learn more about how to configure your application for OAuth2.0 in our OAuth2 guide.
user_key Each Eventbrite account has an associated user_key. This token provides access to the related user’s account data, in addition to our publicly available data. This authentication method is preferred for use-cases that require private data-access where OAuth2.0 workflows are not possible. Be careful not to expose this token to other users!

These authentication parameters can be used to initialize any of our API Client libraries with a specific user context, ensuring that each of your service requests are correctly signed.

Example Authentication URLs

Depending on which API method you call, additional method-specific request parameters may be required

To fetch publicly available data using only an app_key:

https://www.eventbrite.com/json/event_search?app_key=YOUR_APP_KEY

To fetch public and private user data using an access_token and additional HTTP headers:

https://www.eventbrite.com/json/event_search

NOTE Additional HTTP headers are required when sending requests that use OAuth2 access_tokens:

Authorization: Bearer YOUR_ACCESS_TOKEN_HERE

To fetch public and private user data using a user_key and app_key combo:

https://www.eventbrite.com/json/event_search?app_key=YOUR_APP_KEY&user_key=USER_KEY