• You’ll need an API key

    Get Mine Now

  • API Clients

    We have API Clients for each of the most popular languages.

  • We’re Hiring!

    Lucky you! Lucky us! We're Hiring!

  • App Showcase

    We’ gathered these apps, resources, and partnerships to make your life easier.

  • Brand Guidelines

    We're stoked that you want to use our API. Get logos and stuff here!

Back to Documentation

Authentication

Public and Private Data

In order to read or write private data using the Eventbrite API, you will need to supply additional user-authentication tokens. This extra information lets us know who should be authorized to access private data during the request.

Your application can interact with the API on behalf of other users by providing a valid combination of tokens as described below. All API methods that require additional access tokens have Authentication: Required listed in their usage notes.

API requests that may return publicly available data have Authentication: Optional displayed on their method-specific page.

When you provide additional access tokens, both public and private data will be available.

Authentication Parameters

Each API method accepts a set of authentication parameters in addition to it’s stated arguments. Choose the arguments that best fit your intended use-case:

token definition
app_key An application key (also referred to as an API key), identifies the application that is contacting the API. All API requests must include some form of application identification. If this is the only authentication token provided, the API request will be limited to publicly available data. Application keys have a default rate-limit of 1000 requests per day. Your API keys can be managed on this page.
access_token

RECOMMENDED OAuth2 access tokens are tied to a user account and an application key. Since the user-authorized application can also be identified via this token, it is are the only authentication parameter that does not require an application key to be provided as well. Be careful not to expose these tokens to other users!

Additional request headers are required when using access_tokens to contact our API: “Authorization: Bearer YOUR_ACCESS_TOKEN_HERE“. You can learn more about how to configure your application for OAuth2.0 in our OAuth2 guide.
user_key Each Eventbrite account has an associated user_key. This token provides access to the related user’s account data, in addition to our publicly available data. This authentication method is preferred for use-cases that require private data-access where OAuth2.0 workflows are not possible. Be careful not to expose this token to other users!
user DEPRECATED Private account data can also be accessed using an app_key, user, and password combo. The user parameter should contain the related user’s email address. Email addresses are considered private account data. Storing unencrypted user and password combos is a violation of our developer terms.
password DEPRECATED To be used in combination with app_key and user authentication tokens. Be careful not to expose this token to other users! Storing unencrypted passwords belonging to our users is a violation of our developer terms.

Example Authentication URLs

Depending on which API method you call, additional method-specific request parameters may be required

To fetch publicly available data using only an app_key:

https://www.eventbrite.com/json/event_search?app_key=YOUR_APP_KEY

To fetch public and private user data using an access_token and additional HTTP headers:

https://www.eventbrite.com/json/event_search

NOTE Additional HTTP headers are required when sending requests that use OAuth2 access_tokens: 

Authorization: Bearer YOUR_ACCESS_TOKEN_HERE

To fetch public and private user data using a user_key:

https://www.eventbrite.com/json/event_search?app_key=YOUR_APP_KEY&user_key=USER_KEY

To fetch public and private user data using an email and password combo:

https://www.eventbrite.com/json/event_search?app_key=YOUR_APP_KEY&user=USER_EMAIL_ADDRESS&password=PASSWORD