Public and Private Data
In order to read or write private data using the Eventbrite API, you will need to supply additional user-authentication tokens. This extra information lets us know who should be authorized to access private data during the request.
Whenever you provide additional user access tokens, both public and private data will be available.
API Method Authentication Modes
API methods supporting optional authentication can return publicly available information with just an app_key.
Some of these methods return additional private data when matching user-authentication tokens are supplied.
Some API Method calls are designed exclusively for private data access.
These requests will be rejected when matching user credentials are not included.
Each API method accepts a set of authentication parameters in addition to it’s stated arguments. Choose the arguments that best fit your intended use-case:
|app_key||An application key (also referred to as an API key), identifies the application that is contacting the API. All API requests must include some form of application identification. If this is the only authentication token provided, the API request will be limited to publicly available data. Application keys have a default rate-limit of 1000 requests per day. Your API keys can be managed on this page.|
|access_token||RECOMMENDEDOAuth2 access tokens are tied to a user account and an application key. Since the user-authorized application can also be identified via this token, it is the only authentication parameter that does not require an application key to be provided as well. Be careful not to expose these tokens to other users! Additional request headers are required when using access_tokens to contact our API: “Authorization: Bearer YOUR_ACCESS_TOKEN_HERE“. You can learn more about how to configure your application for OAuth2.0 in our OAuth2 guide.|
|user_key||Each Eventbrite account has an associated user_key. This token provides access to the related user’s account data, in addition to our publicly available data. This authentication method is preferred for use-cases that require private data-access where OAuth2.0 workflows are not possible. Be careful not to expose this token to other users!|
Example Authentication URLs
Depending on which API method you call, additional method-specific request parameters may be required
To fetch publicly available data using only an app_key:
To fetch public and private user data using an access_token and additional HTTP headers:
NOTE Additional HTTP headers are required when sending requests that use OAuth2 access_tokens:
Authorization: Bearer YOUR_ACCESS_TOKEN_HERE
To fetch public and private user data using a user_key and app_key combo: