Authentication
Public and Private Data
In order to read or write private data using the Eventbrite API, you will need to supply additional user-authentication tokens. This extra information lets us know who should be authorized to access private data during the request.
Optional Authentication
API requests that may optionally return either private or publicly available data have Authentication: Optional displayed in their usage notes.
When you provide additional access tokens, both public and private data will be accessible.
Required Authentication
Your application can interact with the API on behalf of other users by providing a valid combination of tokens as described below. All API methods that require additional access tokens have Authentication: Required listed in their usage notes.
Authentication Parameters
Each API method accepts a set of authentication parameters in addition to it’s stated arguments. Choose the arguments that best fit your intended use-case:
| token | definition |
|---|---|
| app_key | An application key (also referred to as an API key), identifies the application that is contacting the API. All API requests must include some form of application identification. If this is the only authentication token provided, the API request will be limited to publicly available data. Application keys have a default rate-limit of 1000 requests per day. Your API keys can be managed on this page. |
| access_token |
RECOMMENDED OAuth2 access tokens are tied to a user account and an application key. Since the user-authorized application can also be identified via this token, it is are the only authentication parameter that does not require an application key to be provided as well. Be careful not to expose these tokens to other users! Additional request headers are required when using access_tokens to contact our API: “Authorization: Bearer YOUR_ACCESS_TOKEN_HERE“. You can learn more about how to configure your application for OAuth2.0 in our OAuth2 guide. |
| user_key | Each Eventbrite account has an associated user_key. This token provides access to the related user’s account data, in addition to our publicly available data. This authentication method is preferred for use-cases that require private data-access where OAuth2.0 workflows are not possible. Be careful not to expose this token to other users! |
| user | DEPRECATED Private account data can also be accessed using an app_key, user, and password combo. The user parameter should contain the related user’s email address. Email addresses are considered private account data. Storing unencrypted user and password combos is a violation of our developer terms. |
| password | DEPRECATED To be used in combination with app_key and user authentication tokens. Be careful not to expose this token to other users! Storing unencrypted passwords belonging to our users is a violation of our developer terms. |
Example Authentication URLs
Depending on which API method you call, additional method-specific request parameters may be required
To fetch publicly available data using only an app_key:
https://www.eventbrite.com/json/event_search?app_key=YOUR_APP_KEY
To fetch public and private user data using an access_token and additional HTTP headers:
https://www.eventbrite.com/json/event_search
NOTE Additional HTTP headers are required when sending requests that use OAuth2 access_tokens:
Authorization: Bearer YOUR_ACCESS_TOKEN_HERE
To fetch public and private user data using a user_key and app_key combo:
https://www.eventbrite.com/json/event_search?app_key=YOUR_APP_KEY&user_key=USER_KEY
To fetch public and private user data using an email and password combo:
https://www.eventbrite.com/json/event_search?app_key=YOUR_APP_KEY&user=USER_EMAIL_ADDRESS&password=PASSWORD