API Documentation
Integrate EventoGate into your stack. Register attendees, manage events, and trigger automations — all via a simple REST API.
https://api.eventogate.com/v1Authentication
All API requests require an API key. Pass it as a Bearer token in the Authorization header. Manage your API keys from Settings → API Keys in your dashboard.
curl https://api.eventogate.com/v1/events/{event_id}/registrations \
-H "Authorization: Bearer eg_live_your_api_key_here" \
-H "Content-Type: application/json"Never expose API keys in client-side code or public repositories. Always make requests server-side and use environment variables to store your key.
eg_live_…ProductionSends real webhooks and confirmation emails.eg_test_…TestSandbox only. No emails or webhooks fired.The legacy X-API-Key: <key> header is also accepted for backwards compatibility, but Authorization: Bearer is preferred.
Register Attendee
The primary external API endpoint. Use it to register an attendee from your own website form, CRM, or any upstream system. EventoGate creates the attendee record, generates a QR code, and fires the attendee.registered webhook.
/events/{event_id}/registrationsevent_id is the UUID of the event — find it in your dashboard under Event Settings, or in the URL when viewing an event.
Request Body
first_namerequiredstringAttendee first name (max 100 chars)last_namerequiredstringAttendee last name (max 100 chars)emailrequiredstringEmail address — must be unique per eventphonestringPhone number (max 30 chars)countrystringISO 3166-1 alpha-2 country code (e.g. US, GB)ticket_type_slugstringSlug of the ticket type to assigncustom_dataobjectKey-value pairs for custom registration fieldsExample Request
curl -X POST https://api.eventogate.com/v1/events/evt_01HXYZ/registrations \
-H "Authorization: Bearer eg_live_your_api_key_here" \
-H "Content-Type: application/json" \
-d '{
"first_name": "Sarah",
"last_name": "Chen",
"email": "sarah@example.com",
"phone": "+1234567890",
"country": "US",
"ticket_type_slug": "general",
"custom_data": {
"company": "Acme Corp",
"job_title": "Product Manager"
}
}'Response — 201 Created
{
"id": "att_09BXYZ",
"first_name": "Sarah",
"last_name": "Chen",
"email": "sarah@example.com",
"phone": "+1234567890",
"country": "US",
"status": "registered",
"ticket_type": "General Admission",
"ticket_type_slug": "general",
"qr_code_url": "https://cdn.eventogate.com/qr/att_09BXYZ.png",
"qr_token": "3f4a9b2c-...",
"registered_at": "2025-05-12 10:14:00",
"checked_in_at": null,
"registration_source": "api",
"custom_data": {
"company": "Acme Corp",
"job_title": "Product Manager"
},
"custom_fields": [
{ "field_key": "company", "field_label": "Company", "field_type": "text" },
{ "field_key": "job_title", "field_label": "Job Title", "field_type": "text" }
]
}Error — Duplicate Email (422)
{
"message": "The given data was invalid.",
"errors": {
"email": ["This email has already been registered for this event."]
}
}Error — Invalid Ticket Type (422)
{
"message": "The given data was invalid.",
"errors": {
"ticket_type_slug": ["Ticket type "vip" not found."]
}
}If the event has API confirmation emails enabled (configured per event in Settings), EventoGate will automatically send the attendee a confirmation email with their QR code after registration.
Webhooks
EventoGate sends an HTTP POST to your endpoint whenever a trigger fires. Webhooks are configured per-organisation in your dashboard under Settings → Webhooks. You can scope each webhook to a specific event or apply it across all events.
Webhook endpoints are managed through the dashboard, not via the API. Each endpoint has its own secret used to sign payloads.
Trigger Types
attendee.registeredattendee.checked_inattendee.status_changedPayload Structure
Every webhook POST contains a JSON body. If you configured Selected Fields on the endpoint, only those fields are included.
{
"trigger": "attendee.registered",
"event_id": "evt_01HXYZ",
"event_name": "Q1 Product Workshop",
"attendee_id": "att_09BXYZ",
"first_name": "Sarah",
"last_name": "Chen",
"email": "sarah@example.com",
"phone": "+1234567890",
"country": "US",
"ticket_type": "General Admission",
"status": "registered",
"registered_at": "2025-05-12T10:14:00+00:00",
"checked_in_at": null,
"custom_data": {
"company": "Acme Corp",
"job_title": "Product Manager"
},
"qr_code_url": "https://cdn.eventogate.com/qr/att_09BXYZ.png"
}Verifying Signatures
Every delivery includes an X-EventoGate-Signature header in the format sha256=<hmac-hex>. Verify it on your server before processing the payload.
import crypto from "crypto";
function verifyWebhook(rawBody, signatureHeader, secret) {
// signatureHeader is "sha256=<hex>"
const expected = "sha256=" + crypto
.createHmac("sha256", secret)
.update(rawBody) // use the raw request body string
.digest("hex");
return crypto.timingSafeEqual(
Buffer.from(expected),
Buffer.from(signatureHeader)
);
}Delivery & Retries
Error Codes
Errors follow standard HTTP status codes. Authentication errors return an error + message shape. Validation errors return a message + errors object with field-level details.
Authentication error (401)
{
"error": "unauthenticated",
"message": "API key required. Pass it as: Authorization: Bearer <your-api-key>"
}Validation error (422)
{
"message": "The given data was invalid.",
"errors": {
"email": ["The email field is required."],
"first_name": ["The first name field is required."]
}
}401UnauthorizedAPI key missing, invalid, or revoked403ForbiddenThe event does not belong to your organisation404Not FoundEvent ID not found422UnprocessableValidation failed — check the errors object for field details429Too Many RequestsRate limit exceeded (10 requests/minute on the public form endpoint)500Server ErrorUnexpected error on our end — contact support if it persistsReady to integrate?
Create a free account and get your API key in under a minute.