REST over HTTPS, JSON bodies, cookie or bearer authentication. Custom API access with elevated rate limits is an Enterprise feature.
curl https://api.geteventrix.com/api/events \ -H "Authorization: Bearer evx_live_xxxxxxxxxxxx" \ -H "Content-Type: application/json"
429 responses include a Retry-After header. Idempotency keys are supported on all POST endpoints via Idempotency-Key.
Outgoing payments are signed with HMAC-SHA512 using your outgoing secret. Parameters must be concatenated in exactly this order — any deviation produces an invalid signature:
message = requestTime + account + amount
+ beneficiaryName + beneficiaryAccount + beneficiaryReference
// Example (Node.js)
const crypto = require("crypto");
const signature = crypto
.createHmac("sha512", process.env.NEXPAY_OUTGOING_SECRET)
.update(requestTime + account + amount + beneficiaryName
+ beneficiaryAccount + beneficiaryReference)
.digest("hex");{
"orderId": "ord_1f3c9aa2b7e04d11",
"status": "processing",
"payment": {
"paymentId": "NXP-8A4F21C09B3D",
"externalPaymentId": "ext-77b1e2d940aa41c2",
"status": "PENDING",
"networkType": "SEPA"
},
"total": 153.62
}POST /api/webhooks/nexpay
X-Nexpay-Signature: 3fa1c0de... // HMAC-SHA512 of raw body
{
"paymentId": "NXP-8A4F21C09B3D",
"externalPaymentId": "ext-77b1e2d940aa41c2",
"status": "COMPLETED", // or REJECTED
"networkType": "SEPA",
"date": "2026-07-07"
}
// Verify with constant-time comparison, then:
// COMPLETED → confirm order, issue tickets
// REJECTED → fail order, notify customer/api/auth/loginExchange email + password for a session cookie/api/auth/logoutDestroy the current session/api/auth/registerCreate an account (invite-based for team members)/api/auth/refresh-tokenRotate an expiring session/api/eventsList published events (public) or your org's events (authed)/api/eventsCreate an event — enforces plan-tier active-event limits/api/events/:idFetch a single event with tiers and sessions/api/events/:idUpdate details, branding, or schedule/api/events/:id/publishMove a draft to published/api/events/:id/attendeesAttendee list with check-in state (org roles)/api/events/:id/analyticsSales, funnel, and attribution metrics/api/ordersCreate an order and initiate the Nexpay payment (returns PENDING)/api/orders/:id/statusPoll order + payment status; tickets appear once paid/api/orders/:id/refundRefund an order — issues gateway reversal, voids tickets/api/tickets/:code/qrSVG QR image for a ticket's entry codeMirrors the Nexpay eurowallet API. All outgoing payments are signed with HMAC-SHA512.
/api/payments/nexpay/createInitiate an outgoing SEPA/SWIFT payment/api/payments/nexpay/status/:paymentIdPayment details by clientPaymentId or externalPaymentId/api/payments/nexpay/historyStatement for a period — reconciliation feed/api/webhooks/nexpayInbound webhook — signature-verified status updates/api/check-in/scanValidate a ticket code and check the attendee in/api/check-in/event/:eventIdLive entry stats for an event/api/check-in/bulkBatch check-in for offline-mode sync/api/teamList members and roles/api/team/inviteInvite a member — enforces plan seat limits/api/billing/subscriptionCurrent plan, usage, and renewal date/api/billing/subscription/upgradeChange tier — prorated immediately/api/billing/invoicesInvoice history with PDF linksErrors return a JSON body { "error": "human-readable message" } with conventional status codes: 400 validation, 401 unauthenticated, 402 plan limit reached, 403 wrong tenant/role, 404 not found, 409 conflict (sold out, already checked in), 429 rate limited.