API Reference

Build on geteventriX

REST over HTTPS, JSON bodies, cookie or bearer authentication. Custom API access with elevated rate limits is an Enterprise feature.

Authentication & rate limits

Bearer authentication
curl https://api.geteventrix.com/api/events \
  -H "Authorization: Bearer evx_live_xxxxxxxxxxxx" \
  -H "Content-Type: application/json"

Rate limits by plan

  • Launch60 req/min
  • Starter120 req/min
  • Professional300 req/min
  • Scale1,000 req/min
  • EnterpriseCustom

429 responses include a Retry-After header. Idempotency keys are supported on all POST endpoints via Idempotency-Key.

Nexpay transaction signatures

Outgoing payments are signed with HMAC-SHA512 using your outgoing secret. Parameters must be concatenated in exactly this order — any deviation produces an invalid signature:

signature = HMAC_SHA512(outgoingSecret, message)
message = requestTime + account + amount
        + beneficiaryName + beneficiaryAccount + beneficiaryReference

// Example (Node.js)
const crypto = require("crypto");
const signature = crypto
  .createHmac("sha512", process.env.NEXPAY_OUTGOING_SECRET)
  .update(requestTime + account + amount + beneficiaryName
        + beneficiaryAccount + beneficiaryReference)
  .digest("hex");
POST /api/orders — response (payment initiated)
{
  "orderId": "ord_1f3c9aa2b7e04d11",
  "status": "processing",
  "payment": {
    "paymentId": "NXP-8A4F21C09B3D",
    "externalPaymentId": "ext-77b1e2d940aa41c2",
    "status": "PENDING",
    "networkType": "SEPA"
  },
  "total": 153.62
}
Webhook delivery — verify before trusting
POST /api/webhooks/nexpay
X-Nexpay-Signature: 3fa1c0de...   // HMAC-SHA512 of raw body

{
  "paymentId": "NXP-8A4F21C09B3D",
  "externalPaymentId": "ext-77b1e2d940aa41c2",
  "status": "COMPLETED",        // or REJECTED
  "networkType": "SEPA",
  "date": "2026-07-07"
}

// Verify with constant-time comparison, then:
// COMPLETED → confirm order, issue tickets
// REJECTED  → fail order, notify customer

Authentication

POST/api/auth/loginExchange email + password for a session cookie
POST/api/auth/logoutDestroy the current session
POST/api/auth/registerCreate an account (invite-based for team members)
POST/api/auth/refresh-tokenRotate an expiring session

Events

GET/api/eventsList published events (public) or your org's events (authed)
POST/api/eventsCreate an event — enforces plan-tier active-event limits
GET/api/events/:idFetch a single event with tiers and sessions
PUT/api/events/:idUpdate details, branding, or schedule
POST/api/events/:id/publishMove a draft to published
GET/api/events/:id/attendeesAttendee list with check-in state (org roles)
GET/api/events/:id/analyticsSales, funnel, and attribution metrics

Orders & tickets

POST/api/ordersCreate an order and initiate the Nexpay payment (returns PENDING)
GET/api/orders/:id/statusPoll order + payment status; tickets appear once paid
POST/api/orders/:id/refundRefund an order — issues gateway reversal, voids tickets
GET/api/tickets/:code/qrSVG QR image for a ticket's entry code

Nexpay payments

Mirrors the Nexpay eurowallet API. All outgoing payments are signed with HMAC-SHA512.

POST/api/payments/nexpay/createInitiate an outgoing SEPA/SWIFT payment
GET/api/payments/nexpay/status/:paymentIdPayment details by clientPaymentId or externalPaymentId
GET/api/payments/nexpay/historyStatement for a period — reconciliation feed
POST/api/webhooks/nexpayInbound webhook — signature-verified status updates

Check-in

POST/api/check-in/scanValidate a ticket code and check the attendee in
GET/api/check-in/event/:eventIdLive entry stats for an event
POST/api/check-in/bulkBatch check-in for offline-mode sync

Team & billing

GET/api/teamList members and roles
POST/api/team/inviteInvite a member — enforces plan seat limits
GET/api/billing/subscriptionCurrent plan, usage, and renewal date
POST/api/billing/subscription/upgradeChange tier — prorated immediately
GET/api/billing/invoicesInvoice history with PDF links

Errors

Errors return a JSON body { "error": "human-readable message" } with conventional status codes: 400 validation, 401 unauthenticated, 402 plan limit reached, 403 wrong tenant/role, 404 not found, 409 conflict (sold out, already checked in), 429 rate limited.