Authentication
All API requests must include your API key in the Authorization header as a Bearer token. You can generate and manage API keys from your workspace settings.
curl https://api.eventogate.com/v1/events \
-H "Authorization: Bearer eg_live_your_api_key_here" \
-H "Content-Type: application/json"Keep your API key secret
Never expose API keys in client-side code or public repositories. Use server-side requests or environment variables.
Live key
eg_live_...Use in production
Test key
eg_test_...Safe for development — no real data is affected
Events
Create and manage your events. Events can be in-person, virtual, or hybrid and contain attendees, ticket types, and custom registration fields.
/eventsReturns a paginated list of all events in your workspace.
Query parameters
| Name | Type |
|---|---|
| page | integer |
| per_page | integer |
| status | string |
Response
{
"data": [
{
"id": "evt_01HXYZ",
"name": "Q1 Product Workshop",
"type": "in_person",
"status": "published",
"start_at": "2025-06-15T09:00:00Z",
"end_at": "2025-06-15T17:00:00Z",
"attendee_count": 142,
"capacity": 250,
"created_at": "2025-05-01T12:00:00Z"
}
],
"meta": {
"page": 1,
"per_page": 20,
"total": 1
}
}/eventsCreates a new event.
Request body
| Name | Type |
|---|---|
| name* | string |
| type* | string |
| start_at* | string |
| end_at* | string |
| venue_id | string |
| capacity | integer |
| description | string |
Example request
{
"name": "Q1 Product Workshop",
"type": "in_person",
"start_at": "2025-06-15T09:00:00Z",
"end_at": "2025-06-15T17:00:00Z",
"venue_id": "ven_03AXYZ",
"capacity": 250
}Response
{
"id": "evt_01HXYZ",
"name": "Q1 Product Workshop",
"type": "in_person",
"status": "draft",
"start_at": "2025-06-15T09:00:00Z",
"end_at": "2025-06-15T17:00:00Z",
"venue_id": "ven_03AXYZ",
"capacity": 250,
"created_at": "2025-05-01T12:00:00Z"
}/events/{event_id}Returns a single event by ID.
Response
{
"id": "evt_01HXYZ",
"name": "Q1 Product Workshop",
"type": "in_person",
"status": "published",
"start_at": "2025-06-15T09:00:00Z",
"end_at": "2025-06-15T17:00:00Z",
"venue_id": "ven_03AXYZ",
"capacity": 250,
"attendee_count": 142,
"created_at": "2025-05-01T12:00:00Z"
}/events/{event_id}Updates an existing event. Send only the fields you want to change.
Request body
| Name | Type |
|---|---|
| name | string |
| status | string |
| capacity | integer |
Response
{
"id": "evt_01HXYZ",
"name": "Q1 Product Workshop — Updated",
"status": "published",
"capacity": 300,
"updated_at": "2025-05-10T08:30:00Z"
}/events/{event_id}Permanently deletes an event and all associated attendees. This action is irreversible.
Response
{
"deleted": true,
"id": "evt_01HXYZ"
}Attendees
Register and manage attendees for an event. Attendees can be created via the API (your registration form), imported, or added as walk-ins at check-in.
/events/{event_id}/attendeesReturns a paginated list of attendees registered for the event.
Query parameters
| Name | Type |
|---|---|
| page | integer |
| per_page | integer |
| checked_in | boolean |
| q | string |
Response
{
"data": [
{
"id": "att_09BXYZ",
"event_id": "evt_01HXYZ",
"first_name": "Sarah",
"last_name": "Chen",
"email": "sarah@example.com",
"ticket_type": "general",
"checked_in": false,
"qr_code": "QR_att_09BXYZ",
"registered_at": "2025-05-12T10:14:00Z"
}
],
"meta": {
"page": 1,
"per_page": 20,
"total": 142
}
}/events/{event_id}/attendeesRegisters a new attendee for the event. Use this from your website registration form or any upstream system.
Request body
| Name | Type |
|---|---|
| first_name* | string |
| last_name* | string |
| email* | string |
| ticket_type_slug | string |
| custom_fields | object |
| utm_source | string |
| utm_medium | string |
| utm_campaign | string |
Example request
{
"first_name": "Sarah",
"last_name": "Chen",
"email": "sarah@example.com",
"ticket_type_slug": "general",
"utm_source": "website",
"utm_medium": "organic",
"custom_fields": {
"company": "Acme Corp",
"job_title": "Product Manager"
}
}Response
{
"id": "att_09BXYZ",
"event_id": "evt_01HXYZ",
"first_name": "Sarah",
"last_name": "Chen",
"email": "sarah@example.com",
"ticket_type": "general",
"qr_code": "QR_att_09BXYZ",
"checked_in": false,
"registered_at": "2025-05-12T10:14:00Z"
}/events/{event_id}/attendees/{attendee_id}Returns a single attendee record.
Response
{
"id": "att_09BXYZ",
"event_id": "evt_01HXYZ",
"first_name": "Sarah",
"last_name": "Chen",
"email": "sarah@example.com",
"ticket_type": "general",
"qr_code": "QR_att_09BXYZ",
"checked_in": true,
"checked_in_at": "2025-06-15T09:12:44Z",
"registered_at": "2025-05-12T10:14:00Z",
"custom_fields": {
"company": "Acme Corp",
"job_title": "Product Manager"
}
}/events/{event_id}/attendees/{attendee_id}Removes an attendee from the event.
Response
{
"deleted": true,
"id": "att_09BXYZ"
}Check-in
Check attendees in by QR code scan or by searching their name or email. Both methods mark the attendee as checked in and return their full record.
/events/{event_id}/checkin/qrChecks in an attendee by scanning their QR code. Returns the attendee record or an error if the code is invalid or already used.
Request body
| Name | Type |
|---|---|
| qr_code* | string |
Example request
{
"qr_code": "QR_att_09BXYZ"
}Response
{
"id": "att_09BXYZ",
"first_name": "Sarah",
"last_name": "Chen",
"email": "sarah@example.com",
"ticket_type": "general",
"checked_in": true,
"checked_in_at": "2025-06-15T09:12:44Z"
}/events/{event_id}/checkin/searchSearches for attendees by name or email. Useful for manual check-in without a QR scanner.
Query parameters
| Name | Type |
|---|---|
| q* | string |
Response
{
"data": [
{
"id": "att_09BXYZ",
"first_name": "Sarah",
"last_name": "Chen",
"email": "sarah@example.com",
"ticket_type": "general",
"checked_in": false
}
]
}/events/{event_id}/checkin/{attendee_id}Manually checks in an attendee by their ID. Use this after a search to confirm check-in.
Response
{
"id": "att_09BXYZ",
"checked_in": true,
"checked_in_at": "2025-06-15T09:15:00Z"
}Webhooks
Subscribe to real-time event notifications. EventoGate sends an HTTP POST to your endpoint whenever a trigger fires. Payloads are signed with HMAC-SHA256.
/webhooksLists all webhook subscriptions in your workspace.
Response
{
"data": [
{
"id": "wh_77KXYZ",
"url": "https://your-app.com/hooks/eventogate",
"events": ["attendee.registered", "attendee.checked_in"],
"active": true,
"created_at": "2025-04-01T00:00:00Z"
}
]
}/webhooksCreates a new webhook subscription.
Request body
| Name | Type |
|---|---|
| url* | string |
| events* | string[] |
| secret | string |
Example request
{
"url": "https://your-app.com/hooks/eventogate",
"events": [
"attendee.registered",
"attendee.checked_in",
"event.published"
],
"secret": "whsec_your_signing_secret"
}Response
{
"id": "wh_77KXYZ",
"url": "https://your-app.com/hooks/eventogate",
"events": ["attendee.registered", "attendee.checked_in", "event.published"],
"active": true,
"created_at": "2025-05-01T12:00:00Z"
}/webhooks/{webhook_id}Deletes a webhook subscription.
Response
{
"deleted": true,
"id": "wh_77KXYZ"
}Trigger event types
| Event | Description |
|---|---|
| event.created | A new event was created |
| event.published | An event was published |
| event.updated | An event was updated |
| event.deleted | An event was deleted |
| attendee.registered | A new attendee was registered |
| attendee.updated | An attendee record was updated |
| attendee.deleted | An attendee was removed |
| attendee.checked_in | An attendee checked in |
Verifying signatures
When you provide a secret on webhook creation, each payload includes an X-EventoGate-Signature header. Verify it on your server to ensure the request is genuine.
import crypto from "crypto";
function verifySignature(payload, signature, secret) {
const expected = crypto
.createHmac("sha256", secret)
.update(payload)
.digest("hex");
return crypto.timingSafeEqual(
Buffer.from(expected),
Buffer.from(signature)
);
}Error Codes
Errors follow standard HTTP status codes. The response body always includes a machine-readable code and a human-readable message.
{
"error": {
"code": "attendee_already_exists",
"message": "An attendee with this email is already registered for the event.",
"status": 409
}
}| Status | Label |
|---|---|
| 400 | Bad Request |
| 401 | Unauthorized |
| 403 | Forbidden |
| 404 | Not Found |
| 409 | Conflict |
| 429 | Too Many Requests |
| 500 | Server Error |
Ready to integrate?
Create a free account and get your API key in under a minute.