Developers Information - API & Web Services
API Authentication Parameters
Each API method accepts a set of authentication parameters in addition to its stated arguments.
Authentication Arguments
- app_key string
- API application key provided by Eventbrite.
- user string
- Email of the client user (optional).
- password string
- Password of the client user (optional).
- user_key string
- Unique key for each user (optional).
Application Keys
The application key is a string assigned by Eventbrite which identifies the application making the method call. This is separate from user authentication, which identifies the Eventbrite user using the application. For example, if Eventbrite user xyz@mail.com is using a Dashboard widget to display events from a Smart Calendar, "app_key" would identify the Dashboard widget and "user"/"password" would identify the user.
A valid application key is required for any interaction with the Eventbrite API. Application developers may request an application key.
User Key
The user key is a string assigned by Eventbrite which identifies the user making the method call. This replaces basic username/password authentication, which identifies the Eventbrite user using the application.
A valid user key is the recommended method for user authentication with the Eventbrite API. Application developers will find their user key here.
User Authentication
The API accepts Basic user authentication, provided as name-value pairs sent along with method parameters. Each method accepts authentication and determines what level of authorization is required for the specific call.
Methods may also modify their output based on the authenticated user. For instance, private or password-protected events will only appear in lists requested by their owners. Some methods may also indicate whether information is editable by the current user. See the documentation for each method for specific cases.
Secure Authentication (Recommended)
The secure method of authentication hides your login information and instead passes a user_key into the api. For example:
https://www.eventbrite.com/xml/user_events_list?app_key=<APP_KEY>
&user_key=<USER_KEY>&id=...
If a user_key provided, the API will validate it against the Eventbrite user database. If the user_key is valid and authenticated, the method call will continue. If the user_key is not valid or presented an incorrect password and the method requires authentication, an XML error message is returned:
To ensure maximum safety, only authentication requests made over SSL will be processed. So all your API calls should start with "https://".
<error>
<error_type>Authentication Error</error_type>
<error_message>Invalid user_key.</error_message>
</error>
Basic Authentication
The Basic level of authentication involves providing the parameters "user" and "password" to each method call along with other parameters. For instance:
https://www.eventbrite.com/xml/user_events_list?app_key=<APP_KEY>
&user=<USER_EMAIL>&password=<USER_PASSWORD>&id=...
If a user and password are provided, the API will validate them against the Eventbrite user database. If the user is valid and authenticated, the method call will continue. If the user is not valid or presented an incorrect password and the method requires authentication, an XML error message is returned:
To ensure maximum safety, only authentication requests made over SSL will be processed. So all your API calls should start with "https://".
<error>
<error_type>Authentication Error</error_type>
<error_message>Invalid email and/or password.</error_message>
</error>