App OAuth Flow
Integrating your app requires authenticating and securing access to the Eventbrite API. This involves both authenticating your personal access, and authenticating access for the users of your app.
OAuth Authorize URL: https://www.eventbrite.com/oauth/authorize
OAuth Access token URL: https://www.eventbrite.com/oauth/token
Authenticating Your Personal Access to the Eventbrite API
To integrate your app, you must authenticate your personal access to the Eventbrite API. To learn how, refer to Authenticating Your Access.
Authenticating Access to the Eventbrite API for Users of Your App
Since you’re also accessing the API on behalf of Users other than yourself, you need to use the OAuth Token flow for each of your application Users. The flow is slightly different depending on whether your application is client-side or server-side.
To authenticate Users via the API, make sure you have the following information, available from your Eventbrite App Management page.
| Name | Description |
|---|---|
| App Key | Identifies your app during the OAuth handshake. Not secret. |
| Client Secret | Identifies your app during a server-side handshake. Secret. |
| Redirect URI | URI to which Users are redirected once they confirm access to your app. You need to set this in the Eventbrite app settings. |
Note: If the User's OAuth Token expires (which may happen, if for example the User changes their password), you'll receive an error. In this instance, your User must again go through the OAuth Token Flow. However if the User still has confirmed access to your application, they won't be required to do that step again.
Authenticating Users of a Client-Side Application
To authenticate a User from a client-side (JavaScript) application, use the following URL as your Redirect URI
https://www.eventbrite.com/oauth/authorize?response_type=token&client_id=YOUR_APP_KEY&redirect_uri=YOUR_URL
The OAuth Token flow for a client-side application is:
Your Users are directed from your website or application to the Eventbrite website.
On the Eventbrite website, the User indicates their desire to use your application, by using the Approve/Deny page.
The User is redirected back to your application or website, as specified by the Redirect URI.
If the User has approved access to your application, an OAuth token is included in the hash fragment of the URL.
You store the User's token, and then use it to access the API on their behalf.
Authenticating Users of a Server-Side Application
To authenticate a User from a server-side application, use the following URL as your Redirect URI
https://www.eventbrite.com/oauth/authorize?response_type=code&client_id=YOUR_APP_KEY
The OAuth Token flow for a server-side application is:
Your Users are directed from your website or application to the Eventbrite website.
On the Eventbrite website, the User indicates their desire to use your application, by using the Approve/Deny page.
The User is redirected back to your application or website, as specified by the Redirect URI.
If the User has approved access to your application, a code query parameter is appended to the end of the URL representing their access code.
Exchange the access code for an OAuth token by sending a
POSTrequest tohttps://www.eventbrite.com/oauth/token. The request returns the User's token.You store the User's token, and then use it to access the API on their behalf.
Note: The
POSTrequest used in step 5 must contain the following urlencoded data, along with the Content-type headerapplication/x-www-form-urlencoded