From event creation to QR check-in, queue management to fraud detection — Tickitz provides every primitive through one clean SDK.
01 — Events
Define your event, configure ticket tiers with dynamic pricing, set capacity limits, and publish — all from a single API call. Tickitz handles scheduling, timezone normalization, and slug generation automatically.
const event = await tickitz.events.create({ title: "Neon Nights Festival", venue: { name: "Brixton Academy", city: "London", timezone: "Europe/London", }, startsAt: "2025-09-20T19:00:00", endsAt: "2025-09-20T23:59:00", tiers: [ { name: "Early Bird", price: 2499, quantity: 200 }, { name: "General Admission", price: 3999, quantity: 800 }, { name: "VIP", price: 12999, quantity: 50 }, ], maxCapacity: 1050, queueEnabled: true, }); // Publish — makes it bookable await tickitz.events.publish(event.id); console.log(event.slug); // "neon-nights-festival"
02 — Queue / Waiting Room
When demand exceeds supply, Tickitz's queue module creates a fair, transparent waiting room. The SDK manages the polling loop so you don't have to write a single interval. Position updates, expiry timers, and capacity locks are all handled server-side.
// 1. Join the queue const entry = await tickitz.queue.join({ eventId: "evt_abc123", customerId: "cus_xyz789", items: [{ tierId: "tier_ga", quantity: 2 }], }); console.log(entry.position); // 312 console.log(entry.estimatedWait); // "~4 min" // 2. SDK polls — fires onUpdate on each tick const ready = await tickitz.queue.poll(entry.token, { onUpdate: ({ position, estimatedWait }) => { updateUI(position, estimatedWait); }, }); // 3. ready.bookingId is reserved — confirm within TTL const booking = await tickitz.bookings.confirm( ready.bookingId, { paymentIntentId: "pi_stripe_abc" } ); console.log(booking.status); // "confirmed"
03 — Bookings
Bookings flow through a well-defined state machine: pending → confirmed → fulfilled → refunded. Tickets are auto-issued on confirmation. Tickitz integrates natively with Stripe payment intents — no custom webhook glue needed.
// Create a pending booking const booking = await tickitz.bookings.create({ eventId: "evt_abc123", customerId: "cus_xyz789", items: [ { tierId: "tier_vip", quantity: 1 }, ], }); // booking.status === "pending" // booking.paymentIntentClientSecret → pass to Stripe.js // After payment succeeds, confirm const confirmed = await tickitz.bookings.confirm( booking.id ); // confirmed.status === "confirmed" // confirmed.tickets → auto-issued ticket objects // Inspect the first ticket const [ticket] = confirmed.tickets; console.log(ticket.qrImageUrl); // hosted PNG console.log(ticket.qrPayload); // signed string
04 — QR & Check-in
A single atomic call handles QR validation, re-entry prevention, fraud scoring at the gate, and audit logging. Staff scan from any device — browser, native app, or dedicated scanner hardware via REST. Duplicate scans return a clear warning rather than silently succeeding.
Check-in API reference →05 — Webhooks
Every state transition in the Tickitz system fires a signed webhook to your endpoint. Delivery is attempted with exponential backoff over 72 hours. Each payload is signed with your secret so you can verify authenticity before processing.
{ "id": "wh_9f3a12bc", "type": "booking.confirmed", "created": 1721062800, "signature": "sha256=8d4e...", "data": { "bookingId": "bkg_def456", "eventId": "evt_abc123", "customerId":"cus_xyz789", "status": "confirmed", "totalCents":3999, "tickets": [ { "id": "tkt_ghi789", "tierName":"General Admission", "qrUrl": "https://cdn.tickitz.io/..." } ] } } // Verify on your server const valid = tickitz.webhooks.verify( rawBody, sig, process.env.WEBHOOK_SECRET );
06 — Fraud Detection
Every booking receives an automatic risk score from 0–100. Signals include velocity checks, IP reputation, device fingerprinting, ticket resale pattern matching, and payment anomaly detection. Block, review, or allow — the decision is yours.
07 — Customers
Every booking is linked to a customer object. Track lifetime spend, booking history, fraud flags, and communication preferences — all accessible through a single lookup. No need to maintain a parallel CRM for attendee data.
// Upsert a customer on sign-up const customer = await tickitz.customers.upsert({ email: "priya@example.com", name: "Priya Sharma", metadata: { plan: "premium" }, }); // Fetch full history const history = await tickitz.customers.bookings( customer.id, { status: "confirmed", limit: 10 } ); // Lifetime stats console.log(customer.stats.totalSpentCents); // 89700 console.log(customer.stats.eventsAttended); // 14 console.log(customer.stats.fraudScore); // 4 (low) console.log(customer.stats.bookingsThisYear); // 3
All modules
Every primitive you need to ship a world-class ticketing experience, without stitching together a dozen vendors.
Create, publish, and manage events with ticket tiers, capacity controls, and rich scheduling. Supports multi-day events and recurring schedules.
Upsert-friendly customer records linked to all bookings, tickets, and fraud signals. Full spend history and per-customer risk scoring.
Full booking lifecycle from creation to confirmation, with Stripe payment intent integration and automatic ticket issuance on confirm.
Handle high-demand drops without overselling. Bot-resistant token signing, configurable TTLs, and SDK-managed polling — no custom interval code.
Auto-issued on booking confirmation. Each ticket carries a unique signed QR code, a hosted PNG image URL, and metadata for your UI.
Atomic scan, verify, and check-in. Duplicate scans return a clear warning. Works on any device with a REST call or the Tickitz Scanner SDK.
14 event types with HMAC-signed payloads. Exponential backoff retries over 72 hours. Filter by event type or destination endpoint.
Composite 0–100 risk scoring on every booking. Velocity, device, payment, and quantity signals. Configurable thresholds per event.
Fetch event stats, scan rates, revenue breakdowns, and API usage programmatically. Pipe to your own BI tooling or build an embedded dashboard.
Validate API keys, inspect permission scopes, rotate secrets, and check org plan status. Full multi-tenant key management for platform builders.
Security & reliability
Tickitz is designed to handle the scale and security requirements of large-scale live events without any custom configuration.
Independently audited annually. All data is encrypted at rest and in transit. Access logs retained for 12 months.
Multi-region active-active deployment. Automatic failover with zero-downtime deploys. Status page at status.tickitz.io.
QR payloads, webhook deliveries, and queue tokens are all cryptographically signed so forgery is computationally infeasible.
Data residency controls for EU customers. Customer delete API fully purges PII. DPA available on request.
SDKs
Official, fully-typed SDKs for every major platform. All SDKs are open source, versioned on npm or the relevant package registry, and kept in sync with the REST API.
| Capability | SDK | REST |
|---|---|---|
| Full TypeScript types | ✓ | — |
| Queue polling loop | ✓ | manual |
| Webhook verification | ✓ | ✓ |
| Auto-retry on 429/5xx | ✓ | — |
| Idempotency keys | ✓ | ✓ |
| Pagination helpers | ✓ | cursor |
| Streaming (SSE) | ✓ | ✓ |
"Tickitz is what we wished we had for our festival infrastructure. The queue module handled 50,000 concurrent users at drop time without a single oversell."
"The fraud detection module caught a bot ring on our sneaker drop that would have eaten our entire GA allocation in under 30 seconds. Pure magic."
Free tier includes 1,000 bookings/month. No credit card required.
npm install @tickitz/sdk