{
  1. Introduction
    1. Prerequisites
    2. Getting Started
  2. Integration
    1. API endpoint
    2. Authentication
    3. Encryption
    4. Cross-Site Scripting (XSS)
  3. Authentication
    1. Get JWT Token
    2. Refresh JWT Token
  4. Order
    1. Get Order Details

Ticket Order API

The Ticket Order API enables you to receive order details for third party applications.

You can integrate this in your application by communicating with our api.

The Ticket Order API is a REST API that uses JSON to communicate.

Related resources

Prerequisites

To make use of our API for Ticketing you need to be registered at CM.com, you need to be acquired in the ticketing app and you need to create an event in the ticketing app.

During the implementation you might have questions and we kindly refer to our Help Center documents to get more background information.

Integration

API endpoint

  • Ticket Order Api: https://api.cm.com/ticketorderapi/v1.0

Our API supports sending messages via HTTP. You can send a POST request containing a JSON body.

Authentication

The authentication consists of two parts: the application identifier and authentication with a JWT Token.

One JWT Token give you the possibility to retrieve information for one order, if you want to store multiple orders you need to store multiple JWT tokens and refresh tokens in your application.

The JWT Token can be requested with a combination of the e-mail address and the order id.

The application identifier is a header called X-TF-APP-ID and will be provided by your account manager or you can request one via info@cmtickets.com.

Encryption

Communication with the CM servers should be done using the TLS cryptographic protocol, version 1.1 or higher. Older security protocols such as TLSv1.0 and SSLv3 are not supported.

Cross-Site Scripting (XSS)

On our API, Cross-Site Scripting (XSS) protection is enabled. XSS enables attackers to inject client-side scripts into web pages viewed by other users.

To protect your web application and our API we disabled the option to make direct request from a web application.

Authentication

Authenticate to retrieve order information.

Get JWT Token

Get a JWT Token for a specific order.

GET https://api.cm.com/ticketorderapi/v1.0/authentication/token

GET Parameters

Type Name Description Required Example
Header Authorization A combination of e-mail address and order id. This code must be base64 encoded. e-mail_address:order_id. True Basic: ZS1tYWlsX2FkZHJlc3M6b3JkZXJfaWQ=
Header X-TF-APP-ID App Id provided by CM. True 00000000-0000-0000-0000-00000000000
Header Content-Type The content type which the application expects. True application/json

Response

Http status Description Example
200 Successful operation JWT Token Object
401 Unauthorized Info Message

Response: JWT Token Object

{
    "token_type":"bearer",
    "access_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyIjoiVlx1MDAxNcKbwoNUwoonbFPCu8KhwrYiLCJpYXQiOjE0NDQyNjI4NjYsImV4cCI6MTQ0NDI2Mjg4Nn0.Dww7TC-d0teDAgsmKHw7bhF2THNichsE6rVJq9xu_2s",
    "expires_in": 86400,
    "refresh_token":"7fd15938c823cf58e78019bea2af142f9449696a"
}

Refresh JWT Token

Refresh the JWT Token for a specific order.

POST https://api.cm.com/ticketorderapi/v1.0/authentication/refresh

POST Parameters

Type Name Description Required Example
Header Authorization The JWT Refresh Token True Basic: 7fd15938c823cf58e78019bea2af142f9449696a
Header X-TF-APP-ID App Id provided by CM. True 00000000-0000-0000-0000-00000000000
Header Content-Type The content type which the application expects. True application/json

Response

Http status Description Example
200 Successful operation JWT Token Object
401 Unauthorized Info Message

Response: JWT Token Object

{
    "token_type":"bearer",
    "access_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyIjoiVlx1MDAxNcKbwoNUwoonbFPCu8KhwrYiLCJpYXQiOjE0NDQyNjI4NjYsImV4cCI6MTQ0NDI2Mjg4Nn0.Dww7TC-d0teDAgsmKHw7bhF2THNichsE6rVJq9xu_2s",
    "expires_in": 86400,
    "refresh_token":"7fd15938c823cf58e78019bea2af142f9449696a"
}

Order

Get an order with details, barcodes are included.

Get Order Details

Get the order details

GET https://api.cm.com/ticketorderapi/v1.0/order/{order_uuid}

POST Parameters

Type Name Description Required Example
Header Authorization The JWT Token True bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyIjoiVlx1MDAxNcKbwoNUwoonbFPCu8KhwrYiLCJpYXQiOjE0NDQyNjI4NjYsImV4cCI6MTQ0NDI2Mjg4Nn0.Dww7TC-d0teDAgsmKHw7bhF2THNichsE6rVJq9xu_2s
Header X-TF-APP-ID App Id provided by CM. True 00000000-0000-0000-0000-00000000000
Header Content-Type The content type which the application expects. True application/json
Path Variable order_uuid The UUID of an order can be retrieved from the JWT Token payload, you can use the property 'sub'. True 00000000-0000-0000-0000-000000000000

Response

Http status Description Example
200 Successful operation Order Details Object
401 Unauthorized Info Message

Response: Order Details Object

{
    "order_id": "CMOR123AAAA",
    "order_uuid": "00000000-0000-0000-0000-000000000000",
    "customer_data": {
        "uuid": "00000000-0000-0000-0000-000000000000",
        "first_name": "John",
        "last_name": "Doe",
        "email": "johndoe@example.com"
    },
    "barcodes": [
        {
            "order_id": "CMBR123AAAA",
            "ticket_type": {
                "name": {
                    "nl": "Regular",
                    "en": "Regular",
                    "de": "Regular",
                    "fr": "Regular"
                },
                "subtitle": {
                    "nl": "",
                    "en": "",
                    "de": "",
                    "fr": ""
                }
            },
            "event": {
                "uuid": "00000000-0000-0000-0000-000000000000",
                "name ": "CM.com Festival",
                "start_at": "2019-10-10T10:00:00+00:00",
                "end_at": "2019-10-10T22:00:00+00:00"
            }
        },
        {
            "order_id": "CMBR123BAAA",
            "ticket_type": {
                "name": {
                    "nl": "Regular",
                    "en": "Regular",
                    "de": "Regular",
                    "fr": "Regular"
                },
                "subtitle": {
                    "nl": "",
                    "en": "",
                    "de": "",
                    "fr": ""
                }
            },
            "event": {
                "uuid": "00000000-0000-0000-0000-000000000000",
                "name ": "CM.com Festival",
                "start_at": "2019-10-10T10:00:00+00:00",
                "end_at": "2019-10-10T22:00:00+00:00"
            }
        }
    ]
}