1. Introduction
  2. Version Control
  3. Ticket Shop Api
    1. Authentication
    2. Events List
    3. Event
      1. Calculation Of Fees
    4. Discount Codes
    5. Calendar
      1. Time Slots Year Month
      2. Time Slots Year Month Day
    6. Reservation
      1. Create Reservation
      2. Update Reservation
    7. Checkout


Base URL

The API URL is to be used is:


Product Token

The API expects one header containing an authentication token, called X-CM-PRODUCTTOKEN. This token will be provided by your account manager or you can request one via info@cmtickets.com.

Content Type

As Content-Type, application/json is being used in all API communications. Please add this header to your requests as well.


We strongly recommend you to build a small proxy (a backend application) which add the X-CM-PRODUCTTOKEN header to all your requests and forward the api calls.

This comes with the following reasons:

Cross-Site Scripting (XSS)

On our API, Cross-Site Scripting (XSS) protection is enabled. XSS enables attackers to inject client-side scripts into web pages viewed by other users. To protect your web application and our API we disabled the option to make direct request from a web application.

Product token

It's not a good practise to store a api key/product token in a frontend application because everything is readable (one way or another).