{
  1. Introduction
  2. Version Control
  3. Ticket Shop Api
    1. Authentication
    2. Event
      1. Calculation Of Fees
    3. Discount Codes
    4. Calendar
      1. Time Slots Year Month
      2. Time Slots Year Month Day
    5. Reservation
      1. Create Reservation
      2. Update Reservation
    6. Checkout

Authentication

Base URL

The API URL is to be used is:

https://api.cmtelecom.com/ticketingapi

Product Token

The API expects one header containing an authentication token, called X-CM-PRODUCTTOKEN. This token will be provided by your account manager.

Content Type

As Content-Type, application/json is being used in all API communications. Please add this header to your requests as well.

Security

We strongly recommend you to build a small proxy (a backend application) which add the X-CM-PRODUCTTOKEN header to all your requests and forward the api calls.

This comes with the following reasons:

Cross-Site Scripting (XSS)

On our API, Cross-Site Scripting (XSS) protection is enabled. XSS enables attackers to inject client-side scripts into web pages viewed by other users. To protect your web application and our API we disabled the option to make direct request from a web application.

Product token

It's not a good practise to store a api key/product token in a frontend application because everything is readable (one way or another).