Amar Events API
REST API for the Amar Events platform. Base URL: https://amarevents.zone.id/api
All responses are JSON. All request bodies should be JSON with Content-Type: application/json.
Quick Navigation
Authentication
All authenticated requests require an API key passed as a Bearer token in the Authorization header.
| Header | Value |
|---|---|
| Authorization | Bearer ae_u_<your_key> |
| Content-Type | application/json |
Generate your API key from the API Keys dashboard or via POST /api/keys after logging in.
Public endpoints like
GET /events, GET /organizations, and POST /auth/register do not require authentication. All write operations and private data require an API key.
API Key Types
Each API key has a type that determines what permissions it can hold and its rate limit. Choose the appropriate type when creating keys.
User Key
For end-users — browse events, manage your own tickets and profile.
60 req/min- events:read
- tickets:read
- tickets:write
- users:read
- users:write
Organizer Key
For organizers — manage events, tickets, and donations. Requires organizer account.
120 req/min- events:read/write/delete
- tickets:read/write/delete
- organizations:read/write
- donations:read/write
- users:read
Admin Key
Full platform access. Requires admin account. Use for integrations and automation.
300 req/min- All organizer permissions
- users:write
- admin routes
- * (wildcard)
Key prefixes identify type at a glance: ae_u_… (user), ae_o_… (organizer), ae_a_… (admin).
Rate Limits
Rate limits are enforced per API key on a per-minute sliding window. Limits vary by key type.
| Key Type | Limit | Window |
|---|---|---|
| user | 60 requests | Per minute |
| organizer | 120 requests | Per minute |
| admin | 300 requests | Per minute |
Rate limit headers are included on every authenticated response:
| Header | Description |
|---|---|
| X-RateLimit-Limit | Your key's maximum requests per minute |
| X-RateLimit-Remaining | Requests remaining in the current window |
| X-RateLimit-Reset | Unix timestamp when the window resets |
| X-RateLimit-Type | Your key type (user / organizer / admin) |
| Retry-After | Seconds to wait (only on 429 responses) |
When you receive a 429 Too Many Requests response, wait until
Retry-After seconds have passed before retrying.Error Handling
All errors follow a consistent structure:
{ "success": false, "error": "Human-readable error message" }
| Code | Meaning |
|---|---|
| 400 | Bad Request — missing or invalid field |
| 401 | Unauthorized — no or invalid API key |
| 403 | Forbidden — insufficient permissions or wrong key type |
| 404 | Not Found — resource does not exist |
| 405 | Method Not Allowed |
| 429 | Too Many Requests — rate limit exceeded |
| 500 | Internal Server Error |
Pagination
List endpoints support page and limit query parameters. The response includes a pagination object.
{ "success": true, "data": [...], "pagination": { "total": 142, "page": 1, "limit": 20, "pages": 8 } }
Maximum limit is 100. Default is 20.
Auth
POST
/auth/register
Create a new account
Public
| Field | Type | Notes |
|---|---|---|
| username | string | required Min 3 chars |
| string | required Valid email | |
| password | string | required Min 6 chars |
| number | string | required Phone number |
{ "username": "john", "email": "john@email.com", "password": "secret123", "number": "01700000000" }
POST
/auth/login
Login — start a session
Public
Creates a server session. For API access, generate a key via POST /keys after login.
| Field | Type | Notes |
|---|---|---|
| string | required | |
| password | string | required |
POST
/auth/logout
Destroy session
Public
GET
/auth/me
Identity of current key/session
UserOrganizerAdmin
Events
GET
/events
List public events
Public
| Query Param | Type | Notes |
|---|---|---|
| search | string | optional Name, location, description |
| category | string | optional Education, Sports, Concert… |
| organization_id | int | optional |
| page | int | optional Default 1 |
| limit | int | optional Default 20, max 100 |
GET
/events/{id}
Get event details with ticket types and custom fields
Public
GET
/events/{id}/tickets
List all registrations for an event
OrganizerAdmin
Requires organizer ownership of the event or admin key.
| Query Param | Type | Notes |
|---|---|---|
| status | string | optional Pending / Success / Failed |
| page / limit | int | optional |
GET
/events/{id}/stats
Revenue and ticket stats for an event
OrganizerAdmin
{ "total": 150, "approved": 120, "pending": 20, "failed": 10, "revenue": 36000.00, "by_ticket_type": [...] }
GET
/events/{id}/gallery
Get event gallery images
Public
GET
/events/{id}/fields
Get custom registration fields for an event
Public
POST
/events
Create a new event
OrganizerAdmin
| Field | Type | Notes |
|---|---|---|
| name | string | required |
| organization_id | int | required |
| date | string | optional YYYY-MM-DD |
| deadline | string | optional YYYY-MM-DD |
| location | string | optional |
| category | string | optional Education, Sports, Concert, Conference, Workshop, Festival, Charity, Cultural, Games, Other |
| description | string | optional |
| banner / logo | string | optional Image URL |
| privacy | string | optional public (default) or private |
| ticket_types | array | optional Array of {name, price, capacity, description} |
PUT
/events/{id}
Update an event
OrganizerAdmin
Send only the fields you want to update. Updatable fields: name, date, deadline, location, category, description, logo, banner, privacy, notice, emailtitle, emailmessage, template, socials, wallets.
DELETE
/events/{id}
Delete an event and all related data
OrganizerAdmin
This permanently deletes the event, all tickets, ticket types, custom fields, and gallery entries.
Organizations
GET
/organizations
List all organizations
Public
| Query Param | Type | Notes |
|---|---|---|
| search | string | optional |
| page / limit | int | optional |
GET
/organizations/{id}
Get organization with recent public events
Public
POST
/organizations
Create an organization (admin only)
Admin
| Field | Type | Notes |
|---|---|---|
| name | string | required |
| user_id | int | required Owner user ID |
| description | string | optional |
| eventcount | int | optional Slot allowance |
PUT
/organizations/{id}
Update organization
OrganizerAdmin
Organizers can update name, description, notice. Admins can also update plan and eventcount.
Tickets
GET
/tickets
List tickets — own (user) or by event (organizer)
UserOrganizerAdmin
Without event_id: returns tickets for the authenticated user's email. With event_id: requires organizer ownership.
| Query Param | Type | Notes |
|---|---|---|
| event_id | int | optional Filter by event (organizer only) |
| status | string | optional Pending / Success / Failed / Refunded |
| page / limit | int | optional |
GET
/tickets/{id}
Get ticket details with custom field values
UserOrganizerAdmin
User can only access their own ticket. Organizer can access tickets for their events.
POST
/tickets
Register for an event
UserOrganizerAdmin
| Field | Type | Notes |
|---|---|---|
| event_id | int | required |
| name | string | optional Defaults to account name |
| string | optional Defaults to account email | |
| number | string | optional |
| ticket_type_id | int | optional |
| transaction_id | string | optional Payment transaction ID |
| amount | float | optional Overrides ticket type price |
| note | string | optional |
| custom_fields | object | optional Key-value map of custom field responses |
POST
/tickets/{id}/verify
Verify ticket validity (e.g. for QR scan)
OrganizerAdmin
{ "ticket_id": 42, "name": "Karim Rahman", "email": "karim@email.com", "status": "Success", "event": "Tech Summit 2025", "event_date": "2025-06-10", "valid": true }
PUT
/tickets/{id}
Update ticket status or details
OrganizerAdmin
| Field | Type | Notes |
|---|---|---|
| status | string | optional Success / Pending / Failed / Refunded |
| transid | string | optional |
| name / email / number / note | string | optional |
| amount | float | optional |
| ticket_type_id | int | optional |
DELETE
/tickets/{id}
Delete a ticket
OrganizerAdmin
Ticket Types
GET
/ticket-types?event_id={id}
List ticket types for an event with availability
Public
POST
/ticket-types
Create a ticket type for an event
OrganizerAdmin
| Field | Type | Notes |
|---|---|---|
| event_id | int | required |
| name | string | required |
| price | float | optional Default 0 (free) |
| capacity | int | optional 0 = unlimited |
| description | string | optional |
PUT
/ticket-types/{id}
Update a ticket type
OrganizerAdmin
DELETE
/ticket-types/{id}
Delete a ticket type (only if no approved tickets)
OrganizerAdmin
Donations
GET
/donations
List donations (own org for organizers, all for admin)
OrganizerAdmin
| Query Param | Type | Notes |
|---|---|---|
| status | string | optional pending / verified |
| page / limit | int | optional |
POST
/donations
Submit a donation
Public
| Field | Type | Notes |
|---|---|---|
| string | required | |
| number | string | required |
| amount | int | required Min 1 |
| transaction_id | string | required Min 5 chars |
| type | string | required bkash / nagad / rocket / card / other |
| organization_id | int | optional |
| note | string | optional |
PUT
/donations/{id}
Update donation status
OrganizerAdmin
| Field | Type | Notes |
|---|---|---|
| status | string | required pending / approved / rejected |
Users
GET
/users/me
Get own profile with organization and stats
UserOrganizerAdmin
GET
/users/me/tickets
List own ticket registrations
User
| Query Param | Notes |
|---|---|
| status | Pending / Success / Failed |
| page / limit | Pagination |
GET
/users/me/keys
List own API keys
UserOrganizerAdmin
PUT
/users/me
Update profile
UserOrganizer
| Field | Type | Notes |
|---|---|---|
| username | string | optional Min 3 chars, must be unique |
| number | string | optional |
| pfp | string | optional Profile picture URL |
| country | string | optional |
| password | string | optional Requires current_password |
| current_password | string | Required when changing password |
API Keys
GET
/keys
List own API keys
UserOrganizerAdmin
POST
/keys
Create a new API key
UserOrganizerAdmin
You must be logged in via session (POST /auth/login) or already have a key to create new keys via the API. Easier to use the dashboard.
| Field | Type | Notes |
|---|---|---|
| name | string | required |
| key_type | string | required user / organizer / admin |
| permissions | array | optional Subset of allowed permissions for the key type |
| expires_at | string | optional ISO date e.g. 2026-01-01 |
{ "name": "My App", "key_type": "organizer", "permissions": ["events:read", "tickets:read", "tickets:write"], "expires_at": "2027-01-01" }
Response includes the raw key — save it immediately, it is never shown again.
{ "id": 12, "key": "ae_o_4f8a…", "key_type": "organizer", "permissions": [...], "rate_limit": 120 }
PUT
/keys/{id}
Update key name, permissions, or active status
UserOrganizerAdmin
| Field | Type | Notes |
|---|---|---|
| name | string | optional |
| permissions | array | optional Must be within allowed permissions for key type |
| is_active | bool | optional |
DELETE
/keys/{id}
Revoke an API key
UserOrganizerAdmin
Admin
All admin endpoints require an admin API key (key_type = admin) or an active admin session. Organizer keys with admin permission do not grant access.
GET
/admin/stats
Platform-wide statistics
Admin
GET
/admin/users
List all users with filtering
Admin
| Query Param | Notes |
|---|---|
| search | Username, email, or phone |
| type | user / organizer |
| admin | 0 or 1 |
| page / limit | Pagination |
GET
/admin/users/{id}
Get user with organization, API keys, and ticket count
Admin
PUT
/admin/users/{id}
Update user — promote/demote organizer, change password
Admin
| Field | Notes |
|---|---|
| username / email / number / type / admin / country | Update user fields |
| password | New password (min 6 chars) |
| promote_organizer | true — sets type to organizer and creates org if none exists |
| demote_organizer | true — sets type back to user |
DELETE
/admin/users/{id}
Permanently delete a user and their data
Admin
GET
/admin/events
List all events (public and private)
Admin
| Query Param | Notes |
|---|---|
| search | Event name |
| privacy | public / private |
| page / limit | Pagination |
GET
/admin/donations
List all donations across the platform
Admin
PUT
/admin/donations/{id}
Update donation status
Admin
| Field | Notes |
|---|---|
| status | pending / verified / rejected |
GET
/admin/api-keys
List all API keys on the platform
Admin
| Query Param | Notes |
|---|---|
| user_id | Filter by user |
| active | 0 or 1 |
| key_type | user / organizer / admin |
| page / limit | Pagination |
DELETE
/admin/revoke-key/{id}
Force-revoke any API key
Admin
GET
/admin/plans
List all subscription plans
Admin
GET
/admin/rate-limits
View recent rate limit usage by key
Admin
Permissions Reference
| Permission | Allows | Available In |
|---|---|---|
| events:read | Read public and private events you own | all types |
| events:write | Create and update events | organizer, admin |
| events:delete | Delete events | organizer, admin |
| tickets:read | Read your own tickets or event tickets | all types |
| tickets:write | Register for events, update ticket status | all types |
| tickets:delete | Delete tickets | organizer, admin |
| organizations:read | Read organization details | organizer, admin |
| organizations:write | Update organization | organizer, admin |
| donations:read | Read donations for your org | organizer, admin |
| donations:write | Update donation status | organizer, admin |
| users:read | Read own profile | all types |
| users:write | Update own profile | user, admin |
| admin | Access all admin routes | admin only |
| * | All permissions | admin only |