1. Introduction
    1. Prerequisites
    2. Getting Started
  2. Integration
    1. API endpoint
    2. Authentication
    3. Encryption
    4. Cross-Site Scripting (XSS)
  3. Barcode
    1. Get Barcode Details

Ticket Order API

The Ticket Order API enables you to receive order details for third party applications.

You can integrate this in your application by communicating with our api.

The Ticket Order API is a REST API that uses JSON to communicate.

Related resources


To make use of our API for Ticketing you need to be registered at CM.com, you need to be acquired in the ticketing app and you need to create an event in the ticketing app.

During the implementation you might have questions and we kindly refer to our Help Center documents to get more background information.


API endpoint

  • Ticket Order Api: https://api.cm.com/ticketingorderapi/v1.0

Our API supports sending messages via HTTP. You can send a POST request containing a JSON body.


The authentication consists of one parts: the application identifier.

The application identifier is a header called X-TF-APP-ID and will be provided by your account manager or you can request one via [email protected].


Communication with the CM servers should be done using the TLS cryptographic protocol, version 1.1 or higher. Older security protocols such as TLSv1.0 and SSLv3 are not supported.

Cross-Site Scripting (XSS)

On our API, Cross-Site Scripting (XSS) protection is enabled. XSS enables attackers to inject client-side scripts into web pages viewed by other users.

To protect your web application and our API we disabled the option to make direct request from a web application.


Get a barcode with details.

Get Barcode Details

Get the barcode details

GET https://api.cm.com/ticketingorderapi/v1.0/barcodes/{barcode_id}

POST Parameters

Type Name Description Required Example
Header Authorization Email Address (base64 encoded) True Basic am9obi5kb2VAY20uY29t
Header X-TF-APP-ID App Id provided by CM. True 00000000-0000-0000-0000-00000000000
Header Content-Type The content type which the application expects. True application/json
Path Variable barcode_id The barcode id True CMBR123AAAA


Http status Description Example
200 Successful operation Barcode Details Object
401 Unauthorized Info Message

Response: Barcode Details Object

    "barcode_id": "CMBR123AAAA",
    "type" : "QRCODE",
    "customer_data": {
        "uuid": "00000000-0000-0000-0000-000000000000",
        "cdp_key": "00000000-0000-0000-0000-000000000000",
        "first_name": "John",
        "last_name": "Doe",
        "email": "[email protected]"
    "ticket_type": {
        "uuid": "00000000-0000-0000-0000-000000000000",
        "name": {
            "nl": "Regular",
            "en": "Regular",
            "de": "Regular",
            "fr": "Regular"
        "subtitle": {
            "nl": "",
            "en": "",
            "de": "",
            "fr": ""