v1.0 live
The API for
live events
Webhooks, OAuth 2.0 + PKCE, and a complete REST API. Integrate Pullup into anything.
terminal
$ curl -X POST /api/webhook/DEV-A3K9-H "Content-Type: application/json"-d '{"event":"ticket.purchased"}'{"status":"received","id":"evt_8f3a"}
6Events
11Scopes
25+Endpoints
<50msLatency
Platform
Everything to integrate
A complete developer toolkit for building on Pullup.
Webhooks
Real-time event notifications with HMAC-SHA256 verification.
POST /api/v1/webhooks
{
"url": "https://you.com/hook",
"events": ["ticket.purchased"]
}OAuth 2.0 + PKCE
Secure auth code flow with 11 granular scopes.
GET /oauth/authorize ?response_type=code &client_id=oa_xxx &scope=events:read &code_challenge_method=S256
REST API
Full CRUD for events, tickets, check-ins, and stamps.
GET /api/v1/events GET /api/v1/tickets/:id POST /api/v1/checkin/scan GET /api/v1/passport/:user
Dev Dashboard
Unique webhook endpoint, live event stream, and token manager.
// Your unique endpoint POST /api/webhook/DEV-xxxx // Live event monitoring GET /api/events?user_id=DEV-xxxx
Signature Verification
Every payload signed with HMAC-SHA256.
const sig = headers["x-pullup-signature"]
const expected = hmac("sha256", secret, body)
assert(sig === expected)Event Lifecycle
6 event types covering ticket and check-in lifecycle.
ticket.purchased ticket.cancelled checkin.completed event.updated event.soldout stamp.awarded
webhooks.ts
POST /api/v1/webhooks
{
"url": "https://you.com/hook",
"events": ["ticket.purchased"]
}Permissions
OAuth Scopes
Request only what your app needs. All scopes follow resource:action convention.
profile:readView profile informationprofile:writeModify profile informationevents:readView events and detailsevents:writeCreate, update, delete eventstickets:readView and verify ticketstickets:writePurchase and transfer ticketscheckin:readView check-in datacheckin:writePerform check-in operationsstamps:readView stamps and collectionsstamps:writeAward stamps to userswebhooks:manageManage webhooks