Evently
Stand-alone backend

Evently API · http://localhost:3100

The whole platform exposed as a stateless Express API with JWT Bearer auth. Same SQLite DB as the web app, but you can hit it from curl, Postman, mobile, or any external client.

Port 3100JWT 7-dayCORS openOpen API root →
Quickstart: Open a terminal, log in, save the token, then hit any endpoint.
# Get a token
TOKEN=$(curl -s -X POST http://localhost:3100/auth/login \
  -H "content-type: application/json" \
  -d '{"email":"organizer@evently.local","password":"evently123!"}' | jq -r .accessToken)

# Use it
curl http://localhost:3100/organizer/overview -H "Authorization: Bearer $TOKEN"

Auth

Get a token, attach as Bearer on subsequent calls.

POST/auth/register
Create a new attendee account. Returns a JWT.
curl -X POST http://localhost:3100/auth/register \
  -H "content-type: application/json" \
  -d '{
    "email": "newcomer@example.com",
    "password": "evently123!",
    "fullName": "Newcomer User"
  }'
POST/auth/login
Get a JWT for any seeded test account.
curl -X POST http://localhost:3100/auth/login \
  -H "content-type: application/json" \
  -d '{"email":"organizer@evently.local","password":"evently123!"}'

# Save the token:
TOKEN=$(curl -s -X POST http://localhost:3100/auth/login \
  -H "content-type: application/json" \
  -d '{"email":"admin@evently.local","password":"evently123!"}' \
  | jq -r .accessToken)
GET/auth/mebearer
Echo the current user from the Bearer token.
curl http://localhost:3100/auth/me -H "Authorization: Bearer $TOKEN"

Discovery

GET/events
List all published events (cheapest tier as "from" price).
curl http://localhost:3100/events
GET/events/:slug
Event detail with all ticket tiers.
curl http://localhost:3100/events/sunset-sessions-rooftop
GET/events/:slug/sessions
Companion-mode sessions (Mode B).
curl http://localhost:3100/events/devconnect-2026/sessions
GET/events/:slug/sponsors
Sponsor / exhibitor pages.
curl http://localhost:3100/events/devconnect-2026/sponsors

Private RSVP (Mode C)

POST/events/:slug/rsvp
Submit an RSVP for a private event.
curl -X POST http://localhost:3100/events/garden-brunch/rsvp \
  -H "content-type: application/json" \
  -d '{"guestName":"Test Guest","response":"yes","plusOnes":1}'
GET/events/:slug/rsvp
List RSVPs and a yes/maybe/no tally.
curl http://localhost:3100/events/garden-brunch/rsvp

Orders & Tickets (Mode A)

POST/orders
Create an order — atomic inventory decrement, idempotency-key guarded, currency-checked.
# First, fetch an event to get its id and a tier id:
EVENT=$(curl -s http://localhost:3100/events/sunset-sessions-rooftop)
EVENT_ID=$(echo $EVENT | jq -r .id)
TIER_ID=$(echo $EVENT | jq -r '.tiers[1].id')   # GA

curl -X POST http://localhost:3100/orders \
  -H "Authorization: Bearer $TOKEN" \
  -H "content-type: application/json" \
  -d "{
    \"eventId\": \"$EVENT_ID\",
    \"items\": [{\"ticketTypeId\": \"$TIER_ID\", \"quantity\": 2}],
    \"buyer\": {\"email\": \"attendee@evently.local\"},
    \"idempotencyKey\": \"$(uuidgen)\"
  }"
POST/orders/:id/confirm
Mock-confirm payment → issues tickets with rotating QR secrets.
curl -X POST http://localhost:3100/orders/<order_id>/confirm
GET/orders/:id
Order detail.
curl http://localhost:3100/orders/<order_id>
GET/me/walletbearer
List a user’s tickets with fresh 60s-rotating QR payloads.
curl http://localhost:3100/me/wallet -H "Authorization: Bearer $TOKEN"

Check-in / Scanner

POST/scansorganizer
Validate a QR. Returns valid / already_used / refunded / invalid.
curl -X POST http://localhost:3100/scans \
  -H "Authorization: Bearer $ORG_TOKEN" \
  -H "content-type: application/json" \
  -d '{"qrPayload":"<paste from /me/wallet>","gate":"Gate A"}'

Venue marketplace (Mode E)

GET/venues
Browse venues.
curl http://localhost:3100/venues
GET/venues/:slug
Venue detail with parsed amenities.
curl http://localhost:3100/venues/skyline-lounge
POST/venues/:slug/inquiries
Submit a booking inquiry. Visible in the Venue Console inbox.
curl -X POST http://localhost:3100/venues/skyline-lounge/inquiries \
  -H "content-type: application/json" \
  -d '{
    "contactName":"Test Lead",
    "contactEmail":"lead@example.com",
    "expectedGuests": 350,
    "eventType":"corporate"
  }'

Organizer Console

GET/organizer/overvieworganizer
Dashboard KPIs for the signed-in organizer.
curl http://localhost:3100/organizer/overview -H "Authorization: Bearer $TOKEN"
GET/organizer/eventsorganizer
All events for this organizer.
curl http://localhost:3100/organizer/events -H "Authorization: Bearer $TOKEN"
GET/organizer/attendeesorganizer
CRM list — orders + buyer email + status.
curl http://localhost:3100/organizer/attendees -H "Authorization: Bearer $TOKEN"

Super Admin

GET/admin/healthadmin
Platform-wide KPIs.
curl http://localhost:3100/admin/health -H "Authorization: Bearer $ADMIN_TOKEN"
GET/admin/fraudadmin
Fraud signals.
curl http://localhost:3100/admin/fraud -H "Authorization: Bearer $ADMIN_TOKEN"
GET/admin/moderationadmin
Moderation queue.
curl http://localhost:3100/admin/moderation -H "Authorization: Bearer $ADMIN_TOKEN"
PATCH/admin/moderation/:idadmin
Move a case (open/in_review/taken_down/dismissed). Writes audit log.
curl -X PATCH http://localhost:3100/admin/moderation/<case_id> \
  -H "Authorization: Bearer $ADMIN_TOKEN" \
  -H "content-type: application/json" \
  -d '{"status":"in_review","notes":"checking with organizer"}'
GET/admin/flagsadmin
Feature flags with rollout %.
curl http://localhost:3100/admin/flags -H "Authorization: Bearer $ADMIN_TOKEN"
PATCH/admin/flags/:keyadmin
Update rollout / enabled. Writes audit log.
curl -X PATCH http://localhost:3100/admin/flags/whatsapp_drops \
  -H "Authorization: Bearer $ADMIN_TOKEN" \
  -H "content-type: application/json" \
  -d '{"rollout":50,"enabled":true}'
GET/admin/auditadmin
Last 200 audit log entries.
curl http://localhost:3100/admin/audit -H "Authorization: Bearer $ADMIN_TOKEN"