Developer docs

Build ticketing into AT Protocol event apps.

Start with the architecture, roles, quickstart, and app setup model for Atmosphere Tickets.

Developer beta SDK beta 0.0.0-beta.2 29 ticket lexicons Multi-app shared config roadmap

Introduction

Atmosphere Tickets is not a consumer event app. It is the ticketing module that event apps call when they need paid tickets, limited free tickets, shared inventory, issued tickets, scanner truth, and payment-linked auditability.

The important product split is simple: event apps own discovery, pages, organizer UX, social context, widgets, SEO, emails, scanner interfaces, and attendee presentation. Tickets owns the scarce state that must remain correct across every compatible app.

Standard ticket APIs, app callbacks, delivery, and scanner verification are core integration surfaces. ATM adds the payment control plane, organizer approval gates, app fee policy, receiver delivery, and test/live separation around those ticket contracts.

Event apps

Own the experience

Events, RSVP/social UX, ticket picker UI, organizer tools, scanner screens, attendee account views, and analytics.

Tickets

Own ticket truth

Ticketed-event config, tiers, capacity, holds, issuance, QR/pass tokens, scanner grants, forms, waitlists, collaborations, refunds, voids, and audit state.

ATM

Own money movement

Checkout, settlement, app fees, receipts, refunds, payment dashboards, and attested.network payment proofs.

Top-level architecture

This is the core ticketing loop. Event apps own the public event surface and user experience. ATM Tickets owns scarce ticket state. ATM checkout owns payment collection. App callbacks and scanner calls close the loop.

01

Event app

Shows the event page, ticket picker, organizer UX, buyer account surfaces, and app-owned attendee/social workflows.

02

ATM Tickets

Reads availability, creates holds, enforces capacity, issues tickets, delivers passes, manages scanner grants, and keeps ticket truth private.

03

ATM checkout

Collects payment for paid tickets and confirms payment state to Tickets.

04

Issue tickets

Promotes a paid hold or free claim into issued tickets and safe presentation data.

05

App callback

Sends signed events such as tickets.issued so the app can show the ticket.

06

Scanner

Verifies opaque QR/pass tokens and records idempotent check-in.

Flow diagrams

These diagrams show the ticket-specific contract between event apps, ATM Tickets, ATM checkout, scanner staff, and app callbacks. Use them when explaining how one event can sell tickets across multiple compatible apps while keeping inventory and scan state private and consistent.

Multi-app ticket purchase and scan flow
Multi-app ticket purchase and scan flow

Organizer setup, event records, ticket holds, ATM checkout, ticket issuance, wallet/pass tokens, and scanner verification.

App and user auth model
App and user auth model

Organizer OAuth, app service-auth, buyer assertions, checkout redirects, optional public refs, and ticket-issued callbacks.

Choose integration

Tickets is infrastructure for event apps, scanner apps, organizer tools, and agents. Start with the path closest to your product, then wire only the modules you need.

Event app

Sell paid tickets

Use availability, paid holds, ATM checkout, tickets.issued events, and app-owned event pages.

Free event app

Claim limited free tickets

Use app service-auth plus buyer assertions to issue scarce free tickets without checkout.

Scanner app

Verify entry

Use opaque QR/pass tokens, verifyTicket, and idempotent checkInTicket calls.

Organizer tool

Configure ticketing

Use organizer assertions to create tiers, capacity groups, public offers, and check-in lists.

Use ATM docs for app setup.

App registration, payment setup, app fees, webhooks, XRPC receivers, environments, and dashboard operations are shared ATM concepts. Tickets docs focus on the ticket-specific calls and operational guarantees.

Open ATM app onboarding

How to read these docs

Use this page for the ticketing model and first integration path. Use Build for implementation details, Callbacks for delivery and redrive, Reference for exact schemas, and Operations for launch checks. The deep reference sections are intentionally detailed, but the overview should stay short.

Build

Implementation recipes

Auth model, availability, holds, free claims, QR/pass tokens, and scanner calls.

Callbacks

Fulfillment truth

Ticket events, payload schemas, receiver options, webhook test commands, and redrive.

Reference

Exact contracts

Generated XRPC methods, lexicons, errors, security boundaries, and feature mapping.

Operations

Go-live checks

Sandbox walkthrough, testing cookbook, troubleshooting, and ATM payment boundary.

Quickstart

  1. Register your event app in ATM and enable the Tickets module in the test environment.
  2. Use your app DID to mint app service-auth for ticket XRPC calls.
  3. When an organizer creates paid ticketing, create ticket tiers and capacity groups through Tickets.
  4. On the event page, call availability before showing ticket purchase controls.
  5. Create a hold before sending the buyer to ATM checkout.
  6. Fulfill only after Tickets emits an issued-ticket event or your app reads issued tickets from the service.
Event page
  GET  tickets.atmosphere.getTicketAvailability
  POST tickets.atmosphere.createTicketHold
  redirect buyer to hold.checkout.url

ATM checkout
  payment succeeds
  ATM notifies Tickets
  Tickets issues tickets
  Tickets notifies originating app

Starter kit

Use the local Tickets starter before wiring a production event app. It proves availability, paid holds, free claims, webhook verification, optional XRPC receiver callbacks, and scan-token check-in against the ATM app sandbox.

The starter is intentionally framework-light. Copy the flow into Next.js, Hono, Workers, Express, Fastify, SvelteKit, or another trusted backend, but keep service-auth signing, ticket mutations, webhook secrets, and check-in calls on the server.

cd examples/tickets-node-app
cp .env.example .env
npm install
npm run dev

curl http://localhost:8788/health
curl http://localhost:8788/tickets/availability
AvailabilityGET /tickets/availability calls tickets.atmosphere.getTicketAvailability.
Paid holdPOST /tickets/hold creates a scarce hold and returns an ATM checkout URL.
Free claimPOST /tickets/free-claim issues a limited free ticket without checkout.
ReceiverPOST /webhooks/atm verifies Atm-Signature and Atm-Delivery-Id.
XRPC receiverPOST /xrpc/money.atmosphere.event.receive shows the optional AT Protocol callback shape.
Check-inPOST /tickets/check-in submits an opaque scan token to Tickets.

Agent integration

These docs are written so an app developer or coding agent can wire Tickets from contracts alone. The safe path is the same for humans and agents: use a trusted backend, install the ATM App Node SDK, run local fixtures, verify callbacks, and keep all secrets and ticket mutations out of browser code.

Default package

Use the ATM App Node SDK

@atmosphere-money/app-node owns app service-auth calls, ticket holds, callbacks, and shared ATM payment helpers.

Local tooling

Use MCP for developer actions

The ATM MCP wrapper is for test-mode setup, fixture generation, receiver validation, delivery logs, and redrive checks.

Guardrail

No payment mutations from agents yet

Agents should not create live charges, refunds, organizer payout changes, or public repo writes unless the app developer explicitly wires that flow.

Discovery

Machine-readable docs

/llms.txt and /llms-full.txt summarize the Tickets model for coding tools that prefer compact guidance.

Recommended agent prompt

Build a ticketing integration with Atmosphere Tickets.
Use @atmosphere-money/app-node on the app server.
Create holds before checkout, verify ATM callbacks before fulfillment,
and keep buyer PII, scan tokens, service-auth JWTs, and webhook secrets private.

Register in ATM

Event apps do not create a separate payment platform. They register as apps in ATM, enable the Tickets module, and keep test and live configuration separate. The organizer still completes payout setup in ATM before paid tickets can go on sale, and paid or scarce selling requires organizer approval of the app for ticket payments.

StepConfigured in ATMWhy it matters
App profileDisplay name, avatar, app URL, contactUsed for app dashboard, ticket/pass branding, and developer trust.
ModulesPayments, Tickets, optional future modulesControls which XRPC/service surfaces the app can call.
Organizer approvalTicket recipient approval for the appRequired before availability reads, paid holds, or free limited claims can run for an organizer-owned event.
EnvironmentTest first, live explicitlyKeeps app sandbox traffic separate from production ticket sales.
ReceiversHTTP webhook URL or optional XRPC receiverATM signs outbound events and stores delivery/redrive logs.
FeesApp fee and optional ATM support shareRoutes app revenue without exposing Stripe platform access.

Webhook URL can be added later.

ATM can mint an app secret and queue events before the app has a receiver endpoint. Delivery rows remain visible as configuration needed until the app adds a receiver and redrives them.

Register an ATM app

App onboarding checklist

This is the ATM setup checklist for a ticketing app. Details live in the ATM app dashboard guide; keep this page focused on the ticketing-specific requirements.

App roleSign into ATM with the app DID and request the app role.
ModulesEnable Payments and Tickets in the test environment.
Organizer approvalRequest ticket recipient approval before reading availability or creating holds.
ReceiversAdd HTTP webhook first; add XRPC receiver only if your app already hosts XRPC.
Service-authCopy the audience and method NSIDs into the app server.
Live accessRequest live after hold, checkout, refund/void, free claim, and check-in tests pass.

App dashboard manual

Tickets configuration starts in the ATM app dashboard. Event apps should treat ATM as the app control plane for modules, fee policy, service-auth details, receiver config, delivery logs, scanner grants, and test/live separation. Production event apps can also configure ticketed events, tiers, capacity groups, forms, waitlists, and check-in lists programmatically through app service-auth.

ProfileUses the app account's ATM profile name, avatar, description, and app URL.
EnvironmentsTest and live have separate receiver URLs, signing secrets, event selection, and fee config.
ModulesEnable Payments and Tickets for paid ticketing; enable QR/pass options only when needed.
Ticketed eventsCreate or update app-scoped ticketed-event config with createTicketEvent / updateTicketEvent.
FeesConfigure app fee and optional ATM support share before checkout tests.
Scanner grantsGrant staff DIDs access to event/check-in-list contexts; never expose raw scan tokens in dashboard rows.
ReceiversUse HTTP webhooks by default or optional XRPC receiver if the event app already hosts XRPC.
Delivery logsInspect attempts, response codes, config-needed rows, failures, and redrive state.
SecretsRotate test and live secrets independently and keep them server-side.
Live reviewShow passing hold, checkout, free claim, refund/void, and check-in tests before live traffic.

First integration acceptance test

Use this as the pass/fail test for the first integration. The step-by-step implementation details live in Quickstart, Starter kit, Build first ticket app, and the Build page.

  1. Test environment has Payments and Tickets enabled.
  2. Organizer has approved the app for ticket selling in the target environment.
  3. Receiver verifies auth and deduplicates delivery id.
  4. Paid hold reserves capacity and returns ATM checkout URL.
  5. Payment success emits tickets.issued.
  6. Issued ticket appears through listBuyerTickets.
  7. Opaque scan token verifies and checks in exactly once.
Pass condition

No oversell

Concurrent holds never exceed tier or capacity-group limits.

Pass condition

Receiver safe

Webhook or XRPC callback verifies auth and deduplicates by delivery id.

Pass condition

Checkout truth

Browser return is UX only; ticket display waits for issued-ticket truth.

Pass condition

Private data

Buyer contact, scan token secrets, attendee answers, and check-in logs stay off protocol.

Build first ticket app

A ticketing integration has three actors: the event app, the organizer, and the buyer. The app owns the public event page and user experience. Tickets owns scarce inventory and issued-ticket truth. ATM owns payment and app events.

  1. Register the event app in ATM and enable Tickets in test mode.
  2. Create or reference a community.lexicon.calendar.event event.
  3. Create app-scoped ticketed-event config, ticket tiers, and capacity groups from the organizer UI or trusted app server.
  4. Request organizer approval for the selling app before availability, holds, or free claims.
  5. Render availability from getTicketAvailability.
  6. Create a hold when the buyer selects tickets.
  7. Redirect paid tickets to ATM checkout, or claim free tickets directly.
  8. Show tickets only after tickets.issued or listBuyerTickets confirms issuance.
event app server
  create organizer assertion
  POST tickets.atmosphere.createTicketEvent
  POST tickets.atmosphere.createTicketTier
  POST tickets.atmosphere.createCapacityGroup
  POST tickets.atmosphere.setTierForm

buyer clicks buy
  GET tickets.atmosphere.getTicketAvailability
  POST tickets.atmosphere.createTicketHold
  redirect to ATM checkout

after payment
  receive tickets.issued
  show QR/pass from issued-ticket state
  link to tickets.atmosphere.tickets for hosted ticket view

Integration lifecycle

A ticketing app usually integrates in stages. Each stage can ship independently as long as paid and scarce tickets always use Tickets for holds and issuance.

01

App setup

Register in ATM, enable Tickets in test, configure receiver events, and generate service-auth from the app DID.

02

Organizer setup

Organizer creates or approves app-scoped ticketed-event config, completes payout setup, and authorizes ticket tiers and capacity.

03

Buyer flow

App reads availability, creates a hold, free claim, or waitlist offer, then shows issued tickets only after Tickets confirms truth.

04

Entry and ops

Scanner verifies opaque tokens at scan.atmosphere.tickets, check-in is idempotent, refunds/voids revoke pass authority, and events are redriven if needed.

Architecture

Publish discovery, display, and social intent. Centralize scarce inventory, payment-linked issuance, and verification. Public repo records are excellent for catalog metadata; they are not suitable for serializable inventory writes across multiple apps.

Public event graphcommunity.lexicon.calendar.event and community.lexicon.calendar.rsvp.
Public ticket catalogtickets.atmosphere.ticketTier, capacityGroup, checkInList, and publicOffer.
Private Tickets serviceTicketed-event config, capacity ledger, holds, issued tickets, attendee data, forms, waitlists, scanner grants, QR secrets, check-in logs, refunds, and audit history.
Tickets hoststickets.atmosphere.tickets for hosted buyer tickets and scan.atmosphere.tickets for scanner PWA, both served by the ATM runtime for launch.
ATM payment serviceCheckout, settlement, app fees, refunds, receipts, dashboard rows, and payment proofs.