Developer docs
Build ticketing into AT Protocol event apps.
Start with the architecture, roles, quickstart, and app setup model for Atmosphere Tickets.
Introduction
Atmosphere Tickets is not a consumer event app. It is the ticketing module that event apps call when they need paid tickets, limited free tickets, shared inventory, issued tickets, scanner truth, and payment-linked auditability.
The important product split is simple: event apps own discovery, pages, organizer UX, social context, widgets, SEO, emails, scanner interfaces, and attendee presentation. Tickets owns the scarce state that must remain correct across every compatible app.
Standard ticket APIs, app callbacks, delivery, and scanner verification are core integration surfaces. ATM adds the payment control plane, organizer approval gates, app fee policy, receiver delivery, and test/live separation around those ticket contracts.
Own the experience
Events, RSVP/social UX, ticket picker UI, organizer tools, scanner screens, attendee account views, and analytics.
Own ticket truth
Ticketed-event config, tiers, capacity, holds, issuance, QR/pass tokens, scanner grants, forms, waitlists, collaborations, refunds, voids, and audit state.
Own money movement
Checkout, settlement, app fees, receipts, refunds, payment dashboards, and attested.network payment proofs.
Top-level architecture
This is the core ticketing loop. Event apps own the public event surface and user experience. ATM Tickets owns scarce ticket state. ATM checkout owns payment collection. App callbacks and scanner calls close the loop.
Event app
Shows the event page, ticket picker, organizer UX, buyer account surfaces, and app-owned attendee/social workflows.
ATM Tickets
Reads availability, creates holds, enforces capacity, issues tickets, delivers passes, manages scanner grants, and keeps ticket truth private.
ATM checkout
Collects payment for paid tickets and confirms payment state to Tickets.
Issue tickets
Promotes a paid hold or free claim into issued tickets and safe presentation data.
App callback
Sends signed events such as tickets.issued so the app can show the ticket.
Scanner
Verifies opaque QR/pass tokens and records idempotent check-in.
Flow diagrams
These diagrams show the ticket-specific contract between event apps, ATM Tickets, ATM checkout, scanner staff, and app callbacks. Use them when explaining how one event can sell tickets across multiple compatible apps while keeping inventory and scan state private and consistent.
Organizer setup, event records, ticket holds, ATM checkout, ticket issuance, wallet/pass tokens, and scanner verification.
Organizer OAuth, app service-auth, buyer assertions, checkout redirects, optional public refs, and ticket-issued callbacks.
Choose integration
Tickets is infrastructure for event apps, scanner apps, organizer tools, and agents. Start with the path closest to your product, then wire only the modules you need.
Sell paid tickets
Use availability, paid holds, ATM checkout, tickets.issued events, and app-owned event pages.
Claim limited free tickets
Use app service-auth plus buyer assertions to issue scarce free tickets without checkout.
Verify entry
Use opaque QR/pass tokens, verifyTicket, and idempotent checkInTicket calls.
Configure ticketing
Use organizer assertions to create tiers, capacity groups, public offers, and check-in lists.
Use ATM docs for app setup.
App registration, payment setup, app fees, webhooks, XRPC receivers, environments, and dashboard operations are shared ATM concepts. Tickets docs focus on the ticket-specific calls and operational guarantees.
Open ATM app onboardingHow to read these docs
Use this page for the ticketing model and first integration path. Use Build for implementation details, Callbacks for delivery and redrive, Reference for exact schemas, and Operations for launch checks. The deep reference sections are intentionally detailed, but the overview should stay short.
Implementation recipes
Auth model, availability, holds, free claims, QR/pass tokens, and scanner calls.
Fulfillment truth
Ticket events, payload schemas, receiver options, webhook test commands, and redrive.
Exact contracts
Generated XRPC methods, lexicons, errors, security boundaries, and feature mapping.
Go-live checks
Sandbox walkthrough, testing cookbook, troubleshooting, and ATM payment boundary.
Quickstart
- Register your event app in ATM and enable the Tickets module in the test environment.
- Use your app DID to mint app service-auth for ticket XRPC calls.
- When an organizer creates paid ticketing, create ticket tiers and capacity groups through Tickets.
- On the event page, call availability before showing ticket purchase controls.
- Create a hold before sending the buyer to ATM checkout.
- Fulfill only after Tickets emits an issued-ticket event or your app reads issued tickets from the service.
Event page
GET tickets.atmosphere.getTicketAvailability
POST tickets.atmosphere.createTicketHold
redirect buyer to hold.checkout.url
ATM checkout
payment succeeds
ATM notifies Tickets
Tickets issues tickets
Tickets notifies originating app
Starter kit
Use the local Tickets starter before wiring a production event app. It proves availability, paid holds, free claims, webhook verification, optional XRPC receiver callbacks, and scan-token check-in against the ATM app sandbox.
The starter is intentionally framework-light. Copy the flow into Next.js, Hono, Workers, Express, Fastify, SvelteKit, or another trusted backend, but keep service-auth signing, ticket mutations, webhook secrets, and check-in calls on the server.
cd examples/tickets-node-app
cp .env.example .env
npm install
npm run dev
curl http://localhost:8788/health
curl http://localhost:8788/tickets/availability
| Availability | GET /tickets/availability calls tickets.atmosphere.getTicketAvailability. |
|---|---|
| Paid hold | POST /tickets/hold creates a scarce hold and returns an ATM checkout URL. |
| Free claim | POST /tickets/free-claim issues a limited free ticket without checkout. |
| Receiver | POST /webhooks/atm verifies Atm-Signature and Atm-Delivery-Id. |
| XRPC receiver | POST /xrpc/money.atmosphere.event.receive shows the optional AT Protocol callback shape. |
| Check-in | POST /tickets/check-in submits an opaque scan token to Tickets. |
Agent integration
These docs are written so an app developer or coding agent can wire Tickets from contracts alone. The safe path is the same for humans and agents: use a trusted backend, install the ATM App Node SDK, run local fixtures, verify callbacks, and keep all secrets and ticket mutations out of browser code.
Use the ATM App Node SDK
@atmosphere-money/app-node owns app service-auth calls, ticket holds, callbacks, and shared ATM payment helpers.
Use MCP for developer actions
The ATM MCP wrapper is for test-mode setup, fixture generation, receiver validation, delivery logs, and redrive checks.
No payment mutations from agents yet
Agents should not create live charges, refunds, organizer payout changes, or public repo writes unless the app developer explicitly wires that flow.
Machine-readable docs
/llms.txt and /llms-full.txt summarize the Tickets model for coding tools that prefer compact guidance.
Recommended agent prompt
Build a ticketing integration with Atmosphere Tickets.
Use @atmosphere-money/app-node on the app server.
Create holds before checkout, verify ATM callbacks before fulfillment,
and keep buyer PII, scan tokens, service-auth JWTs, and webhook secrets private.
Register in ATM
Event apps do not create a separate payment platform. They register as apps in ATM, enable the Tickets module, and keep test and live configuration separate. The organizer still completes payout setup in ATM before paid tickets can go on sale, and paid or scarce selling requires organizer approval of the app for ticket payments.
| Step | Configured in ATM | Why it matters |
|---|---|---|
| App profile | Display name, avatar, app URL, contact | Used for app dashboard, ticket/pass branding, and developer trust. |
| Modules | Payments, Tickets, optional future modules | Controls which XRPC/service surfaces the app can call. |
| Organizer approval | Ticket recipient approval for the app | Required before availability reads, paid holds, or free limited claims can run for an organizer-owned event. |
| Environment | Test first, live explicitly | Keeps app sandbox traffic separate from production ticket sales. |
| Receivers | HTTP webhook URL or optional XRPC receiver | ATM signs outbound events and stores delivery/redrive logs. |
| Fees | App fee and optional ATM support share | Routes app revenue without exposing Stripe platform access. |
Webhook URL can be added later.
ATM can mint an app secret and queue events before the app has a receiver endpoint. Delivery rows remain visible as configuration needed until the app adds a receiver and redrives them.
Register an ATM appApp onboarding checklist
This is the ATM setup checklist for a ticketing app. Details live in the ATM app dashboard guide; keep this page focused on the ticketing-specific requirements.
| App role | Sign into ATM with the app DID and request the app role. |
|---|---|
| Modules | Enable Payments and Tickets in the test environment. |
| Organizer approval | Request ticket recipient approval before reading availability or creating holds. |
| Receivers | Add HTTP webhook first; add XRPC receiver only if your app already hosts XRPC. |
| Service-auth | Copy the audience and method NSIDs into the app server. |
| Live access | Request live after hold, checkout, refund/void, free claim, and check-in tests pass. |
App dashboard manual
Tickets configuration starts in the ATM app dashboard. Event apps should treat ATM as the app control plane for modules, fee policy, service-auth details, receiver config, delivery logs, scanner grants, and test/live separation. Production event apps can also configure ticketed events, tiers, capacity groups, forms, waitlists, and check-in lists programmatically through app service-auth.
| Profile | Uses the app account's ATM profile name, avatar, description, and app URL. |
|---|---|
| Environments | Test and live have separate receiver URLs, signing secrets, event selection, and fee config. |
| Modules | Enable Payments and Tickets for paid ticketing; enable QR/pass options only when needed. |
| Ticketed events | Create or update app-scoped ticketed-event config with createTicketEvent / updateTicketEvent. |
| Fees | Configure app fee and optional ATM support share before checkout tests. |
| Scanner grants | Grant staff DIDs access to event/check-in-list contexts; never expose raw scan tokens in dashboard rows. |
| Receivers | Use HTTP webhooks by default or optional XRPC receiver if the event app already hosts XRPC. |
| Delivery logs | Inspect attempts, response codes, config-needed rows, failures, and redrive state. |
| Secrets | Rotate test and live secrets independently and keep them server-side. |
| Live review | Show passing hold, checkout, free claim, refund/void, and check-in tests before live traffic. |
First integration acceptance test
Use this as the pass/fail test for the first integration. The step-by-step implementation details live in Quickstart, Starter kit, Build first ticket app, and the Build page.
- Test environment has Payments and Tickets enabled.
- Organizer has approved the app for ticket selling in the target environment.
- Receiver verifies auth and deduplicates delivery id.
- Paid hold reserves capacity and returns ATM checkout URL.
- Payment success emits
tickets.issued. - Issued ticket appears through
listBuyerTickets. - Opaque scan token verifies and checks in exactly once.
No oversell
Concurrent holds never exceed tier or capacity-group limits.
Receiver safe
Webhook or XRPC callback verifies auth and deduplicates by delivery id.
Checkout truth
Browser return is UX only; ticket display waits for issued-ticket truth.
Private data
Buyer contact, scan token secrets, attendee answers, and check-in logs stay off protocol.
Build first ticket app
A ticketing integration has three actors: the event app, the organizer, and the buyer. The app owns the public event page and user experience. Tickets owns scarce inventory and issued-ticket truth. ATM owns payment and app events.
- Register the event app in ATM and enable Tickets in test mode.
- Create or reference a
community.lexicon.calendar.eventevent. - Create app-scoped ticketed-event config, ticket tiers, and capacity groups from the organizer UI or trusted app server.
- Request organizer approval for the selling app before availability, holds, or free claims.
- Render availability from
getTicketAvailability. - Create a hold when the buyer selects tickets.
- Redirect paid tickets to ATM checkout, or claim free tickets directly.
- Show tickets only after
tickets.issuedorlistBuyerTicketsconfirms issuance.
event app server
create organizer assertion
POST tickets.atmosphere.createTicketEvent
POST tickets.atmosphere.createTicketTier
POST tickets.atmosphere.createCapacityGroup
POST tickets.atmosphere.setTierForm
buyer clicks buy
GET tickets.atmosphere.getTicketAvailability
POST tickets.atmosphere.createTicketHold
redirect to ATM checkout
after payment
receive tickets.issued
show QR/pass from issued-ticket state
link to tickets.atmosphere.tickets for hosted ticket view
Integration lifecycle
A ticketing app usually integrates in stages. Each stage can ship independently as long as paid and scarce tickets always use Tickets for holds and issuance.
App setup
Register in ATM, enable Tickets in test, configure receiver events, and generate service-auth from the app DID.
Organizer setup
Organizer creates or approves app-scoped ticketed-event config, completes payout setup, and authorizes ticket tiers and capacity.
Buyer flow
App reads availability, creates a hold, free claim, or waitlist offer, then shows issued tickets only after Tickets confirms truth.
Entry and ops
Scanner verifies opaque tokens at scan.atmosphere.tickets, check-in is idempotent, refunds/voids revoke pass authority, and events are redriven if needed.
Architecture
Publish discovery, display, and social intent. Centralize scarce inventory, payment-linked issuance, and verification. Public repo records are excellent for catalog metadata; they are not suitable for serializable inventory writes across multiple apps.
| Public event graph | community.lexicon.calendar.event and community.lexicon.calendar.rsvp. |
|---|---|
| Public ticket catalog | tickets.atmosphere.ticketTier, capacityGroup, checkInList, and publicOffer. |
| Private Tickets service | Ticketed-event config, capacity ledger, holds, issued tickets, attendee data, forms, waitlists, scanner grants, QR secrets, check-in logs, refunds, and audit history. |
| Tickets hosts | tickets.atmosphere.tickets for hosted buyer tickets and scan.atmosphere.tickets for scanner PWA, both served by the ATM runtime for launch. |
| ATM payment service | Checkout, settlement, app fees, refunds, receipts, dashboard rows, and payment proofs. |
Reference deep links
Generated reference rows include direct links to raw lexicon JSON, field-level tables, API examples, and error handling. These anchors are intended for Discord, GitHub, and Tangled review threads.
Review the schema
Links to the source lexicon JSON in this repo.
Inspect contract shape
Jumps to generated field tables with required, nullable, limits, and descriptions.
Copy the flow
Jumps to request examples that show auth mode and common edge behavior.
Handle failure states
Jumps to the stable error code guidance for apps.