Ticketmaster SafeTix
Partners who are selling events powered by Ticketmaster SafeTix and authorized to fulfill the tickets for fans will receive an encrypted token from the Order Management API. Ticketmaster SafeTix is a new technology that reduces the risk of ticket fraud from stolen or illegal counterfeit tickets, provides event owners with greater control over their tickets and visibility into the individual fans who attend their events.
After receiving the encrypted token from the Order Management API, partners will need to pass the token to the Ticketmaster Secure Entry SDK to render the tickets within their app. To learn more about Ticketmaster SafeTix click here.
Partners will need to perform the following steps to integrate SafeTix:
- Integrate with Secure Entry SDK (iOS, Android, JavaScript) within your mobile web or app experience
- Pass a partner account ID for each unique user during checkout to associate the tickets with a partner account. (Partners should reuse the same account ID for each user).
- Call Order Management endpoint to retrieve the SafeTix Rotating Entry Token (RET) encrypted token
- If Delayed delivery is ON: Communicate to the ticket buyer, they will be able to view their tickets on the specified date.
- If Delayed delivery is OFF: Pass the encrypted token to the Secure Entry SDK to render the ticket.
- Continue to generate mobile and PDF tickets for non-Ticketmaster SafeTix events
Partner API Integration:
Overview
- Identify Safetix enabled/enforced events.
- Create a Host order including the Third-party account ID. (the unique account ID associated with the fans account in your system)
- Call Order Management API to get the order info and SafeTix (RET) encrypted token.
- Render the SafeTix encrypted token via the Secure Entry SDK. (Note: this will be a direct integration with Secure Entry SDK).
- Call Secure Render API to Refresh the Encrypted Token.
NOTE: Partners will need to refresh the token 20 hours prior to the start of the event and whenever the ticket is displayed in your app.
1] Identify Safetix enabled/enforced events
- Availability API response contains a Safetix Enabled Flag (“safeTixEnabled”) to identify the events.
2] Create Host Order
While creating a Host order
- In the add billing step include the Third-Party account ID in the request body (see the request below).
- Commit the cart after add billing step is successful.
NOTE : Please note that the third_party_account_id
sent in this step will be required to be sent as header x-user-id
when making a call to refresh the token.
Add Billing Request [PUT]
3] Call Order Management for Initial Encrypted Token
Call Order Management API to get the order info and the initial SafeTix encrypted token. This will be POST request and will include a request body with the following structure.
Order Management Request [POST]
/partners/v1/orders?order_token={order_token}?apikey={apikey}
Request Structure:
- (object)
deviceID
(string) - The device ID passed in the requestdeviceType
(string) - Acceptable Values: web, nativedeviceOS
(string) - Acceptable Values: ios, android, otherthird_party_account_id
(string) -The third party account id passed when adding billing.
Field | Char limit | Data type | Required | Description |
---|---|---|---|---|
device_id |
max 50 characters | string | Y | The device ID passed in the request |
device_type |
max 20 characters | string | Y | Acceptable Values: web, native |
device_os |
max 50 characters | string | Y | Acceptable Values: ios, android, other |
third_party_account_id |
max 100 characters | string | Y | The third party account id passed when adding billing. |
Order Management Response: When Delay Delivery Ticketing ON
Order Management Response with “Delay Ticketing” information When Delay Delivery is ON, the Order Management response includes the date in the ‘additional_info’ value when the secure entry token can be retrieved. Partners need to parse the value and message ticket buyer the date the secure entry token can be retrieved.
Order Management Response: When Delay Delivery Ticketing OFF
When Delay Delivery is OFF the Order Management response includes the Secure Entry Token.
Response Structure Secure Entry Data :
- `secure_entry_data(object)
render_type
(string)segment_type
(string)token
(string)
Secure Entry Data
Field | Data type | Required | Description |
---|---|---|---|
token |
string | Y | TBase64 Encoded (SecureTokenObject) |
render_type |
string | Y | Indicates the type of symbology that will be rendered: “rotating_symbology” – PDF417 Rotating Token with QR Code Fallback OR “barcode” – QR Code only |
segment_type |
string | Y | Indicates the type of segment |
error |
Object | N | Additional error codes if available |
Error
Field | Data type | Required | Description |
---|---|---|---|
code |
integer | Y | secureRender status code |
message |
String | Y | Additional information and textual description. |
4] Render the SafeTix encrypted token via the Secure Entry SDK
Overview:
- Pass Token to the Secure Entry SDK to render the Rotating Barcode
This integration applies to all digital tickets events that are enabled for SafeTix. The API will determine the event configuration, create the right token, and the SDK’s will render the correct barcode.
Secure Entry SDKs
- iOS: https://github.com/ticketmaster/iOS-SecureEntrySDK
- Android: https://github.com/ticketmaster/Android-SecureEntrySDK
- JavaScript: https://github.com/ticketmaster/JavaScript-SecureEntrySDK
NOTE :
- Partners will need to refresh the token 20 hours prior to the start of the event and whenever the ticket is displayed in your app.
5] Call Secure Render API to Refresh the Encrypted Token
Call Secure Render API and populate with the following required fields in the request structure:
Note :
- The seat information like the seat number, row, section and barcode are required when refreshing the token.
- Please note that the header
x-user-id
sent in this step should be same as thethird_party_account_id
sent when adding billing.
/marketplace/v1/securerender?apikey=YourAPIKey
Note : Please use POST /marketplace-staging/v1/securerender?apikey=YourAPIKey — For preprod environemnt
Request Structure:
- (object)
deviceID
(string)deviceType
(string)deviceOS
(string)tickets
(array) - tickets- {arrayitemobject} - ticket
eventId
(text) // Requiredsection
(text) // Requiredrow
(text) // Requiredseat
(text) // Requiredbarcode
(text) // Required
- {arrayitemobject} - ticket
Basic Flow Overview
1. GET /partners/v1/events/{event_id}/availability
2. POST /partners/v1/events/{event_id}/cart
3. PUT /partners/v1/events/{event_id}/cart/payment — This requires one additional field in the request body “third_party_account_id”:”12313131”. (when you send us the billing information you must also pass a unique user id.)
4. PUT /partners/v1/events/{event_id}/cart
5. POST /partners/v1/orders?order_token={order_token}?apikey={apikey} — To get the Initial Safetix token
6. POST /marketplace/v1/securerender?apikey=YourAPIKey — To refresh the token
Important Notes:
1. The header `x-user-id` sent in this step should be same as the `third_party_account_id` sent when adding billing.
2. Please use POST /marketplace-staging/v1/securerender?apikey=YourAPIKey --- For preprod environemnt
FAQ
1. How often must the token be refreshed? You should refresh the token anytime a fan opens and views a ticket within your app and 20 hours prior to the event. If you are unable to refresh the token when the fan views the ticket at the gate, then the SDK would attempt to use the token refreshed 20 hours prior. The token should still be valid. You do not need to refresh the token every 20 hours.
2. Why do we need the barcode for SafeTix events?
The barcode a required parameter for the SecureRender API. The barcode is returned in the* Order Management API* response. The barcode is used to determine if a valid ticket has been created before it generates the token. Partners are required to call Secure RenderAPI to refresh the SafeTix token and you pass the barcode in the request. The numerical value of the barcode does not change, the tokens changes.
3. What is the Device ID? This is a unique identifier specific to that device/app install. If you can’t get the hardware number, then you should send a unique identifier from that app on that specific device. It can be a GUID that is sticky to that app install. The deviceId must be unique which helps Ticketmaster better combat fraud and improve security. An order-uuid while unique will not help us differentiate the devices enough as a user who has two devices and two applications installed would give us the same deviceId. This will not work for our SafeTix system.
4. What if the user changes their phone or device? If a user changes the phone or device after receiving the barcode, you should send the device ID for the new phone or device.
5. How do you know when the event is SafeTix? Use the Order Management API response as your signal to determine when an event is using SafeTix. If you get a token, then you know the event is using SafeTix, and you should always use the SDK to display the token and the SecureRender API to refresh it. If you only get a barcode (without a token), then you know the event is not using SafeTix, and you can render a QR code.
6. What if the fan purchases a new phone in between ticket order and ticket redemption? We fully expect and anticipated this behavior. The Device ID you pass for the initial purchase can be different from the id you pass for refresh/redemption. The system supports this behavior.
7. Are partners required to use the Secure Render SDK to render the barcode?
Yes. We recommend partners integrators to use the TM Secure Render SDKs since that will avoid any inconsistency issue with rendering and scanning.
8. What is the SLA for the Order Management APi and Token Refresh? 1. Order Management: 800ms +/- with 99.50% uptime 2. Token Refresh: 500ms +/- with 99.99% uptime
9. Is there any recommended sizing for Safetix barcodes?