Authentication

Authentication

Our API can be used for public anonymous use without an access token e.g. the following query will return a list of publicly available events.

query {
  viewer {
    getEvents {
      items {
        name
        startDate
      }
    }
  }
}

Providing an authentication token with the viewer allows access to additional API features, data records, and attributes depending on the user roles associated with the token e.g. the following query will return a list of publicly available events, and additionally any unannounced events that the user has access to see, and additional event data such as allocations.

query {
  viewer(token: "your-token-here") {
    getEvents {
      items {
        name
        startDate
      }
    }
  }
}

The login mutation is used to obtain a JSON Web Token (JWT) for authentication which can be used for subsequent requests as shown above.

mutation {
  login(username: "your-username", password: "your-password")
}

Long Lasting Tokens

For integrations, upon request Moshtix can generate long lasting programmatic tokens which are scoped to a client account, avoiding the need to log in regularly. To request a long lasting token, please use the chat/message feature of this website to get in touch with our developers.

Authentication tokens can be inspected to determine the associated user/clients/permissions/roles by decoding the JWT. Website's like https://jwt.io/ make this easy, simply paste the token in and review the decoded details.

OAuth

Currently we do not support OAuth, clients can request an integration token from their account manager, which can then be provided to integration partner platforms.

We intend to make this a self serve process soon, and hope to ultimately implement an OAuth flow in future, though this is not currently scheduled.

Our APIQueries
Copyright © 2025 Moshtix Pty Ltd