MENU navbar-image

Introduction

This documentation aims to provide all the information you need to work with our API.

<aside>As you scroll, you'll see code examples for working with the API in different programming languages in the dark area to the right (or as part of the content on mobile).
You can switch the language used with the tabs at the top right (or from the nav menu at the top left on mobile).</aside>

Authenticating requests

To authenticate requests, include an Authorization header with the value "Bearer {YOUR_AUTH_KEY}".

All authenticated endpoints are marked with a requires authentication badge in the documentation below.

You can retrieve your token by visiting your dashboard and clicking Generate API token.

Authentication

Login

Inicia sesión sin requerir guard. Detecta automáticamente si usar platform o tenant. Devuelve token con abilities (guard/team), roles y permisos, y todas las membresías del usuario.

Example request:
curl --request POST \
    "https://api.ciberticket.co/api/login" \
    --header "X-Tenant: string optional Team/Tenant deseado (si se envía, fuerza login en tenant)." \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"login\": \"edinson.vasquez@example.com\",
    \"password\": \"secret123\",
    \"remember\": true
}"

const url = new URL(
    "https://api.ciberticket.co/api/login"
);

const headers = {
    "X-Tenant": "string optional Team/Tenant deseado (si se envía, fuerza login en tenant).",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "login": "edinson.vasquez@example.com",
    "password": "secret123",
    "remember": true
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (200):


{
    "message": "Login successful",
    "user": {
        "id": 7,
        "name": "Edinson",
        "email": "edinson.vasquez@example.com"
    },
    "token": "47|...",
    "guard": "platform",
    "team_id": null,
    "roles": {
        "platform": [
            "owner"
        ],
        "tenant": []
    },
    "permissions": {
        "platform": [
            "core.owner.index"
        ],
        "tenant": []
    },
    "memberships": [
        {
            "tenant_id": "web",
            "tenant_name": "CiberLoto Web",
            "roles": [
                "admin"
            ],
            "permissions": [
                "tenant.event.create"
            ]
        },
        {
            "tenant_id": "store-1",
            "tenant_name": "CiberSnacks Tienda 1",
            "roles": [
                "viewer"
            ],
            "permissions": [
                "tenant.event.view"
            ]
        }
    ]
}

Request      

POST api/login

Headers

X-Tenant      

Example: string optional Team/Tenant deseado (si se envía, fuerza login en tenant).

Content-Type      

Example: application/json

Accept      

Example: application/json

Body Parameters

login   string   

Email o user_name. Example: edinson.vasquez@example.com

password   string   

Contraseña. Example: secret123

remember   boolean  optional  

Mantener sesión (si el guard es stateful). Example: true

Core

Owner - List all owners.

requires authentication

This endpoint retrieves all users who have the "owner" role assigned.

Example request:
curl --request GET \
    --get "https://api.ciberticket.co/api/core/owner" \
    --header "Authorization: Bearer {YOUR_AUTH_KEY}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "https://api.ciberticket.co/api/core/owner"
);

const headers = {
    "Authorization": "Bearer {YOUR_AUTH_KEY}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


[
    {
        "id": 1,
        "name": "John",
        "surname": "Doe",
        "email": "john.doe@example.com",
        "phone": "+57 3001234567",
        "avatar_url": "https://example.com/avatar.jpg",
        "locale": "es",
        "timezone": "America/Bogota",
        "status": "active"
    },
    {
        "id": 2,
        "name": "Jane",
        "surname": "Smith",
        "email": "jane.smith@example.com",
        "phone": "+57 3019876543",
        "avatar_url": null,
        "locale": "en",
        "timezone": "UTC",
        "status": "active"
    }
]

Request      

GET api/core/owner

Headers

Authorization      

Example: Bearer {YOUR_AUTH_KEY}

Content-Type      

Example: application/json

Accept      

Example: application/json

Owner - Create a new Owner user

requires authentication

This endpoint allows you to create a new Owner user. The user is not yet associated with any tenant. By default, the role owner will be assigned in the tenant guard.

Example request:
curl --request POST \
    "https://api.ciberticket.co/api/core/owner" \
    --header "Authorization: Bearer {YOUR_AUTH_KEY}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"name\": \"John\",
    \"surname\": \"Doe\",
    \"email\": \"john.doe@example.com\",
    \"phone_code\": \"+57\",
    \"phone\": \"31812345678\",
    \"password\": \"myStrongP@ssw0rd\",
    \"avatar_url\": \"https:\\/\\/example.com\\/avatar.jpg\",
    \"locale\": \"en\",
    \"timezone\": \"America\\/New_York\",
    \"password_confirmation\": \"myStrongP@ssw0rd\"
}"

const url = new URL(
    "https://api.ciberticket.co/api/core/owner"
);

const headers = {
    "Authorization": "Bearer {YOUR_AUTH_KEY}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "name": "John",
    "surname": "Doe",
    "email": "john.doe@example.com",
    "phone_code": "+57",
    "phone": "31812345678",
    "password": "myStrongP@ssw0rd",
    "avatar_url": "https:\/\/example.com\/avatar.jpg",
    "locale": "en",
    "timezone": "America\/New_York",
    "password_confirmation": "myStrongP@ssw0rd"
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (201):


{
  "message": "Owner successfully created",
  "user": {
    "id": 1,
    "name": "John",
    "surname": "Doe",
    "email": "john.doe@example.com",
    "phone_code": "+57",
    "phone": "3181234567",
  },
  "roles": ["owner"]
}

Request      

POST api/core/owner

Headers

Authorization      

Example: Bearer {YOUR_AUTH_KEY}

Content-Type      

Example: application/json

Accept      

Example: application/json

Body Parameters

name   string   

The first name of the user. Example: John

surname   string   

The surname of the user. Example: Doe

email   string   

The email address of the user. Must be unique. Example: john.doe@example.com

phone_code   string   

The phone code of the user. Example: +57

phone   string   

The phone number of the user. Must be unique. Example: 31812345678

password   string   

The password for the user account. Must be at least 8 characters. Example: myStrongP@ssw0rd

avatar_url   string  optional  

optional The URL of the avatar image. Example: https://example.com/avatar.jpg

locale   string  optional  

optional The preferred locale of the user. Example: en

timezone   string  optional  

optional The preferred timezone of the user. Example: America/New_York

password_confirmation   string   

The password confirmation. Must match the password field. Example: myStrongP@ssw0rd

Owner - Update an existing user.

requires authentication

This endpoint allows updating an existing user. You can change personal information, email, phone, avatar, locale, timezone, and optionally update the password.

Example request:
curl --request PUT \
    "https://api.ciberticket.co/api/core/owner/architecto" \
    --header "Authorization: Bearer {YOUR_AUTH_KEY}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"name\": \"John\",
    \"surname\": \"Doe\",
    \"email\": \"john.doe@example.com\",
    \"phone\": \"3001234567\",
    \"avatar_url\": \"https:\\/\\/example.com\\/avatar.jpg\",
    \"locale\": \"en\",
    \"timezone\": \"UTC\",
    \"password\": \"password123\",
    \"password_confirmation\": \"password123\"
}"

const url = new URL(
    "https://api.ciberticket.co/api/core/owner/architecto"
);

const headers = {
    "Authorization": "Bearer {YOUR_AUTH_KEY}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "name": "John",
    "surname": "Doe",
    "email": "john.doe@example.com",
    "phone": "3001234567",
    "avatar_url": "https:\/\/example.com\/avatar.jpg",
    "locale": "en",
    "timezone": "UTC",
    "password": "password123",
    "password_confirmation": "password123"
};

fetch(url, {
    method: "PUT",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (201):


{
    "message": "Owner successfully updated",
    "user": {
        "id": 5,
        "name": "John",
        "surname": "Doe",
        "email": "john.doe@example.com",
        "phone_code": "+57",
        "phone": "3001234567"
    },
    "roles": [
        "owner"
    ]
}

Example response (422):


{
    "message": "The given data was invalid.",
    "errors": {
        "email": [
            "The email has already been taken."
        ]
    }
}

Request      

PUT api/core/owner/{id}

Headers

Authorization      

Example: Bearer {YOUR_AUTH_KEY}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   string   

The ID of the owner. Example: architecto

Body Parameters

name   string   

The first name of the user. Example: John

surname   string   

The surname of the user. Example: Doe

email   string   

The email address of the user. Must be unique. Example: john.doe@example.com

phone   string  optional  

The user phone number (without country code). Example: 3001234567

avatar_url   string  optional  

The URL of the user avatar. Example: https://example.com/avatar.jpg

locale   string  optional  

The user locale/language. Default: es. Example: en

timezone   string  optional  

The user timezone. Default: America/Bogota. Example: UTC

password   string  optional  

The new password for the user. Must be at least 8 characters. Example: password123

password_confirmation   string  optional  

The password confirmation. Example: password123

Owner - Show user by ID.

requires authentication

This endpoint retrieves the details of a specific user by their ID.

Example request:
curl --request GET \
    --get "https://api.ciberticket.co/api/core/owner/1" \
    --header "Authorization: Bearer {YOUR_AUTH_KEY}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "https://api.ciberticket.co/api/core/owner/1"
);

const headers = {
    "Authorization": "Bearer {YOUR_AUTH_KEY}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


{
    "id": 1,
    "name": "John",
    "surname": "Doe",
    "email": "john.doe@example.com",
    "phone": "+57 3001234567",
    "avatar_url": "https://example.com/avatar.jpg",
    "locale": "es",
    "timezone": "America/Bogota",
    "status": "active",
    "created_at": "2025-01-15T10:00:00.000000Z",
    "updated_at": "2025-02-20T14:35:00.000000Z"
}

Example response (404):


{
    "message": "No query results for model [App\\Models\\User] 999"
}

Request      

GET api/core/owner/{id}

Headers

Authorization      

Example: Bearer {YOUR_AUTH_KEY}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   string   

The ID of the user. Example: 1

Owner - Delete (soft) a user.

requires authentication

This endpoint marks an existing user as deleted by updating their status field to deleted. The user record is not physically removed from the database.

Example request:
curl --request DELETE \
    "https://api.ciberticket.co/api/core/owner/10" \
    --header "Authorization: Bearer {YOUR_AUTH_KEY}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "https://api.ciberticket.co/api/core/owner/10"
);

const headers = {
    "Authorization": "Bearer {YOUR_AUTH_KEY}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "DELETE",
    headers,
}).then(response => response.json());

Example response (200):


{
    "message": "Owner successfully deleted"
}

Example response (404):


{
    "message": "Owner not found or unauthorized."
}

Request      

DELETE api/core/owner/{id}

Headers

Authorization      

Example: Bearer {YOUR_AUTH_KEY}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   integer   

The ID of the user to delete. Example: 10

Tenant - Crear tenant (ASYNC provisioning)

requires authentication

Example request:
curl --request POST \
    "https://api.ciberticket.co/api/core/tenant" \
    --header "Authorization: Bearer {YOUR_AUTH_KEY}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"id\": \"web\",
    \"domain\": \"web.cibertickets.co\",
    \"brand_name\": \"CiberTickets\",
    \"currency\": \"COP\",
    \"timezone\": \"America\\/Bogota\",
    \"contact_email\": \"soporte@cibertickets.co\",
    \"logo_url\": \"https:\\/\\/www.gulgowski.com\\/nihil-accusantium-harum-mollitia-modi-deserunt\",
    \"logo_light_url\": \"http:\\/\\/www.dubuque.net\\/quo-omnis-nostrum-aut-adipisci\",
    \"logo_dark_url\": \"https:\\/\\/cronin.com\\/incidunt-iure-odit-et-et-modi-ipsum.html\",
    \"favicon_url\": \"http:\\/\\/www.predovic.biz\\/consequatur-aut-dolores-enim-non-facere-tempora.html\",
    \"font_heading\": \"t\",
    \"font_body\": \"u\",
    \"rounded_ui\": false,
    \"border_radius\": 3,
    \"brand_domain\": \"w\",
    \"brand_support_url\": \"https:\\/\\/labadie.com\\/deleniti-distinctio-eum-doloremque-id-aut.html\",
    \"social_links\": {
        \"instagram\": \"q\",
        \"facebook\": \"b\",
        \"x\": \"e\",
        \"tiktok\": \"w\",
        \"youtube\": \"t\"
    }
}"

const url = new URL(
    "https://api.ciberticket.co/api/core/tenant"
);

const headers = {
    "Authorization": "Bearer {YOUR_AUTH_KEY}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "id": "web",
    "domain": "web.cibertickets.co",
    "brand_name": "CiberTickets",
    "currency": "COP",
    "timezone": "America\/Bogota",
    "contact_email": "soporte@cibertickets.co",
    "logo_url": "https:\/\/www.gulgowski.com\/nihil-accusantium-harum-mollitia-modi-deserunt",
    "logo_light_url": "http:\/\/www.dubuque.net\/quo-omnis-nostrum-aut-adipisci",
    "logo_dark_url": "https:\/\/cronin.com\/incidunt-iure-odit-et-et-modi-ipsum.html",
    "favicon_url": "http:\/\/www.predovic.biz\/consequatur-aut-dolores-enim-non-facere-tempora.html",
    "font_heading": "t",
    "font_body": "u",
    "rounded_ui": false,
    "border_radius": 3,
    "brand_domain": "w",
    "brand_support_url": "https:\/\/labadie.com\/deleniti-distinctio-eum-doloremque-id-aut.html",
    "social_links": {
        "instagram": "q",
        "facebook": "b",
        "x": "e",
        "tiktok": "w",
        "youtube": "t"
    }
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (202):


{
    "message": "Tenant provisioning queued",
    "data": {
        "id": "web",
        "domain": "web.cibertickets.co",
        "owner_id": 7,
        "provisioning": "queued"
    }
}

Request      

POST api/core/tenant

Headers

Authorization      

Example: Bearer {YOUR_AUTH_KEY}

Content-Type      

Example: application/json

Accept      

Example: application/json

Body Parameters

id   string   

Slug único del tenant. Example: web

domain   string  optional  

Dominio del tenant. Example: web.cibertickets.co

brand_name   string   

Example: CiberTickets

currency   string   

Example: COP

timezone   string   

Example: America/Bogota

contact_email   string   

Example: soporte@cibertickets.co

logo_url   string  optional  

Opcionales estéticos (si los pasas ahora; si no, el Job pone defaults). Must be a valid URL. Must not be greater than 255 characters. Example: https://www.gulgowski.com/nihil-accusantium-harum-mollitia-modi-deserunt

logo_light_url   string  optional  

Must be a valid URL. Must not be greater than 255 characters. Example: http://www.dubuque.net/quo-omnis-nostrum-aut-adipisci

logo_dark_url   string  optional  

Must be a valid URL. Must not be greater than 255 characters. Example: https://cronin.com/incidunt-iure-odit-et-et-modi-ipsum.html

favicon_url   string  optional  

Must be a valid URL. Must not be greater than 255 characters. Example: http://www.predovic.biz/consequatur-aut-dolores-enim-non-facere-tempora.html

color_primary   string  optional  
color_secondary   string  optional  
color_accent   string  optional  
color_background   string  optional  
color_surface   string  optional  
color_text   string  optional  
color_success   string  optional  
color_warning   string  optional  
color_danger   string  optional  
color_info   string  optional  
font_heading   string  optional  

Must not be greater than 50 characters. Example: t

font_body   string  optional  

Must not be greater than 50 characters. Example: u

theme_mode   string  optional  
rounded_ui   boolean  optional  

Example: false

border_radius   integer  optional  

Must be at least 0. Must not be greater than 40. Example: 3

brand_domain   string  optional  

Must not be greater than 191 characters. Example: w

brand_support_url   string  optional  

Must be a valid URL. Must not be greater than 255 characters. Example: https://labadie.com/deleniti-distinctio-eum-doloremque-id-aut.html

social_links   object  optional  
instagram   string  optional  

Must be a valid URL. Must not be greater than 255 characters. Example: q

facebook   string  optional  

Must be a valid URL. Must not be greater than 255 characters. Example: b

x   string  optional  

Must be a valid URL. Must not be greater than 255 characters. Example: e

tiktok   string  optional  

Must be a valid URL. Must not be greater than 255 characters. Example: w

youtube   string  optional  

Must be a valid URL. Must not be greater than 255 characters. Example: t

User Tenant - List users across all tenants managed by the owner (including per-tenant roles)

requires authentication

Returns all users linked to the tenants that the authenticated platform user manages, and for each user, the list of those tenants with the user's roles within each tenant.

Example request:
curl --request GET \
    --get "https://api.ciberticket.co/api/core/tenant/users/index" \
    --header "Authorization: Bearer {YOUR_AUTH_KEY}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "https://api.ciberticket.co/api/core/tenant/users/index"
);

const headers = {
    "Authorization": "Bearer {YOUR_AUTH_KEY}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


{
    "message": "Users and tenant roles retrieved",
    "data": [
        {
            "id": 15,
            "name": "John",
            "surname": "Doe",
            "email": "john.doe@example.com",
            "status": "active",
            "tenants": [
                {
                    "id": "academy-1",
                    "name": "AleAcademy",
                    "role_hint": "admin",
                    "roles": [
                        "Administrative",
                        "Coach"
                    ]
                },
                {
                    "id": "club-22",
                    "name": "City Club",
                    "role_hint": "viewer",
                    "roles": [
                        "Player"
                    ]
                }
            ]
        }
    ]
}

Request      

GET api/core/tenant/users/index

Headers

Authorization      

Example: Bearer {YOUR_AUTH_KEY}

Content-Type      

Example: application/json

Accept      

Example: application/json

User Tenant - Create a user and assign per-tenant roles

requires authentication

Creates a global user and links it to one or more tenants, assigning roles within each tenant. Roles must exist with guard tenant (e.g., admin, organizer, finance, scanner).

Example request:
curl --request POST \
    "https://api.ciberticket.co/api/core/tenant/users/store" \
    --header "Authorization: Bearer {YOUR_AUTH_KEY}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"name\": \"John\",
    \"surname\": \"Doe\",
    \"email\": \"john.doe@example.com\",
    \"password\": \"MyStr0ngP@ss\",
    \"tenants\": [
        \"architecto\"
    ]
}"

const url = new URL(
    "https://api.ciberticket.co/api/core/tenant/users/store"
);

const headers = {
    "Authorization": "Bearer {YOUR_AUTH_KEY}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "name": "John",
    "surname": "Doe",
    "email": "john.doe@example.com",
    "password": "MyStr0ngP@ss",
    "tenants": [
        "architecto"
    ]
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (201):


{
    "message": "User created and roles assigned",
    "data": {
        "user": {
            "id": 101,
            "name": "John",
            "surname": "Doe",
            "email": "john.doe@example.com",
            "status": "active"
        },
        "tenants": [
            {
                "id": "academy-1",
                "name": "AleAcademy",
                "role_hint": "admin",
                "roles": [
                    "admin",
                    "organizer"
                ]
            },
            {
                "id": "club-22",
                "name": "City Club",
                "role_hint": "organizer",
                "roles": [
                    "organizer"
                ]
            }
        ]
    }
}

Request      

POST api/core/tenant/users/store

Headers

Authorization      

Example: Bearer {YOUR_AUTH_KEY}

Content-Type      

Example: application/json

Accept      

Example: application/json

Body Parameters

name   string   

First name. Example: John

surname   string   

Last name. Example: Doe

email   string   

Unique email. Example: john.doe@example.com

password   string  optional  

nullable Min: 8 chars. Example: MyStr0ngP@ss

tenants   string[]   

List of tenant-role assignments.
id   string   

Tenant ID/slug. Example: academy-1

roles   string[]   

Roles for this tenant.

role_hint   string  optional  

nullable UX hint for the pivot (does not grant permissions). One of: owner, admin, organizer, finance, scanner, viewer. Example: admin

User Tenant - Update a user and (optionally) per-tenant roles/membership

requires authentication

Updates basic user fields. Optionally syncs roles for specific tenants and/or detaches the user from other tenants. Roles must exist with guard tenant (e.g., admin, organizer, finance, scanner).

Example request:
curl --request PUT \
    "https://api.ciberticket.co/api/core/tenant/users/1/update" \
    --header "Authorization: Bearer {YOUR_AUTH_KEY}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"name\": \"John\",
    \"surname\": \"Doe\",
    \"email\": \"john.doe@example.com\",
    \"password\": \"MyStr0ngP@ss\",
    \"tenants\": [
        \"architecto\"
    ],
    \"detach_tenants\": [
        \"architecto\"
    ],
    \"detach_tenants[]\": \"club-22\"
}"

const url = new URL(
    "https://api.ciberticket.co/api/core/tenant/users/1/update"
);

const headers = {
    "Authorization": "Bearer {YOUR_AUTH_KEY}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "name": "John",
    "surname": "Doe",
    "email": "john.doe@example.com",
    "password": "MyStr0ngP@ss",
    "tenants": [
        "architecto"
    ],
    "detach_tenants": [
        "architecto"
    ],
    "detach_tenants[]": "club-22"
};

fetch(url, {
    method: "PUT",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (200):


{
    "message": "User updated",
    "data": {
        "user": {
            "id": 101,
            "name": "John",
            "surname": "Doe",
            "email": "john.doe@example.com",
            "status": "active"
        },
        "tenants": [
            {
                "id": "academy-1",
                "name": "AleAcademy",
                "role_hint": "admin",
                "roles": [
                    "admin",
                    "organizer"
                ]
            },
            {
                "id": "club-22",
                "name": "City Club",
                "role_hint": "viewer",
                "roles": [
                    "organizer"
                ]
            }
        ]
    }
}

Request      

PUT api/core/tenant/users/{userId}/update

Headers

Authorization      

Example: Bearer {YOUR_AUTH_KEY}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

userId   integer   

Example: 1

user   integer   

The user ID. Example: 101

Body Parameters

name   string  optional  

optional First name. Example: John

surname   string  optional  

optional Last name. Example: Doe

email   string  optional  

optional Unique email. Example: john.doe@example.com

password   string  optional  

optional Min: 8 chars. Example: MyStr0ngP@ss

tenants   string[]  optional  

optional List of per-tenant role assignments to sync (only for those tenants).
id   string   

Tenant ID/slug. Example: academy-1

roles   string[]   

Roles for this tenant.

role_hint   string  optional  

optional UX hint for the pivot. One of: owner, admin, organizer, finance, scanner, viewer. Example: admin

detach_tenants   string[]  optional  

optional Tenant IDs to detach the user from (removes membership and clears roles for those tenants).

detach_tenants[]   string  optional  

A tenant ID. Example: club-22

User Tenant - Archive (soft-delete) a user by status

requires authentication

Marks the user as deleted (status = 'deleted'). Due to the global scope (NonDeletedScope), archived users stop appearing in listings by default. No tenant memberships or roles are removed.

Example request:
curl --request DELETE \
    "https://api.ciberticket.co/api/core/tenant/users/1/destroy" \
    --header "Authorization: Bearer {YOUR_AUTH_KEY}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "https://api.ciberticket.co/api/core/tenant/users/1/destroy"
);

const headers = {
    "Authorization": "Bearer {YOUR_AUTH_KEY}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "DELETE",
    headers,
}).then(response => response.json());

Example response (200):


{
    "message": "User archived",
    "data": {
        "user": {
            "id": 101,
            "name": "John",
            "surname": "Doe",
            "email": "john.doe@example.com",
            "status": "deleted"
        }
    }
}

Example response (404):


{
    "message": "User not found in your tenants."
}

Request      

DELETE api/core/tenant/users/{userId}/destroy

Headers

Authorization      

Example: Bearer {YOUR_AUTH_KEY}

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

userId   integer   

Example: 1

user   integer   

The user ID. Example: 101

Endpoints

Handles the API request and renders the Swagger documentation view.

Example request:
curl --request GET \
    --get "https://api.ciberticket.co/api/documentation" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "https://api.ciberticket.co/api/documentation"
);

const headers = {
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (500):

Show headers 
cache-control: no-cache, private
content-type: application/json
vary: Origin
 

{
    "status": "error",
    "message": "Route [l5-swagger.default.docs] not defined."
}

Request      

GET api/documentation

Headers

Content-Type      

Example: application/json

Accept      

Example: application/json

Handles the OAuth2 callback and retrieves the required file for the redirect.

Example request:
curl --request GET \
    --get "https://api.ciberticket.co/api/oauth2-callback" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "https://api.ciberticket.co/api/oauth2-callback"
);

const headers = {
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):

Show headers 
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
vary: Origin
 

<!doctype html>
<html lang="en-US">
<head>
    <title>Swagger UI: OAuth2 Redirect</title>
</head>
<body>
<script>
    'use strict';
    function run () {
        var oauth2 = window.opener.swaggerUIRedirectOauth2;
        var sentState = oauth2.state;
        var redirectUrl = oauth2.redirectUrl;
        var isValid, qp, arr;

        if (/code|token|error/.test(window.location.hash)) {
            qp = window.location.hash.substring(1).replace('?', '&');
        } else {
            qp = location.search.substring(1);
        }

        arr = qp.split("&");
        arr.forEach(function (v,i,_arr) { _arr[i] = '"' + v.replace('=', '":"') + '"';});
        qp = qp ? JSON.parse('{' + arr.join() + '}',
                function (key, value) {
                    return key === "" ? value : decodeURIComponent(value);
                }
        ) : {};

        isValid = qp.state === sentState;

        if ((
          oauth2.auth.schema.get("flow") === "accessCode" ||
          oauth2.auth.schema.get("flow") === "authorizationCode" ||
          oauth2.auth.schema.get("flow") === "authorization_code"
        ) && !oauth2.auth.code) {
            if (!isValid) {
                oauth2.errCb({
                    authId: oauth2.auth.name,
                    source: "auth",
                    level: "warning",
                    message: "Authorization may be unsafe, passed state was changed in server. The passed state wasn't returned from auth server."
                });
            }

            if (qp.code) {
                delete oauth2.state;
                oauth2.auth.code = qp.code;
                oauth2.callback({auth: oauth2.auth, redirectUrl: redirectUrl});
            } else {
                let oauthErrorMsg;
                if (qp.error) {
                    oauthErrorMsg = "["+qp.error+"]: " +
                        (qp.error_description ? qp.error_description+ ". " : "no accessCode received from the server. ") +
                        (qp.error_uri ? "More info: "+qp.error_uri : "");
                }

                oauth2.errCb({
                    authId: oauth2.auth.name,
                    source: "auth",
                    level: "error",
                    message: oauthErrorMsg || "[Authorization failed]: no accessCode received from the server."
                });
            }
        } else {
            oauth2.callback({auth: oauth2.auth, token: qp, isValid: isValid, redirectUrl: redirectUrl});
        }
        window.close();
    }

    if (document.readyState !== 'loading') {
        run();
    } else {
        document.addEventListener('DOMContentLoaded', function () {
            run();
        });
    }
</script>
</body>
</html>

Request      

GET api/oauth2-callback

Headers

Content-Type      

Example: application/json

Accept      

Example: application/json

POST api/logout

Example request:
curl --request POST \
    "https://api.ciberticket.co/api/logout" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "https://api.ciberticket.co/api/logout"
);

const headers = {
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "POST",
    headers,
}).then(response => response.json());

Request      

POST api/logout

Headers

Content-Type      

Example: application/json

Accept      

Example: application/json

POST /events Permiso requerido: tenant.event.create

Example request:
curl --request POST \
    "https://api.ciberticket.co/api/event" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "https://api.ciberticket.co/api/event"
);

const headers = {
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "POST",
    headers,
}).then(response => response.json());

Request      

POST api/event

Headers

Content-Type      

Example: application/json

Accept      

Example: application/json

GET /events/{id} Permiso requerido: tenant.event.show

Example request:
curl --request GET \
    --get "https://api.ciberticket.co/api/event/architecto" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "https://api.ciberticket.co/api/event/architecto"
);

const headers = {
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (500):

Show headers 
cache-control: no-cache, private
content-type: application/json
vary: Origin
 

{
    "status": "error",
    "message": "Unauthenticated."
}

Request      

GET api/event/{id}

Headers

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   string   

The ID of the event. Example: architecto

PUT/PATCH /events/{id} Permiso requerido: tenant.event.update

Example request:
curl --request PUT \
    "https://api.ciberticket.co/api/event/architecto" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "https://api.ciberticket.co/api/event/architecto"
);

const headers = {
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "PUT",
    headers,
}).then(response => response.json());

Request      

PUT api/event/{id}

Headers

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   string   

The ID of the event. Example: architecto

DELETE /events/{id} Permiso requerido: tenant.event.delete

Example request:
curl --request DELETE \
    "https://api.ciberticket.co/api/event/architecto" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "https://api.ciberticket.co/api/event/architecto"
);

const headers = {
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "DELETE",
    headers,
}).then(response => response.json());

Request      

DELETE api/event/{id}

Headers

Content-Type      

Example: application/json

Accept      

Example: application/json

URL Parameters

id   string   

The ID of the event. Example: architecto

Tenant

Settings - Visual Configuration

Devuelve la configuración visual del tenant (colores, logos, fuentes, etc.).

Example request:
curl --request GET \
    --get "https://api.ciberticket.co/api/settings" \
    --header "X-Tenant: string required El ID del tenant a consultar. Example: web" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "https://api.ciberticket.co/api/settings"
);

const headers = {
    "X-Tenant": "string required El ID del tenant a consultar. Example: web",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


{
    "brand_name": "CiberTickets",
    "currency": "COP",
    "timezone": "America/Bogota",
    "contact_email": "soporte@cibertickets.co",
    "logo": {
        "default": null,
        "light": null,
        "dark": null,
        "favicon": null
    },
    "colors": {
        "primary": "#00E5FF",
        "secondary": "#7C3AED",
        "accent": "#22C55E"
    },
    "fonts": {
        "heading": "Poppins",
        "body": "Inter"
    },
    "theme_mode": "system"
}

Request      

GET api/settings

Headers

X-Tenant      

Example: string required El ID del tenant a consultar. Example: web

Content-Type      

Example: application/json

Accept      

Example: application/json

Event - index

requires authentication

List all events in the current tenant. Requires permission: tenant.event.view

Example request:
curl --request GET \
    --get "https://api.ciberticket.co/api/event" \
    --header "Authorization: Bearer {token}" \
    --header "X-Tenant: {tenant_id}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "https://api.ciberticket.co/api/event"
);

const headers = {
    "Authorization": "Bearer {token}",
    "X-Tenant": "{tenant_id}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Example response (200):


{
    "allowed": true,
    "permission": "tenant.event.view",
    "note": "You can list events in this tenant."
}

Request      

GET api/event

Headers

Authorization      

Example: Bearer {token}

X-Tenant      

Example: {tenant_id}

Content-Type      

Example: application/json

Accept      

Example: application/json