API Interface
The plugin provides an Admin REST API for external systems (e.g. ticket scanners, access control).
Complete API reference: shopware.stoplight.io – Authentication
Authentication
Client Credentials
POST /api/oauth/token{
"grant_type": "client_credentials",
"client_id": "<client_id>",
"client_secret": "<client_secret>"
}Password Grant
POST /api/oauth/token{
"client_id": "administration",
"grant_type": "password",
"scopes": "write",
"username": "<username>",
"password": "<password>"
}Response:
{
"token_type": "Bearer",
"expires_in": 600,
"access_token": "...",
"refresh_token": "..."
}Routes
Enable App API
GET /api/fgits/tickets/api/activate
Authorization: Bearer <access_token>Sends an activation email with QR code to the email address of the authenticated user.
Response:
{ "status": "OK" }Get Events
GET /api/fgits/tickets/api/events
Authorization: Bearer <access_token>Parameters:
Parameter | Type | Required | Description |
|---|---|---|---|
`timezone` | int (0/1) | no | `1` = Use timezone from plugin configuration for `datetime` (from v3.4.7) |
Returns information about ticket events (products marked with ticket flag).
Response:
{
"data": [
{
"id": "abc123...",
"name": "Concert 2026",
"datetime": "2026-06-01T18:00:00+02:00",
"createdAt": "2025-01-15T10:00:00+00:00"
}
],
"success": true
}Get Tickets
GET /api/fgits/tickets/api/tickets
Authorization: Bearer <access_token>Parameters:
Parameter | Type | Required | Description |
|---|---|---|---|
`event_ids` | array | no | Filters tickets to specific event IDs |
`extended` | int (0/1) | no | `1` = Additionally returns `event_name` and `event_datetime` (from v3.4.6) |
`timezone` | int (0/1) | no | `1` = Use timezone from plugin configuration (from v3.4.7) |
Response (extended: 0):
{
"data": [
{
"id": "uuid...",
"ticketId": "100001000001123454",
"createdAt": "2026-03-01T10:00:00+00:00",
"personalizedFullname": "Max Mustermann",
"personalizedEmail": "max@example.com",
"personalizedCustomFields": [],
"customerFullname": "Max Mustermann",
"checkInDatetime": null,
"active": true,
"event_id": "product-uuid..."
}
],
"success": true
}Response (extended: 1): Additionally:
{
"event_name": "Concert 2026",
"event_datetime": "2026-06-01T18:00:00+02:00"
}Scan Ticket
POST /api/fgits/tickets/api/tickets
Authorization: Bearer <access_token>
Content-Type: application/jsonBody:
Parameter | Type | Required | Description |
|---|---|---|---|
`ticket_id` | string | yes | The ticket number (e.g. SSCC-18 code or UUID-based hash) |
`event_ids` | array | no | Filters to specific events |
`check_in` | int (0/1) | no | `0` = Do not mark ticket as scanned (default: 1) (from v3.4.6) |
`extended` | int (0/1) | no | `1` = Additionally returns event info (from v3.4.6) |
`timezone` | int (0/1) | no | `1` = Use timezone from plugin configuration (from v3.4.7) |
Returns information about the ticket and marks it as scanned (check-in) by default.
If the ticket has already been scanned or is disabled, "success": false is returned.
Response (extended: 0):
{
"data": {
"id": "uuid...",
"ticketId": "100001000001123454",
"createdAt": "2026-03-01T10:00:00+00:00",
"personalizedFullname": "Max Mustermann",
"personalizedEmail": "max@example.com",
"personalizedCustomFields": [],
"customerFullname": "Max Mustermann",
"checkInDatetime": "2026-06-01T18:05:00+02:00",
"active": true,
"event_id": "product-uuid..."
},
"success": true
}`success: false` if:
Ticket already scanned (`checkInDatetime` is set)
Ticket disabled (`active: false`)
Ticket not found
Note on Ticket Numbers (SSCC-18, from v3.9.0)
When SSCC-18 format is enabled, the `ticketId` consists of 18 digits:
[Event ID 6-digit][Sequence 6-digit][Random 5-digit][GS1 Check Digit 1-digit]Example: 100001000001123454
`100001` — Event ID
`000001` — Sequence number (atomic, unique per event)
`4` — GS1 Modulo-10 check digit
Sequence assignment is transaction-safe and concurrency-safe (validated with 50 concurrent processes without duplicates).