API & Developers4 min readUpdated January 2026
Authentication & API Keys
Learn how to authenticate your API requests using API keys or OAuth 2.0. Choose the right method based on your use case.
API Key Authentication
Best for server-to-server integrations and internal scripts.
Creating an API Key
- 01Go to Settings → API & Integrations
- 02Click "Create API Key"
- 03Name your key (e.g., "CRM Integration")
- 04Select permission scopes
- 05Copy and securely store your key — it won't be shown again
# Include the key in the Authorization header:
curl -X GET "https://api.simplyticket.net/v1/tickets" \ -H "Authorization: Bearer sk_live_abc123xyz..." \ -H "Content-Type: application/json"
OAuth 2.0
Best for applications that act on behalf of users, especially public integrations.
Authorization Code Flow
For server-side apps. User grants access, you receive tokens.
Refresh Tokens
Access tokens expire in 1 hour. Use refresh tokens for new ones.
# OAuth endpoints:
Authorization: https://simplyticket.net/oauth/authorize
Token: https://api.simplyticket.net/oauth/token
Revoke: https://api.simplyticket.net/oauth/revoke
Permission Scopes
Limit API key access with scopes:
| Scope | Access |
|---|---|
| tickets:read | Read ticket data |
| tickets:write | Create and update tickets |
| customers:read | Read customer profiles |
| customers:write | Create and update customers |
| webhooks:manage | Create and delete webhooks |
| admin | Full access (use sparingly) |
🔐 Security Best Practices
- • Never expose API keys in client-side code
- • Use environment variables, not hardcoded keys
- • Rotate keys periodically and after any exposure
- • Use the minimum scopes required for your integration
- • Revoke keys immediately when no longer needed