The TktPlz API is a REST API that powers the TktPlz ticket booking platform. All endpoints accept and return JSON. The server is built with Express and deployed on Render. CORS is configured to allow requests fromDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/Sumitbose5/tktplz/llms.txt
Use this file to discover all available pages before exploring further.
https://www.tktplz.me and https://tktplz-05.vercel.app.
Base URL
/api. For example, the event listing endpoint is at https://api.tktplz.me/api/event/get-all-events.
Request format
All request bodies must be sent as JSON with theContent-Type: application/json header. File upload endpoints use multipart/form-data (see the poster upload and issue submission endpoints). The server accepts payloads up to 10 MB.
Response format
Every response is a JSON object. Successful responses include asuccess: true field and a message string. Data is typically nested under a data key.
Authentication
Protected endpoints require a JWT token. The token is issued as an HttpOnly cookie namedtktplz_cookie on login or after Google OAuth. The auth middleware reads the token exclusively from this cookie — there is no Authorization: Bearer header fallback in the current implementation.
A separate middleware (authenticate) reads from a cookie named auth-token and is used on select internal routes.
See the Authentication page for full details on obtaining and using tokens.
Error format
All error responses follow the same structure:| Code | Meaning |
|---|---|
200 | Success |
201 | Resource created |
400 | Bad request — missing or invalid parameters |
401 | Unauthorized — missing or invalid token |
404 | Resource not found |
409 | Conflict — e.g. seat already locked |
429 | Too many requests — OTP rate limit |
500 | Internal server error |
CORS
The API allows credentialed cross-origin requests from the following origins:http://localhost:5173https://tktplz-05.vercel.apphttps://www.tktplz.me
credentials: 'include' (or equivalent).