API Keys

For all integration projects, you’ll need an API key assigned to a user. This key is passed into calls using the x-acme-api-key header.  


WARNING: You should never send your normal API key (x-acme-api-key) or a session key (x-acme-session) in a call directly from your frontend to ACME's backend as this is like publishing your ACME username and password.  Any integrations found to be using exposed API keys will be deactivated by ACME.


API keys should ONLY be assigned to username-only users and we recommend creating a clearly-identifiable, integration-specific user for each integration. Examples would include:

  • api-website-integration

  • api-data-warehouse

  • api-crm-integration 


Note: Only ACME Clients can request API Keys. System integrators and third-party vendors should reach out to their venue contact to have them request a key.


Requesting an API Key

  1. Create a username-only user following the naming convention above in your Sandbox and Production Environments.
    • Create it with any password you want and store it securely for your own reference.
    • Add whatever user permissions needed for this API user. Permissions can be be updated after an API key is generated, if needed.
    • If you are a new on-boarding client working in a sandbox, you may not have access to your Production environment yet. Please create the API user in your sandbox and work with your CSM to create a corresponding Production API user.
  2. Email [email protected]with the following information:
    • Username:
    • Sandbox User ID (found in the URL of the user account):
    • Production User ID:
    • Category: (select one per user)
      • Direct (For ACME platform users)
      • OTA (for 3rd party ticket seller agencies)
    • Usage info: (Provide the use case for the API keys; examples can include)
      • Web Sales
      • Power BI
      • Access Control Software
    • Specify which sandbox you are testing in:
  3. If you are working with a 3rd party and would like to create additional separate user accounts so they can directly access ACME Backoffice, please provide the email domain(s). All non-client email domains must be safelisted before you can invite those users to ACME Backoffice. If needed, please email in the domains and request safelisting to [email protected].
  4. Once your request has been submitted, the requested API keys will be generated and emailed directly to the requester.