Authentication

All requests to the Gomry API must include a valid API key. API keys are scoped to your organization — any event, attendee, or ticket class belonging to your organization is accessible with your key.

Generating an API Key

Log in to your Gomry dashboard
Navigate to Organization Settings → API Keys
Click Create API Key and give it a descriptive name
Copy the key immediately — it is only displayed once

Treat your API key like a password. Anyone with your key can read your organization’s event data. Never commit it to version control or expose it in client-side code.

Using Your API Key

Include the key in the X-API-KEY header on every request:

curl -H "X-API-KEY: your_api_key_here" \
  https://www.gomry.com/api/v1/events/YOUR_EVENT_ID

Security Best Practices

Store keys in environment variables

Never hardcode API keys in your source code. Use environment variables or a secrets manager.

export GOMRY_API_KEY="your_api_key_here"

Use server-side requests only

API keys should only be used in server-side code. Never include them in frontend JavaScript, mobile apps, or any code that runs on user devices.

Rotate keys periodically

Create a new key and revoke the old one periodically. You can manage keys in your dashboard under Organization Settings → API Keys.

Use separate keys for each integration

Create a dedicated key for each integration or service. This way, if a key is compromised, you can revoke it without affecting other integrations.

Authentication Errors

Status	Error	Meaning
`401`	`Missing X-API-KEY header`	No API key was provided in the request
`401`	`Invalid or revoked API key`	The key doesn’t exist or has been revoked

Introduction Errors

⌘I

Getting Started

​Authentication

​Generating an API Key

​Using Your API Key

​Security Best Practices

​Authentication Errors

Authentication

Generating an API Key

Using Your API Key

Security Best Practices

Authentication Errors