# API Documentation ## Docs - [Delete any booking (Admin)](https://docs.hlofiys.xyz/api-reference/admin:-bookings/delete-any-booking-admin.md): Permanently deletes a booking from the system. This is a destructive operation. This is a protected endpoint. Access is restricted to users with `admin` or `manager` roles. - [Get all bookings (with filtering)](https://docs.hlofiys.xyz/api-reference/admin:-bookings/get-all-bookings-with-filtering.md): Retrieves a list of all bookings in the system, primarily for administrative purposes. Supports filtering by `event_id` using a query parameter. If no parameters are provided, it returns all bookings. This is a protected endpoint. Access is restricted to users with `admin` or `manager` roles. - [Update a booking's payment](https://docs.hlofiys.xyz/api-reference/admin:-bookings/update-a-bookings-payment.md): Allows an administrator or manager to manually update the payment status of any booking. This is a protected endpoint. Access is restricted to users with `admin` or `manager` roles. - [Create a new event](https://docs.hlofiys.xyz/api-reference/admin:-events/create-a-new-event.md): Creates a new event entity in the system. By default, a newly created event is hidden (`is_visible: false`). This is a protected endpoint. Access is restricted to users with `admin` or `manager` roles. An attempt to access this endpoint with insufficient privileges will result in a 403 Forbidden err… - [Delete event by ID](https://docs.hlofiys.xyz/api-reference/admin:-events/delete-event-by-id.md): Permanently deletes an event from the system by its unique ID. Note: This is a destructive operation. All associated bookings for this event will also be deleted. This is a protected endpoint. Access is restricted to users with `admin` or `manager` roles. - [Update event](https://docs.hlofiys.xyz/api-reference/admin:-events/update-event.md): Updates the details of an existing event by its unique ID. Only the fields provided in the request body will be updated. Unspecified fields will remain unchanged. This is a protected endpoint. Access is restricted to users with `admin` or `manager` roles. - [Upload or update a preview image for an event](https://docs.hlofiys.xyz/api-reference/admin:-events/upload-or-update-a-preview-image-for-an-event.md): Uploads or replaces the preview image for a specific event. - [Creating a new hall](https://docs.hlofiys.xyz/api-reference/admin:-halls/creating-a-new-hall.md): Creates a new hall entity in the system. This is a protected endpoint. Access is restricted to users with `admin` or `manager` roles. An attempt to access this endpoint with insufficient privileges will result in a 403 Forbidden error. - [Delete hall by ID](https://docs.hlofiys.xyz/api-reference/admin:-halls/delete-hall-by-id.md): Permanently deletes a hall from the system by its unique ID. Note: This is a destructive operation and will also cascade-delete all associated events, seat types, and seats within this hall. This is a protected endpoint. Access is restricted to users with `admin` or `manager` roles. - [Update hall](https://docs.hlofiys.xyz/api-reference/admin:-halls/update-hall.md): Partially updates the details of an existing hall by its unique ID. Only the fields provided in the request body will be updated; unspecified fields will remain unchanged. This is a protected endpoint. Access is restricted to users with `admin` or `manager` roles. - [Upload or update a seating chart image for a hall](https://docs.hlofiys.xyz/api-reference/admin:-halls/upload-or-update-a-seating-chart-image-for-a-hall.md): Uploads or replaces the seating chart image for a specific hall. - [Create a new seat type](https://docs.hlofiys.xyz/api-reference/admin:-seat-types/create-a-new-seat-type.md): Creates a new seat type and associates it with a specific hall. The price and color defined here will apply to all seats of this type within that particular hall. This is a protected endpoint. Access is restricted to users with `admin` or `manager` roles. - [Delete seat type by ID](https://docs.hlofiys.xyz/api-reference/admin:-seat-types/delete-seat-type-by-id.md): Permanently deletes a seat type from the system by its unique ID. Note: This is a destructive operation. All seats that use this type will also be deleted due to database constraints. This is a protected endpoint. Access is restricted to users with `admin` or `manager` roles. - [Update seat type](https://docs.hlofiys.xyz/api-reference/admin:-seat-types/update-seat-type.md): Updates the details (name, price,color or hall) of an existing seat type by its unique ID. Only the fields provided in the request body will be updated. This is a protected endpoint. Access is restricted to users with `admin` or `manager` roles. - [Mass creation of seats in hall](https://docs.hlofiys.xyz/api-reference/admin:-seats/mass-creation-of-seats-in-hall.md): Creates multiple new seats in a specific hall in a single transaction. The request body should be an array of seat objects to create. The server will process them in a single batch. This is a protected endpoint. Access is restricted to users with `admin` or `manager` roles. - [Mass removal of seats from the hall](https://docs.hlofiys.xyz/api-reference/admin:-seats/mass-removal-of-seats-from-the-hall.md): Deletes one or more seats from a hall. This endpoint supports two modes of operation based on the request body: - **To delete specific seats:** Provide a JSON object with an array of `seat_ids`. - **To delete ALL seats in the hall:** Provide a JSON object with a `delete_all: true` flag. This is a de… - [Massive renewal of seats in the hall](https://docs.hlofiys.xyz/api-reference/admin:-seats/massive-renewal-of-seats-in-the-hall.md): Updates multiple existing seats in a specific hall in a single transaction. The request body should be an array of seat objects, each containing a `seat_id` and the fields to be updated. This is a protected endpoint. Access is restricted to users with `admin` or `manager` roles. - [Confirm user email address](https://docs.hlofiys.xyz/api-reference/authentication/confirm-user-email-address.md) - [Log out and invalidate refresh token](https://docs.hlofiys.xyz/api-reference/authentication/log-out-and-invalidate-refresh-token.md): Logs out the current user by invalidating their refresh token on the server, effectively ending the session - [Login to get a JWT token](https://docs.hlofiys.xyz/api-reference/authentication/login-to-get-a-jwt-token.md) - [Refresh access and refresh tokens](https://docs.hlofiys.xyz/api-reference/authentication/refresh-access-and-refresh-tokens.md) - [Register a new user or create a user by admin](https://docs.hlofiys.xyz/api-reference/authentication/register-a-new-user-or-create-a-user-by-admin.md): Allows for user self-registration or user creation by an administrator. - If called without an admin token, a new user with the 'user' role is created and requires email confirmation. The 'role' field is ignored. - If called with an admin token, a new user (e.g., a manager) is created immediatel… - [Request a password reset code](https://docs.hlofiys.xyz/api-reference/authentication/request-a-password-reset-code.md) - [Resend the activation link for an inactive user account](https://docs.hlofiys.xyz/api-reference/authentication/resend-the-activation-link-for-an-inactive-user-account.md) - [Reset password using a verification code](https://docs.hlofiys.xyz/api-reference/authentication/reset-password-using-a-verification-code.md) - [Set password for a new user via activation token](https://docs.hlofiys.xyz/api-reference/authentication/set-password-for-a-new-user-via-activation-token.md) - [Validate current access token](https://docs.hlofiys.xyz/api-reference/authentication/validate-current-access-token.md): A lightweight endpoint to check if the current Bearer access token is valid and not expired. Returns a 200 OK on success, or a 401 Unauthorized if the token is invalid - [Book a seat for an event](https://docs.hlofiys.xyz/api-reference/bookings/book-a-seat-for-an-event.md): Creates a new booking (reservation) for a specific seat at a specific event. This operation requires user authentication; the server automatically assigns the `user_id` from the authentication token. The booking is created with an initial `is_paid: false` status. - [Book seats for an anonymous user](https://docs.hlofiys.xyz/api-reference/bookings/book-seats-for-an-anonymous-user.md): Allows an unregistered user to book seats. The system will automatically create a new user account if one does not exist for the provided email and send an activation link to that email. If an account already exists, an error is returned prompting the user to log in. - [Cancel a user's own booking](https://docs.hlofiys.xyz/api-reference/bookings/cancel-a-users-own-booking.md): Allows an authenticated user to cancel/delete their own booking. An attempt to delete a booking belonging to another user will result in a 403 Forbidden error. Requires user authentication. - [Get all bookings for the current user](https://docs.hlofiys.xyz/api-reference/bookings/get-all-bookings-for-the-current-user.md): Retrieves a list of all bookings (past and future) associated with the currently authenticated user. Each item in the list contains enriched details about the event, hall, and seat. Requires user authentication. - [API Documentation](https://docs.hlofiys.xyz/api-reference/documentation/api-documentation.md): Serves the interactive API documentation. - [API Documentation file](https://docs.hlofiys.xyz/api-reference/documentation/api-documentation-file.md): Serves the API documentation yaml. - [Get a event by ID](https://docs.hlofiys.xyz/api-reference/events/get-a-event-by-id.md): Retrieves details for a single event. - If accessed by an administrator and manager, it will return the event even if it is hidden. - For all other users (including anonymous guests), it will only return the event if it is marked as visible. - [Get all past events](https://docs.hlofiys.xyz/api-reference/events/get-all-past-events.md): Retrieves a list of events that have already ended. - **For Administrators and Managers:** Returns all past events, including hidden ones (`is_visible: false`). - **For regular Users and anonymous Guests:** Returns only past events that were publicly visible (`is_visible: true`). - [Get all the events](https://docs.hlofiys.xyz/api-reference/events/get-all-the-events.md): Retrieves a list of events. The content of the list depends on the user's role. - **For Administrators:** Returns all events, including hidden ones (`is_visible: false`). - **For regular Users and anonymous Guests:** Returns only events that are publicly visible (`is_visible: true`) and upcoming (`e… - [Get all upcoming events with available seat counts](https://docs.hlofiys.xyz/api-reference/events/get-all-upcoming-events-with-available-seat-counts.md): Retrieves a list of all publicly visible, upcoming events, including a calculated count of available seats for each. This is a public endpoint and does not require authentication. - [Get a hall by ID](https://docs.hlofiys.xyz/api-reference/halls/get-a-hall-by-id.md): Retrieves the complete details for a single hall by its unique identifier. This is a public endpoint and does not require authentication. - [Get all the halls](https://docs.hlofiys.xyz/api-reference/halls/get-all-the-halls.md): Retrieves a list of all halls available in the system. This is a public endpoint and does not require authentication. The returned list can be empty if no halls have been created yet. - [Get a seat type by ID](https://docs.hlofiys.xyz/api-reference/seat-types/get-a-seat-type-by-id.md): Retrieves the details for a single seat type by its unique identifier. This is a public endpoint and does not require authentication. - [Get all the seat types by hall ID](https://docs.hlofiys.xyz/api-reference/seat-types/get-all-the-seat-types-by-hall-id.md): Retrieves a list of all seat types defined for a specific hall. Each seat type includes its name, price, and associated color, which can be used to render a legend for the seating chart. This is a public endpoint and does not require authentication. - [Returns a seat in the hall](https://docs.hlofiys.xyz/api-reference/seats/returns-a-seat-in-the-hall.md): Retrieves the details for a single seat within a specific hall by its unique identifier. This is a public endpoint and does not require authentication. - [Returns all seats in the hall by hall ID](https://docs.hlofiys.xyz/api-reference/seats/returns-all-seats-in-the-hall-by-hall-id.md): Retrieves a list of all seats for a specific hall, including their labels, coordinates, and type information. This endpoint is essential for rendering a static seating chart. This is a public endpoint and does not require authentication. - [Tandem IT API Documentation](https://docs.hlofiys.xyz/index.md): Complete API reference for Tandem IT backend services ## OpenAPI Specs - [openapi](https://docs.hlofiys.xyz/api-reference/openapi.json)