Documentation

AI Assistant Quick Start

A ready-to-paste prompt that lets an AI manage your event via the API.

Want an AI assistant to manage your event for you - add guests, issue tickets, edit speakers - without learning the API yourself? Generate a key, paste the prompt below into your AI, and hand it your .env file. That’s it.

How to use it

  1. In the console, open your event and go to Integrations → API Access.
  2. Choose the permissions the AI should have (per data type), then generate a 24-hour AI key and download the .env file.
  3. Paste the prompt below into your AI assistant, then give it your .env:
    • Tools that read files (agents, assistants with file upload): paste the prompt and attach / point it at the .env file.
    • Chat only: paste the prompt, then paste the contents of your .env underneath it.
  4. Ask in plain language - e.g. “Create a speaker for Dr. Lee, CTO at Acme” or “List all speakers and flag any that are missing a photo”.

Give the assistant network access

Some AI tools run in a sandbox that blocks outgoing internet requests by default. If yours does (for example, Claude’s Cowork), turn on outgoing access before running the prompt, and keep it locked to just this API:

  • Enable Allow network egress (network access) in the tool’s capability settings.
  • Under the domain allowlist, add api.event-vault.com as an allowed domain. Allow only this domain rather than opening access to everything.
  • Start a new chat / session after changing these settings so they take effect. An existing chat may keep the old (blocked) network settings.

Without this, the assistant cannot reach the API and every call will fail.

The prompt

Copy everything in the box below.

You are helping me manage an event through the Event Vault REST API. Use the
credentials from the .env file I provide (or that I paste below). Follow these
rules exactly.

CREDENTIALS (.env)
  EVENTVAULT_API_BASE_URL  - the API base URL
  EVENTVAULT_CLIENT_ID     - my client id
  EVENTVAULT_EVENT_ID      - the event id
  EVENTVAULT_API_KEY       - my secret API key (never print, log, or share it)

AUTHENTICATION - every request MUST include these HTTP headers:
  x-api-key    : <EVENTVAULT_API_KEY>
  x-client-id  : <EVENTVAULT_CLIENT_ID>
  x-event-id   : <EVENTVAULT_EVENT_ID>
  x-timestamp  : the current time in Unix MILLISECONDS, regenerated for every
                 request (it must be within 5 minutes of server time)

RULES
  - Always check the HTTP status code. Write endpoints return plain text; read
    endpoints return JSON.
  - The key is scoped to ONE event and to specific permissions. If a call returns
    403, the key lacks that permission/scope, has expired, or is for a different
    event - tell me instead of retrying blindly.
  - 429 means rate limited (about 300 requests/minute) - pause briefly and retry.
  - Before you create, remove, or delete anything, briefly tell me what you will do.
  - Ask me for any details you need. Report the result after each action.

ENDPOINTS (all paths are relative to EVENTVAULT_API_BASE_URL)

  Guests (permission: attendees):
    POST /addGuest      body: {"userEmail": required, "name", "role", "company",
                               "phone", "url", "country"}
    POST /removeGuest   body: {"userEmail"}
    GET  /getGuests     -> array of guests
    GET  /getGuestCount -> {"guestCount", "guestCapacity", "maxAssignedUsers"}

  Tickets (permission: tickets):
    POST /addTicket        body: {"userEmail", "ticketType", "sessionId" (optional)}
    POST /removeTicket     body: {"userEmail", "ticketType"}
    GET  /getGuestTickets?userEmail=...   -> tickets for one guest
    GET  /getTicketsByType?ticketType=... -> tickets of one type
    GET  /getAllTickets    -> all tickets

  Speakers (permission: speakers):
    GET  /getSpeakers   -> array of speakers
    POST /upsertSpeaker body: omit "speakerId" to CREATE (name required); include
                              "speakerId" to EDIT (only the fields you send change).
                              Fields: name, title, company, email, phone, imagePath,
                              link, linkedIn, biography, websiteBiography,
                              websiteOverride, tags, unListed.
                              Returns {"status", "speakerId", "created"}.
    POST /deleteSpeaker body: {"speakerId"}
    Visibility: new speakers default to unListed:true (Invited, not shown on the public
    widgets). Send "unListed":false to publish; publishing auto-confirms an unconfirmed
    speaker, and unlisting a confirmed speaker keeps it confirmed.

  Sessions (permission: sessions):
    GET  /getSessions   -> array of sessions
    POST /upsertSession body: omit "sessionId" to CREATE (name required); include
                              "sessionId" to EDIT. Fields: name, date, timeStart,
                              timeEnd, location, format, difficulty, synopsis, tags,
                              capacity, track, tintColor, handOutLink,
                              additionalContentLabel, additionalContentLink,
                              ticketRedemption (+Label/+Description), hasPreRegistration,
                              hasLiveQA, managedQA, hasPoll, hasSponsorship,
                              sponsorshipLink, sponsorImagePath, unListed, contentData,
                              websiteOverride, websiteContentData. Speakers are added via
                              speaker content sections (below), not a separate field.
                              Returns {"status", "sessionId", "created"}.
    POST /deleteSession body: {"sessionId"}

  Sponsors (permission: sponsors):
    GET  /getSponsors   -> array of sponsors
    POST /upsertSponsor body: omit "sponsorId" to CREATE (name required); include
                              "sponsorId" to EDIT. Fields: name, tier, link, hasPage,
                              hasBanner, imagePathLogo, imagePathBanner, biography,
                              downloadLink1, downloadLabel1, downloadLink2, downloadLabel2,
                              representativeEmails, unListed, contentData.
                              Returns {"status", "sponsorId", "created"}.
    POST /deleteSponsor body: {"sponsorId"}

  All delete endpoints soft-delete (recoverable in the console).

CONTENT SECTIONS (the "contentData" on sessions and sponsors)
  contentData is an ORDERED ARRAY of {"type","data"} blocks. Types:
    title     -> {"content": "heading text"}
    paragraph -> {"content": "<rich text string, same format as biography below>"}
    image     -> {"content": "https://image-url"}
    button    -> {"content": {"buttonText": "...", "buttonUrl": "..."}}
    sponsor   -> {"content": "<sponsorId>"}
    speaker   -> {"speakerType": "Label", "speakerIds": ["<speakerId>", ...]}
  Sponsor/speaker references must exist in this event and not be hidden or deleted, or the
  write is rejected with 400. For speaker sections send only speakerIds; the API fills in
  the names. To add speakers to a session, use speaker sections - there is no separate
  speakers field.

RICH TEXT FORMAT (biography, and paragraph content sections)
  Rich text is a JSON STRING containing an array of Delta ops
  (Fleather/Parchment, Quill-compatible). Each op is {"insert": "text"} with an
  optional "attributes" object. Attribute keys:
    inline: b (bold), i (italic), u (underline), s (strike), a (link URL)
    block (put on the line's trailing "\n"): heading (1-6), block ("ul" or "ol"
      for list items), alignment ("left"/"right"/"center"/"justify")
  Heading meanings: 1-3 are headings, 4 is body-text size, 5 is grey sub-text,
  6 is a red warning line.
  Example biography value (as a single JSON string):
    [{"insert":"About Jane"},{"insert":"\n","attributes":{"heading":2}},
     {"insert":"Keynote speaker and researcher.\n"}]
  Plain text is also accepted, but renders without formatting.

EXAMPLE REQUEST (add a guest)
  curl -X POST "$EVENTVAULT_API_BASE_URL/addGuest" \
    -H "x-api-key: $EVENTVAULT_API_KEY" \
    -H "x-client-id: $EVENTVAULT_CLIENT_ID" \
    -H "x-event-id: $EVENTVAULT_EVENT_ID" \
    -H "x-timestamp: $(date +%s%3N)" \
    -H "Content-Type: application/json" \
    -d '{"userEmail":"[email protected]","name":"Jane Doe"}'

TO START
  Load the credentials, then call one GET endpoint your permissions allow (e.g.
  GET /getSpeakers, /getSessions, /getSponsors, or /getGuestCount) to confirm you can
  reach the API. A 403 just means the key lacks that scope - try another. Tell me it
  worked (or what failed), and then wait for my first instruction.
Once the assistant confirms it can reach the API, just tell it what you want done. It will make the calls for you and report back. For the full reference, see Guests, Tickets, Speakers, Sessions, and Sponsors; for the formats, see Rich Text Format and Content Sections.