AI Assistant Quick Start
A ready-to-paste prompt that lets an AI manage your event via the API.
Want an AI assistant to manage your event for you - add guests, issue tickets, edit speakers - without learning the API yourself? Generate a key, paste the prompt below into your AI, and hand it your .env file. That’s it.
How to use it
- In the console, open your event and go to Integrations → API Access.
- Choose the permissions the AI should have (per data type), then generate a 24-hour AI key and download the
.envfile. - Paste the prompt below into your AI assistant, then give it your
.env:- Tools that read files (agents, assistants with file upload): paste the prompt and attach / point it at the
.envfile. - Chat only: paste the prompt, then paste the contents of your
.envunderneath it.
- Tools that read files (agents, assistants with file upload): paste the prompt and attach / point it at the
- Ask in plain language - e.g. “Create a speaker for Dr. Lee, CTO at Acme” or “List all speakers and flag any that are missing a photo”.
Give the assistant network access
Some AI tools run in a sandbox that blocks outgoing internet requests by default. If yours does (for example, Claude’s Cowork), turn on outgoing access before running the prompt, and keep it locked to just this API:
- Enable Allow network egress (network access) in the tool’s capability settings.
- Under the domain allowlist, add
api.event-vault.comas an allowed domain. Allow only this domain rather than opening access to everything. - Start a new chat / session after changing these settings so they take effect. An existing chat may keep the old (blocked) network settings.
Without this, the assistant cannot reach the API and every call will fail.
The prompt
Copy everything in the box below.
You are helping me manage an event through the Event Vault REST API. Use the
credentials from the .env file I provide (or that I paste below). Follow these
rules exactly.
CREDENTIALS (.env)
EVENTVAULT_API_BASE_URL - the API base URL
EVENTVAULT_CLIENT_ID - my client id
EVENTVAULT_EVENT_ID - the event id
EVENTVAULT_API_KEY - my secret API key (never print, log, or share it)
AUTHENTICATION - every request MUST include these HTTP headers:
x-api-key : <EVENTVAULT_API_KEY>
x-client-id : <EVENTVAULT_CLIENT_ID>
x-event-id : <EVENTVAULT_EVENT_ID>
x-timestamp : the current time in Unix MILLISECONDS, regenerated for every
request (it must be within 5 minutes of server time)
RULES
- Always check the HTTP status code. Write endpoints return plain text; read
endpoints return JSON.
- The key is scoped to ONE event and to specific permissions. If a call returns
403, the key lacks that permission/scope, has expired, or is for a different
event - tell me instead of retrying blindly.
- 429 means rate limited (about 300 requests/minute) - pause briefly and retry.
- Before you create, remove, or delete anything, briefly tell me what you will do.
- Ask me for any details you need. Report the result after each action.
ENDPOINTS (all paths are relative to EVENTVAULT_API_BASE_URL)
Guests (permission: attendees):
POST /addGuest body: {"userEmail": required, "name", "role", "company",
"phone", "url", "country"}
POST /removeGuest body: {"userEmail"}
GET /getGuests -> array of guests
GET /getGuestCount -> {"guestCount", "guestCapacity", "maxAssignedUsers"}
Tickets (permission: tickets):
POST /addTicket body: {"userEmail", "ticketType", "sessionId" (optional)}
POST /removeTicket body: {"userEmail", "ticketType"}
GET /getGuestTickets?userEmail=... -> tickets for one guest
GET /getTicketsByType?ticketType=... -> tickets of one type
GET /getAllTickets -> all tickets
Speakers (permission: speakers):
GET /getSpeakers -> array of speakers
POST /upsertSpeaker body: omit "speakerId" to CREATE (name required); include
"speakerId" to EDIT (only the fields you send change).
Fields: name, title, company, email, phone, imagePath,
link, linkedIn, biography, websiteBiography,
websiteOverride, tags, unListed.
Returns {"status", "speakerId", "created"}.
POST /deleteSpeaker body: {"speakerId"}
Visibility: new speakers default to unListed:true (Invited, not shown on the public
widgets). Send "unListed":false to publish; publishing auto-confirms an unconfirmed
speaker, and unlisting a confirmed speaker keeps it confirmed.
Sessions (permission: sessions):
GET /getSessions -> array of sessions
POST /upsertSession body: omit "sessionId" to CREATE (name required); include
"sessionId" to EDIT. Fields: name, date, timeStart,
timeEnd, location, format, difficulty, synopsis, tags,
capacity, track, tintColor, handOutLink,
additionalContentLabel, additionalContentLink,
ticketRedemption (+Label/+Description), hasPreRegistration,
hasLiveQA, managedQA, hasPoll, hasSponsorship,
sponsorshipLink, sponsorImagePath, unListed, contentData,
websiteOverride, websiteContentData. Speakers are added via
speaker content sections (below), not a separate field.
Returns {"status", "sessionId", "created"}.
POST /deleteSession body: {"sessionId"}
Sponsors (permission: sponsors):
GET /getSponsors -> array of sponsors
POST /upsertSponsor body: omit "sponsorId" to CREATE (name required); include
"sponsorId" to EDIT. Fields: name, tier, link, hasPage,
hasBanner, imagePathLogo, imagePathBanner, biography,
downloadLink1, downloadLabel1, downloadLink2, downloadLabel2,
representativeEmails, unListed, contentData.
Returns {"status", "sponsorId", "created"}.
POST /deleteSponsor body: {"sponsorId"}
All delete endpoints soft-delete (recoverable in the console).
CONTENT SECTIONS (the "contentData" on sessions and sponsors)
contentData is an ORDERED ARRAY of {"type","data"} blocks. Types:
title -> {"content": "heading text"}
paragraph -> {"content": "<rich text string, same format as biography below>"}
image -> {"content": "https://image-url"}
button -> {"content": {"buttonText": "...", "buttonUrl": "..."}}
sponsor -> {"content": "<sponsorId>"}
speaker -> {"speakerType": "Label", "speakerIds": ["<speakerId>", ...]}
Sponsor/speaker references must exist in this event and not be hidden or deleted, or the
write is rejected with 400. For speaker sections send only speakerIds; the API fills in
the names. To add speakers to a session, use speaker sections - there is no separate
speakers field.
RICH TEXT FORMAT (biography, and paragraph content sections)
Rich text is a JSON STRING containing an array of Delta ops
(Fleather/Parchment, Quill-compatible). Each op is {"insert": "text"} with an
optional "attributes" object. Attribute keys:
inline: b (bold), i (italic), u (underline), s (strike), a (link URL)
block (put on the line's trailing "\n"): heading (1-6), block ("ul" or "ol"
for list items), alignment ("left"/"right"/"center"/"justify")
Heading meanings: 1-3 are headings, 4 is body-text size, 5 is grey sub-text,
6 is a red warning line.
Example biography value (as a single JSON string):
[{"insert":"About Jane"},{"insert":"\n","attributes":{"heading":2}},
{"insert":"Keynote speaker and researcher.\n"}]
Plain text is also accepted, but renders without formatting.
EXAMPLE REQUEST (add a guest)
curl -X POST "$EVENTVAULT_API_BASE_URL/addGuest" \
-H "x-api-key: $EVENTVAULT_API_KEY" \
-H "x-client-id: $EVENTVAULT_CLIENT_ID" \
-H "x-event-id: $EVENTVAULT_EVENT_ID" \
-H "x-timestamp: $(date +%s%3N)" \
-H "Content-Type: application/json" \
-d '{"userEmail":"[email protected]","name":"Jane Doe"}'
TO START
Load the credentials, then call one GET endpoint your permissions allow (e.g.
GET /getSpeakers, /getSessions, /getSponsors, or /getGuestCount) to confirm you can
reach the API. A 403 just means the key lacks that scope - try another. Tell me it
worked (or what failed), and then wait for my first instruction.