Integrations & API Reference¶
Overview¶
Nigall exposes two primary API surfaces: Mobile API (/api/mobile/v1/) for attendee JWT clients and Talent API (/api/v1/) for account-scoped CRM resources. Webhooks integrate Stripe and SES.
Purpose¶
Enable mobile apps, talent CRM integrations, and payment/email automation.
Who should use it¶
- Mobile developers
- Integration engineers
- Partners building talent workflows
Benefits¶
- RESTful JSON endpoints
- JWT authentication for mobile
- UUID-scoped talent resources
- Documented webhook entry points
Navigation path¶
| API | Base URL |
|---|---|
| Mobile | /api/mobile/v1/ |
| Talent CRM | /api/v1/ |
| Stripe webhook | /payments/webhook/ |
| SES webhook | /communications/webhooks/ses/ |
Prerequisites¶
- HTTPS in production
- JWT secret configured for mobile
- Account UUID for talent API calls
- Webhook signing secrets
Mobile API (mobile_api)¶
Authentication¶
| Method | Path | Body |
|---|---|---|
| POST | /auth/login/ |
username/email + password |
| GET | /auth/me/ |
Header: Authorization: Bearer <token> |
Events¶
| Method | Path | Description |
|---|---|---|
| GET | /events/discover/ |
Public discover list |
| GET | /events/search/ |
Search query |
| GET | /events/categories/ |
Category list |
| GET | /events/<pk>/<event_tag>/ |
Event detail |
| POST | /events/<pk>/<event_tag>/rsvp/ |
RSVP create/update (RSVP events) |
Tickets¶
| Method | Path | Description |
|---|---|---|
| GET | /tickets/ |
Authenticated user's tickets |
Note: Survey questions not exposed on mobile RSVP. Full registration remains web.
Talent API (talent_management.api)¶
Account-scoped pattern:
/api/v1/accounts/<account_uuid>/<resource>/
| Resource | Methods |
|---|---|
accounts/ |
GET list, GET detail |
categories/ |
CRUD |
talents/ |
CRUD |
contacts/ |
CRUD |
vip-guests/ |
CRUD |
vip-registrations/ |
CRUD |
programs/ |
CRUD |
contracts/ |
CRUD |
ViewSets: talent_management.api.views
Webhooks¶
Stripe (POST /payments/webhook/)¶
Handles checkout completion, subscription payments, ticket fulfillment. Verify signature with Stripe webhook secret.
SES (POST /communications/webhooks/ses/)¶
Email bounce and complaint notifications.
Field descriptions¶
| Header | Value |
|---|---|
| Authorization | Bearer <jwt> (mobile) |
| Content-Type | application/json |
Business rules¶
| Rule | Detail |
|---|---|
| Mobile RSVP | RSVP-type events only |
| Private events | Mobile detail enforces host check |
| Talent scoping | All resources under account UUID |
| No public write API | Event CRUD web-only |
Validation rules¶
- 404 on pk/tag mismatch
- 401 without valid JWT
User permissions¶
API enforces same business rules as web views server-side.
Workflow¶
Examples¶
Mobile login + tickets:
POST /api/mobile/v1/auth/login/
Content-Type: application/json
{"username": "user@example.com", "password": "..."}
List talents:
GET /api/v1/accounts/<uuid>/talents/
Authorization: Bearer <token>
Best practices¶
- Store JWT securely (Keychain/Keystore)
- Handle 401 with re-auth flow
- Idempotent webhook handlers
Tips¶
- Use
events/categories/for mobile filters - Talent UUIDs everywhere — not integer PKs
Common mistakes¶
| Mistake | Result | Fix |
|---|---|---|
| Wrong account UUID | 404 | GET /api/v1/accounts/ |
| RSVP on registration event | 4xx | Use web registration |
FAQs¶
GraphQL?
Not available — REST only.
API keys for organizers?
Not implemented — session auth on web.
Troubleshooting¶
| Symptom | Cause | Fix |
|---|---|---|
| 403 talent | User not linked to account | Link CustomUser.account |
| Webhook 400 | Signature mismatch | Rotate secret |
Related features¶
Screenshot placeholders¶
N/A — API documentation.
Administrator notes¶
- Rate limit and monitor
/auth/login/ - Document webhook URLs in Stripe dashboard
Developer/API notes¶
| App | Package |
|---|---|
| mobile_api | mobile_api/views.py, urls.py |
| talent API | talent_management/api/ |
| Web auth | django-allauth session cookies |
See also: Known Limitations