Skip to main content

Overview

The PassTru API provides programmatic access to manage events, attendees, check-ins, and email notifications for your event management platform. Built on Supabase, the API uses PostgreSQL with Row Level Security (RLS) for secure, real-time data access.

Architecture

PassTru is built on a modern serverless architecture:
  • Database: Supabase PostgreSQL with real-time subscriptions
  • Authentication: Supabase Auth with JWT tokens
  • Edge Functions: Deno-based serverless functions for complex operations
  • Storage: Supabase Storage for branding assets and images
  • Email: Resend integration for confirmation emails

Base URL

https://[your-project-ref].supabase.co
Your Supabase project URL and API keys are available in your Supabase project dashboard.

Client SDK

PassTru uses the Supabase JavaScript client for all API interactions. Install it in your project: 
npm install @supabase/supabase-js

Initialize the Client

import { createClient } from '@supabase/supabase-js'
import type { Database } from './types'

const supabase = createClient<Database>(
  process.env.VITE_SUPABASE_URL,
  process.env.VITE_SUPABASE_PUBLISHABLE_KEY,
  {
    auth: {
      storage: localStorage,
      persistSession: true,
      autoRefreshToken: true,
    }
  }
)

Key Concepts

Organizations

Every client has an organization that owns events and manages token balances. Organizations are identified by both a UUID id and a URL-friendly slug.

Events

Events belong to organizations and contain attendees. Each event has:
  • A unique slug for URL routing
  • Custom attendee_fields configuration
  • Branding settings for public-facing pages
  • Token consumption tracking

Attendees

Attendees are linked to events and have:
  • A unique 8-character unique_id for check-in
  • Check-in status and timestamps
  • Custom fields based on event configuration
  • Portal access control

Roles

PassTru supports three user roles:

Rate Limits

Supabase enforces the following limits:
  • API requests: 500 requests per second per project
  • Database connections: Based on your Supabase plan
  • Edge Functions: 500,000 invocations per month (free tier)
  • Storage: 1GB (free tier), upgradeable

Error Handling

All API responses follow Supabase’s standard error format: 
interface SupabaseError {
  message: string
  details: string | null
  hint: string | null
  code: string
}
Common error codes:
  • PGRST116: Row level security violation
  • 23505: Unique constraint violation
  • 23503: Foreign key constraint violation
  • 42501: Insufficient privilege

TypeScript Support

PassTru provides full TypeScript definitions generated from the database schema: 
import type { Database, Tables, TablesInsert, TablesUpdate } from './types'

// Type-safe row access
type Event = Tables<'events'>
type Attendee = Tables<'attendees'>

// Type-safe inserts
type NewEvent = TablesInsert<'events'>
type NewAttendee = TablesInsert<'attendees'>

Next Steps

Authentication

Learn how to authenticate users and manage sessions

Events API

Create and manage events

Attendees API

Manage event attendees

Check-ins API

Handle attendee check-ins

Build docs developers (and LLMs) love

Get started for freeTalk to us