Skip to content

Vista Digital Platform (V1)

Download OpenAPI description
openapi.json
openapi.yaml
Languages
Servers
Mock server
https://developer.vista.co/_mock/openapi/digital-platform/openapi

Completed Order Assets

Operations

Completed Orders

Operations

Orders

Operations

Seats

Operations

Discounts

Operations

Events

Operations

Showtimes

Operations

Films

Operations

Gift Cards

Operations

Items

Operations

Journeys

Operations

Third Party Passes

Operations

Loyalty

Operations

Authentication

Operations

Authenticates a member and creates an member authentication token

Request

This method of authentication is recommended for clients that can securely store the member authentication token access_token and member authentication token refresh_token locally.

The member authentication token access_token must be provided as the LoyaltySessionToken HTTP header to authenticate subsequent requests.

Sign out is handled by deleting the stored member authentication token access_token and member authentication token refresh_token

This method can be used to both create a new access token, or refresh an expired token based on the member authentication request grant_type

Data is to be provided as application/x-www-form-urlencoded form parameters in the format of member authentication request

Currently, the external_issuer grant type will fail if the provided external authentication token can not be linked to a single Loyalty member, and as such is unsuitable for social sign in flows.

Error Response

LockOutPeriodInSeconds property will only be present on the response object if the response has the error code 32000.

Licenses Required

  • Vista.Ocapi
Headers
Connect-Region-Codestring

Region Code

Bodymultipart/form-data
grant_typestringrequired
usernamestring
emailstring
passwordstring
refresh_tokenstring
club_idstring
rememberboolean
external_issuer_idstring
external_tokenstring
curl -i -X POST \
  https://developer.vista.co/_mock/openapi/digital-platform/openapi/ocapi/v1/members/authentication-token \
  -H 'Connect-Region-Code: string' \
  -H 'Content-Type: multipart/form-data' \
  -F grant_type=string \
  -F username=string \
  -F email=string \
  -F password=string \
  -F refresh_token=string \
  -F club_id=string \
  -F remember=true \
  -F external_issuer_id=string \
  -F external_token=string

Responses

Success

Bodyapplication/json
access_tokenstringnon-emptyrequired

Gets the access token

token_typestringnon-emptyrequired

Gets the type

Example: "Bearer"
expires_ininteger(int32)required

Gets the expiry time in seconds

refresh_tokenstring or null

Gets the refresh token

Response
application/json
{
  "access_token": "string",
  "token_type": "Bearer",
  "expires_in": 0,
  "refresh_token": "string"
}

Authenticates a member and returns an HTTP-only authentication cookie

Request

This method of authentication is recommended for clients that do not have access to secure storage, as the authentication token is stored in a secure HTTP-only cookie.

Providing this cookie with subsequent requests works as an alternative to the LoyaltySessionToken HTTP header.

Sign out is handled by the ExpireAuthenticationCookie method.

When using cookie-based authentication, the API will automatically refresh the cookie when the access token has expired.

In addition to the authentication cookie, a second vista-loyalty-member-is-authenticated cookie is returned that can be used by the client to detect whether the patron is authenticated.

Data is to be provided as application/x-www-form-urlencoded form parameters in the format of member authentication request

Currently, the external_issuer grant type will fail if the provided external authentication token can not be linked to a single Loyalty member, and as such is unsuitable for social sign in flows.

Error Response

LockOutPeriodInSeconds property will only be present on the response object if the response has the error code 32000.

Licenses Required

  • Vista.Ocapi
Headers
Connect-Region-Codestring

Region Code

Bodymultipart/form-data
grant_typestringrequired
usernamestring
emailstring
passwordstring
refresh_tokenstring
club_idstring
rememberboolean
external_issuer_idstring
external_tokenstring
curl -i -X POST \
  https://developer.vista.co/_mock/openapi/digital-platform/openapi/ocapi/v1/members/authentication-cookie \
  -H 'Connect-Region-Code: string' \
  -H 'Content-Type: multipart/form-data' \
  -F grant_type=string \
  -F username=string \
  -F email=string \
  -F password=string \
  -F refresh_token=string \
  -F club_id=string \
  -F remember=true \
  -F external_issuer_id=string \
  -F external_token=string

Responses

Member authenticated cookies created.

Response
No content

Expires the current authentication cookie

Request

Expires the current authentication cookie created by the CreateAuthenticationCookie or the CreateWorkstationAuthenticationCookie method.

Due to the authentication cookie being HTTP-only, clients do not have the ability to delete these themselves.

This endpoint provides a mechanism for the client to 'sign out' the current member ensuring the cookies on the client are removed.

Licenses Required

  • Vista.Ocapi
Headers
Connect-Region-Codestring

Region Code

curl -i -X DELETE \
  https://developer.vista.co/_mock/openapi/digital-platform/openapi/ocapi/v1/members/authentication-cookie \
  -H 'Connect-Region-Code: string'

Responses

Authentication cookie expired.

Authenticates a member for authenticated devices and returns an HTTP-only authentication cookie

Request

The HTTP Authorization header must include a Central Identity Management device token (also known as a DIM token).

Providing this cookie with subsequent requests works as an alternative to the LoyaltySessionToken HTTP header.

Sign out is handled by the ExpireAuthenticationCookie method.

When using cookie-based authentication, the API will automatically refresh the cookie when the access token has expired.

In addition to the authentication cookie, a second vista-loyalty-member-is-authenticated cookie is returned that can be used by the client to detect whether the patron is authenticated.

Data is to be provided as application/x-www-form-urlencoded form parameters in the format of member workstation authentication request

Unlike the standard member authentication endpoints, the cookie from this endpoint does not have permission to update member details.

Error Response

LockOutPeriodInSeconds property will only be present on the response object if the response has the error code 32000.

Licenses Required

  • Vista.Ocapi
Headers
Connect-Region-Codestring

Region Code

Bodymultipart/form-data
grant_typestringrequired
card_numberstring
phone_numberstring
pinstring
usernamestring
emailstring
passwordstring
club_idstring
curl -i -X POST \
  https://developer.vista.co/_mock/openapi/digital-platform/openapi/ocapi/v1/members/workstation-authentication-cookie \
  -H 'Connect-Region-Code: string' \
  -H 'Content-Type: multipart/form-data' \
  -F grant_type=string \
  -F card_number=string \
  -F phone_number=string \
  -F pin=string \
  -F username=string \
  -F email=string \
  -F password=string \
  -F club_id=string

Responses

Member authenticated cookies created.

Members

Operations

Member Completed Orders

Operations

Friends

Operations

Password Reset

Operations

Payments

Operations

Member Rewards

Operations

Subscriptions

Operations

Ticket Redemption Cards

Operations

Credentials

Operations

Watched Films

Operations

Watchlist Films

Operations

Completion

Operations

Gift shop

Operations

Vouchers

Operations

Refunds

Operations

Seating

Operations

Browsing

Operations

Sites

Operations

Surveys

Operations

Third-Party Member Schemes

Operations

Ticket Prices

Operations

Tracking Events

Operations

Tips

Operations