DocumentationTutorials, scenarios & features
Discover our expansive knowledgebase and learn how to get the most out of Citizen Ticket.
Tutorials
- Getting started
- Create an event, set up your venue and set the date
- Create and customise your organiser landing page with your brand identity
- Adding team members to your profile
- Advanced ticketing
- Managing early bird tickets
- Enforcing a mandatory ticket with ticket purchases
- Understanding automatic capacity management
- Using Passes - Annual Memberships, Bundles or Passes
- Configuring your time slots for private party experiences
- Working with many dates
- Customer management
- Data & Reporting
- Traffic & tracking
- Exporting data to be used off-platform
- Themes
Scenarios
- Refunds and Cancellations
Features
- Account Details
- Account Help
- App
- Box Office
- Email Centre
- Event Setup
- Create and manage early bird tickets
- Dates how do I cancel or postpone my event
- Dates how do I create multiple sessionstime slots for an event
- Dates how do I use multidate mode
- Dates how do I use the time slots power settings
- Donations how to add a donations option at checkout
- Duplicate event how do I duplicate my event
- Embed widget how do I embed a buy tickets form to my event website
- How do I make event buckets
- How do I pin an event
- How do I schedule a date to publish my event
- How do I set up a waiver form
- How do I set up gift vouchers
- How to activate exchanges
- How to set up exchange all tickets in a sale
- How to set up tentative bookings
- Images how do I add a promotional video to my event page
- Images media tile how do I embed a spotify link
- Location how do I delete a venue
- Location how do I set a location or change a location
- Location how do I set up an online event
- Location how do I set up my event when I havent secured a venue
- Multievent tools what are multievent tools
- Releases sidebar
- Sales digest notify me when my event or a timeslot sells out
- Title description how do I hide my event from public view
- Title description how do I set my event type
- Finance
- General Queries
- Livestream Events
- Livestream Hybrid Events
- How do I change the sales end date for a live stream event with watch again enabled
- Live stream events how do I make sure my events live stream broadcast is of high quality
- Live stream events how do I stream a thirdparty conference call to my live stream
- Livestream studio can I add an alternative viewing link to my livestream event
- Livestream studio can people watch my camera if I havent gone live
- Livestream studio how do I customise my events live stream page
- Livestream studio how do I end the live stream for my event closing your broadcast
- Livestream studio how do I send a broadcast message to viewers
- Livestream studio how do I set up my streaming software for my live stream event
- Livestream studio how do I start my livestream or go live
- Livestream studio how to download the recording after the livestream
- Livestream studio what happens if access opens and I havent gone live
- Livestream studio what is broadcast message
- Livestream studio what is livestream embed
- Livestream studio what is streaming software
- Livestream studio what stream quality will my viewers receive
- Livestream studio when should I enable watch again after my live stream has finished
- Livestream studio where do I find the live stream server url and key
- Location how do I create a hybrid event location
- Location how do I create a live stream event location
- Tickets can I create a free live stream ticket
- Tickets how do I create a live stream ticket type
- Tickets how do I create live stream ticket types for a watch again or rental period
- Tickets how do I create ticket types for a hybrid event
- Manage Booking
- Customer fringe by the sea how do I apply for a refund for an event or return a free ticket
- Customer greenwich market grotto danson house how do I exchange my tickets to another datetime slot
- Customer how do I add my events to my personal calendar
- Customer how do I apply for a refund for an event or return a free ticket
- Customer how do I exchange my tickets for a tentative booking
- Customer how do I exchange my tickets to another datetime slot
- Customer how do I send a ticket as a gift to someone
- Customer I havent been sent cant find my eticket request ticket wallet
- Customer I purchased the wrong tickets how do I change my tickets for the correct event
- Customer I want to transfer my ticket to a friend or family member
- Customer my event has been cancelled
- Marketing
- After sale pop up how do I send a message to customers after they purchase a ticket
- Can I talk to somebody about marketing my event
- Continue shopping how do I allow customers to continue shopping for tickets to events on my organiser profile
- Discount codes how do I create a discount code for my event
- How do I capture customer data
- How do I create an access code for my event
- How to write a marketing optin message
- Marketing checkout settings
- Reward referrer how do I set up rewards for customers who refer my event to others
- Seo sharing how do I use seo sharing
- Super trolley how do I create add ons for my event e
- Super trolley traffic and tracking
- Traffic tracking how to add a moment
- What are urchin tracking module parameters
- My Account
- My Tickets
- Other
- Reporting
- Attendees guests how do I view my attendeesguests
- Attendees guests seating plan
- How to export attendees and guests reports across multiple events
- How to export sales revenue reports across multiple events
- Sales digest how do I get weekly sale updates for my event
- Sales revenue how do I view my ticket sales
- Traffic tracking what is the traffic tracking tool
- Ticket Purchase
- Customer archerfield walled garden the santa experience how do I purchase a ticket
- Customer borders book festival general public how do I purchase a ticket
- Customer greenwich market grotto danson house grotto 2023 how do I purchase a ticket
- Customer how do I purchase a ticket
- Customer how do I search for an event
- Customer how do I use my gift voucher
- Customer how to fill out a waiver form
- Customer I am struggling to get my transaction through
- Customer my event is sold out can I join a waiting list
- Customer one time codes
- Customer the checkout times out in less than 10 minutes
- Customer treasure island how do I purchase a ticket
- Customer where do I put my access code
- Customer where do I put my discount code
- Ticket Setup
- Activate ticket b when ticket a sells out
- How can I make a ticket type mandatory
- How can I ringfence some tickets for my event
- How do I absorb fees
- How do I activate the transfer functionality
- How do I create a custom wallet button with a link for a thirdparty conference call
- How do I set up a pass
- How do I stop all ticket sales for an event
- Tickets how can automatic quantities handle family tickets
- Tickets how can I create a ticket that allows customers to set their own price
- Tickets how do I activatedeactivate a ticket type for sale at a later date
- Tickets how do I collect the delivery addresses of my ticket purchasers
- Tickets how do I control the ticket ownership per person for my event
- Tickets how do I create a free ticket type
- Tickets how do I hide a ticket type
- Tickets how do I set my refund policy
- Tickets what is a foundation ticket
- Tickets what is ticket grouping
- Waiting list what is the waiting list feature
Security Disclosure Policy
We at Citizen Ticket are committed to providing a robust, reliable and secure ticketing platform that safeguards our organisers' and our customers' data. We appreciate and recognise the value in contributions that responsible, independent and ethically minded security researchers can contribute to our platform. This document intends to outline the scoping, framework and reporting methods for Citizen Ticket so that we can work with the security researcher community most effectively.
Scope
Only submit reports where a real impact to Citizen Ticket, or its user accounts and/or data, would exist as a result of the vulnerability.
Do not create an unnecessary amount of data records via our system; limit yourself to only what is necessary to prove the exploit - usually 1-3 records.
Please do not research, or submit reports about:
- Self XSS (where the user can only 'attack' themselves)
- Volumetric DoS attacks
- Discoveries/indications that we do not align with 'industry best practices' but are not necessarily security weaknesses themselves
- Clickjacking
Domains
Please limit your research to dev.citizenticket.co.uk
Reporting vulnerabilities
Please email your vulnerability to abuse@citizenticket.co.uk outlining
- The category of technique/exploitation in the subject line eg. XSS exploit
- The URL affected
- The steps to reproduce the error
- A clear description
Severity Levels
For each report, we will aim to categorise the report into one of 4 levels to signify the potential severity of impact of the reported problem;
Severity Rating | Definition |
None | The bug is one or more of the following:
|
Low | The bug is one or more of the following:
|
Medium | The bug is one or more of the following;
|
High | The bug is one or more of the following:gains access to a user account in a reproducible manner leaks sensitive user data in a targeted manner or in bulk causes significant disruption to our service |
The severity rating given is to our discretion, meaning that we may choose to escalate or de-escalate the severity rating for a particular bug without regard to our definition or not necessarily with given reason.
Our response & commitments
We aim to acknowledge all reports within 7 days of receipt of report. We will also provide you with a bug report reference. If you do not receive a reply acknowledging your report after 7 full days after receipt, please resubmit the report again and contact us via a separate channel of communication, for example via customer support, to request acknowledgement of your report. (Do not resubmit the report itself to the separate channel of communication).
For medium to high severity bugs, within 28 days of acknowledging your report, we aim to put in place a remedy or mitigation addressing the vulnerability. We aim to provide you with progress of our solution within the 28 day time period from acknowledgement. If you have not heard from us by this point, please recontact us via a separate channel for a status update, along with the bug report reference.
For none to low severity bugs, we may or may not provide a timeframe, and we may or may not choose to address the perceived problem. We will, however, acknowledge the report and provide you with our severity rating.
Your responsibilities & commitments
Security researchers must not:
- Act threatening, rude or with otherwise ill-intent to Citizen Ticket the company, or it's employees or staff
- Modify data that is not your own or not clearly segregated & marked as test data Disrupt our production services/systems ever, or disrupt our non-production services/systems without prior obtained consent
- Disclose information uncovered during researching to third parties, for example user data
- Disclose vulnerabilities to third parties or the public without first receiving confirmation from Citizen Ticket that the vulnerability has been mitigated or rectified
- If the vulnerability discovered concerns a third-party library, framework or API, the third party can be notified but Citizen Ticket should not be implied or mentioned.
- If you are unsure, please contact abuse@citizenticket.co.uk for clarification
Security researchers must:
- Act within the confines of the scope set within this document
- Delete all data created and/or retrieved during their research as soon as possible, by the latest at 1 month after the report is submitted
If you are unsure about your responsibilities, actions (prior or planned), please contact abuse@citizenticket.co.uk for clarification.
Bounty & Rewards
We are not currently running a bug bounty program. However, we are able to pay hourly or day rates to vetted security researchers who wish to participate in our programme. Please contact us via abuse@citizenticket.co.uk to discuss compensation before you begin research on our domain.
Legalities
We have put this policy in place to better define our expectations when working with well-intentioned security researchers. However, this policy does not grant permission to anybody to act outside of the laws of Scotland, the UK, or the country of residence of the security researcher, and it does not cause Citizen Ticket to be in breach of its own legal obligations. Particular consideration should be given to;
- Computer Misuse Act 1990
- Data Protection Act 2018
- General Data Protection Regulation (GDPR) 2016
As long as the report is made in good faith, and within scope, and within accordance of this policy, we will not seek to prosecute any security researcher for finding and submitting their report of a security vulnerability.