Access profiles, admission rules & policies
Reusable building blocks that access rules and events reference. Access
profiles package a bundle of booking settings so several access rules share
them; admission groups + rules apply conditional discounts and auto-approval
to the guest list; policies hold booking terms and deposit/refund rules. Every
endpoint is under /api/my-venues/:venueId/… and is operator (client role,
venue-scoped) - send an Authorization: Bearer token from the
Authentication flow.
| Method | Path | Purpose | Auth |
|---|---|---|---|
| GET/POST | /api/my-venues/:venueId/list-profiles |
Guest-list profiles | operator |
| PUT/DELETE | /api/my-venues/:venueId/list-profiles/:id |
Update/delete | operator |
| GET/POST | /api/my-venues/:venueId/table-profiles |
Table profiles | operator |
| PUT/DELETE | /api/my-venues/:venueId/table-profiles/:id |
Update/delete | operator |
| GET/POST | /api/my-venues/:venueId/event-profiles |
Event profiles | operator |
| PUT/DELETE | /api/my-venues/:venueId/event-profiles/:id |
Update/delete | operator |
| GET/POST | /api/my-venues/:venueId/ticket-profiles |
Ticket profiles | operator |
| PUT/DELETE | /api/my-venues/:venueId/ticket-profiles/:id |
Update/delete | operator |
| GET/POST | /api/my-venues/:venueId/admission-groups |
Admission groups | operator |
| PUT/DELETE | /api/my-venues/:venueId/admission-groups/:gid |
Update/delete group | operator |
| POST | /api/my-venues/:venueId/admission-groups/:gid/rules |
Add rule | operator |
| PUT/DELETE | /api/my-venues/:venueId/admission-groups/:gid/rules/:id |
Update/delete rule | operator |
| GET/PUT | /api/my-venues/:venueId/booking-policies |
Booking policy text | operator |
| GET/POST | /api/my-venues/:venueId/payment-policies |
Payment policies | operator |
| PUT/DELETE | /api/my-venues/:venueId/payment-policies/:id |
Update/delete | operator |
Access profiles
Section titled “Access profiles”The four families share one CRUD shape: GET lists, POST creates (returns
{ success, id }), PUT /:id updates, DELETE /:id removes. name is required
on every create/update. They differ in the settings they carry:
list-profiles- guest-list pricing and admission:venue_access_*,free_guest_list_*,paid_guest_list_*,queue_skip_price_*,surge_threshold_*,surge_price_*,party_size_*, booking window,max_covers_*, andadmission_rule_group_idto attach an admission group.table-profiles- table booking:seating_area_ids/table_ids,payment_policy_id, duration,bundle_ids,reservation_tags, booking window,max_covers_*,table_assignment_mode(auto|guest_pick) withguest_pick_area_ids, andpricelist_id.event-profiles- event booking:payment_policy_id, booking window,bundle_ids,reservation_tags,promo_code_ids,visibilityandlisted.ticket-profiles- ticket booking: booking window,visibility,booking_tagsandshow_capacity.
Each feature has an *_enabled toggle; a value only applies when its toggle is
true, otherwise the venue default is used.
Create a table profile
Section titled “Create a table profile”curl -X POST "https://thesidedoor.co/api/my-venues/VENUE_ID/table-profiles" \ -H "Authorization: Bearer $SIDEDOOR_TOKEN" \ -H "Content-Type: application/json" \ -d '{"name":"Standard Table","party_size_enabled":true,"party_size_min":2,"party_size_max":8,"duration_enabled":true,"duration_minutes":120,"table_assignment_mode":"auto","payment_policy_id":"pp_std"}'const res = await fetch( "https://thesidedoor.co/api/my-venues/VENUE_ID/table-profiles", { method: "POST", headers: { Authorization: `Bearer ${process.env.SIDEDOOR_TOKEN}`, "Content-Type": "application/json", }, body: JSON.stringify({ name: "Standard Table", party_size_enabled: true, party_size_min: 2, party_size_max: 8, duration_enabled: true, duration_minutes: 120, table_assignment_mode: "auto", payment_policy_id: "pp_std", }), },);const data = await res.json();$ch = curl_init("https://thesidedoor.co/api/my-venues/VENUE_ID/table-profiles");curl_setopt_array($ch, [ CURLOPT_POST => true, CURLOPT_RETURNTRANSFER => true, CURLOPT_HTTPHEADER => [ "Authorization: Bearer {$token}", "Content-Type: application/json", ], CURLOPT_POSTFIELDS => json_encode([ "name" => "Standard Table", "party_size_enabled" => true, "party_size_min" => 2, "party_size_max" => 8, "duration_enabled" => true, "duration_minutes" => 120, "table_assignment_mode" => "auto", "payment_policy_id" => "pp_std", ]),]);$data = json_decode(curl_exec($ch), true);{ "success": true, "id": "tp_std" }Update with PUT /api/my-venues/:venueId/table-profiles/:id and delete with
DELETE /api/my-venues/:venueId/table-profiles/:id (deleting also detaches the
profile from any access rules that referenced it), each returning
{ "success": true }. The other three families work identically at their own
paths.
Admission groups & rules
Section titled “Admission groups & rules”An admission group is a named container of rules; each rule tests conditions
(guest tags, past bookings, network connections) and applies actions (a discount,
auto-approval, an increased plus-one cap). Attach a group to a guest-list profile
via its admission_rule_group_id.
Create a group
Section titled “Create a group”POST /api/my-venues/:venueId/admission-groups takes name (required) and an
optional sort_order.
curl -X POST "https://thesidedoor.co/api/my-venues/VENUE_ID/admission-groups" \ -H "Authorization: Bearer $SIDEDOOR_TOKEN" \ -H "Content-Type: application/json" \ -d '{"name":"Regulars","sort_order":0}'const res = await fetch( "https://thesidedoor.co/api/my-venues/VENUE_ID/admission-groups", { method: "POST", headers: { Authorization: `Bearer ${process.env.SIDEDOOR_TOKEN}`, "Content-Type": "application/json", }, body: JSON.stringify({ name: "Regulars", sort_order: 0 }), },);const { id } = await res.json();$ch = curl_init("https://thesidedoor.co/api/my-venues/VENUE_ID/admission-groups");curl_setopt_array($ch, [ CURLOPT_POST => true, CURLOPT_RETURNTRANSFER => true, CURLOPT_HTTPHEADER => [ "Authorization: Bearer {$token}", "Content-Type: application/json", ], CURLOPT_POSTFIELDS => json_encode(["name" => "Regulars", "sort_order" => 0]),]);$data = json_decode(curl_exec($ch), true);{ "success": true, "id": "grp_reg" }GET /api/my-venues/:venueId/admission-groups returns each group with a nested
rules array.
Add a rule to a group
Section titled “Add a rule to a group”POST /api/my-venues/:venueId/admission-groups/:gid/rules. Each condition and
action has an *_enabled toggle plus a typed value: cond_tags (array),
cond_bookings_min, cond_connections_min, act_discount_pct,
act_autoapprove_enabled (toggle only) and act_maxplus.
curl -X POST "https://thesidedoor.co/api/my-venues/VENUE_ID/admission-groups/grp_reg/rules" \ -H "Authorization: Bearer $SIDEDOOR_TOKEN" \ -H "Content-Type: application/json" \ -d '{"name":"VIP tag → 20% off + auto-approve","cond_tags_enabled":true,"cond_tags":["vip"],"act_discount_enabled":true,"act_discount_pct":20,"act_autoapprove_enabled":true,"act_maxplus_enabled":true,"act_maxplus":6}'const res = await fetch( "https://thesidedoor.co/api/my-venues/VENUE_ID/admission-groups/grp_reg/rules", { method: "POST", headers: { Authorization: `Bearer ${process.env.SIDEDOOR_TOKEN}`, "Content-Type": "application/json", }, body: JSON.stringify({ name: "VIP tag → 20% off + auto-approve", cond_tags_enabled: true, cond_tags: ["vip"], act_discount_enabled: true, act_discount_pct: 20, act_autoapprove_enabled: true, act_maxplus_enabled: true, act_maxplus: 6, }), },);const data = await res.json();$ch = curl_init( "https://thesidedoor.co/api/my-venues/VENUE_ID/admission-groups/grp_reg/rules");curl_setopt_array($ch, [ CURLOPT_POST => true, CURLOPT_RETURNTRANSFER => true, CURLOPT_HTTPHEADER => [ "Authorization: Bearer {$token}", "Content-Type: application/json", ], CURLOPT_POSTFIELDS => json_encode([ "name" => "VIP tag → 20% off + auto-approve", "cond_tags_enabled" => true, "cond_tags" => ["vip"], "act_discount_enabled" => true, "act_discount_pct" => 20, "act_autoapprove_enabled" => true, "act_maxplus_enabled" => true, "act_maxplus" => 6, ]),]);$data = json_decode(curl_exec($ch), true);{ "success": true, "id": "arl_1" }Update a rule with PUT .../admission-groups/:gid/rules/:id and delete it with
DELETE .../admission-groups/:gid/rules/:id. Deleting a group also removes its
rules and detaches it from any list profiles.
Booking policies
Section titled “Booking policies”GET /api/my-venues/:venueId/booking-policies returns three free-text policy
strings; PUT saves them. Empty strings clear a policy.
curl -X PUT "https://thesidedoor.co/api/my-venues/VENUE_ID/booking-policies" \ -H "Authorization: Bearer $SIDEDOOR_TOKEN" \ -H "Content-Type: application/json" \ -d '{"tables":"48h cancellation notice.","guest_list":"Over-21s only.","events":"Tickets non-refundable."}'const res = await fetch( "https://thesidedoor.co/api/my-venues/VENUE_ID/booking-policies", { method: "PUT", headers: { Authorization: `Bearer ${process.env.SIDEDOOR_TOKEN}`, "Content-Type": "application/json", }, body: JSON.stringify({ tables: "48h cancellation notice.", guest_list: "Over-21s only.", events: "Tickets non-refundable.", }), },);const data = await res.json();$ch = curl_init("https://thesidedoor.co/api/my-venues/VENUE_ID/booking-policies");curl_setopt_array($ch, [ CURLOPT_CUSTOMREQUEST => "PUT", CURLOPT_RETURNTRANSFER => true, CURLOPT_HTTPHEADER => [ "Authorization: Bearer {$token}", "Content-Type: application/json", ], CURLOPT_POSTFIELDS => json_encode([ "tables" => "48h cancellation notice.", "guest_list" => "Over-21s only.", "events" => "Tickets non-refundable.", ]),]);$data = json_decode(curl_exec($ch), true);{ "success": true }Payment policies
Section titled “Payment policies”Payment policies hold deposit and refund terms; access rules, shifts and profiles
reference them by id. POST /api/my-venues/:venueId/payment-policies creates one
(name required). Fields: deposit_type (default none), refund_type (default
none), refund_percent (default 100), cancel_type (default anytime),
cancel_cutoff_value (default 24) and cancel_cutoff_unit (default hours).
Create a payment policy
Section titled “Create a payment policy”curl -X POST "https://thesidedoor.co/api/my-venues/VENUE_ID/payment-policies" \ -H "Authorization: Bearer $SIDEDOOR_TOKEN" \ -H "Content-Type: application/json" \ -d '{"name":"Standard Deposit","deposit_type":"hold","refund_type":"partial","refund_percent":50,"cancel_type":"cutoff","cancel_cutoff_value":24,"cancel_cutoff_unit":"hours"}'const res = await fetch( "https://thesidedoor.co/api/my-venues/VENUE_ID/payment-policies", { method: "POST", headers: { Authorization: `Bearer ${process.env.SIDEDOOR_TOKEN}`, "Content-Type": "application/json", }, body: JSON.stringify({ name: "Standard Deposit", deposit_type: "hold", refund_type: "partial", refund_percent: 50, cancel_type: "cutoff", cancel_cutoff_value: 24, cancel_cutoff_unit: "hours", }), },);const data = await res.json();$ch = curl_init("https://thesidedoor.co/api/my-venues/VENUE_ID/payment-policies");curl_setopt_array($ch, [ CURLOPT_POST => true, CURLOPT_RETURNTRANSFER => true, CURLOPT_HTTPHEADER => [ "Authorization: Bearer {$token}", "Content-Type: application/json", ], CURLOPT_POSTFIELDS => json_encode([ "name" => "Standard Deposit", "deposit_type" => "hold", "refund_type" => "partial", "refund_percent" => 50, "cancel_type" => "cutoff", "cancel_cutoff_value" => 24, "cancel_cutoff_unit" => "hours", ]),]);$data = json_decode(curl_exec($ch), true);{ "success": true, "id": "pp_std" }Update with PUT /api/my-venues/:venueId/payment-policies/:id and delete with
DELETE /api/my-venues/:venueId/payment-policies/:id, each returning
{ "success": true }. For how holds are captured or released at check-in, see
the operator guide on deposits and holds.