A hardened, production-ready backend API built on Cloudflare Workers that securely proxies the Ticketmaster Discovery API for mobile applications.
- Protect private API keys
- Enforce rate limits suitable for mobile apps
- Normalize Ticketmaster data into a frontend-friendly format
- Cache aggressively to control cost and latency
- Serve as the foundation for future features (venues, artists, analytics)
Mobile apps must never call third-party APIs like Ticketmaster directly.
Problems with direct client access:
-
API keys are exposed and easily abused
-
No rate limiting โ runaway costs
-
No caching โ slow + expensive
-
No control over request shape
-
No place to evolve business logic
-
Event Pulse API solves all of this.
-
Cloudflare Workers (edge runtime, global, zero cold starts)
-
Durable Objects for per-IP rate limiting
-
Stale-While-Revalidate caching using Cloudflare Cache API
-
Ticketmaster Discovery API as the upstream data source
-
No database required (yet)
Mobile App
โ
Event Pulse API (Cloudflare Worker)
โ
Ticketmaster Discovery API
-
Ticketmaster API key is stored as a Cloudflare secret
-
Never exposed to clients
-
Never committed to GitHub
Per-IP, per-route limits with soft warnings and hard blocks:
| Window | Soft Limit | Hard Limit |
|---|---|---|
| 10s | 8 | 10 |
| 1m | 25 | 30 |
| 15m | 180 | 200 |
| 24h | 1800 | 2000 |
-
Soft limits return warnings (UX-friendly)
-
Hard limits return 429 with Retry-After
-
Limits are route-aware (/events, future /venues)
All incoming requests are strictly validated.
-
latlong=LAT,LNG
-
radius=NUMBER
-
Latitude: -90 โ 90
-
Longitude: -180 โ 180
-
Radius: 1 โ 50 miles (mobile-safe)
Invalid requests are rejected before hitting Ticketmaster.
Only these parameters are forwarded upstream:
latlong
radius
unit
size
keywordAnything else is silently dropped to:
-
Prevent abuse
-
Avoid unexpected upstream costs
-
Keep behavior predictable
The API uses edge caching to balance freshness and performance.
-
Cache TTL: 5 minutes
-
Cached responses return instantly
-
Background refresh updates cache asynchronously
-
Latency
-
Ticketmaster request volume
-
API costs
Ticketmaster responses are large and inconsistent.
This API normalizes them into a simple, stable shape:
export type Event = {
id: string;
title: string;
date: string;
venue: string;
city: string;
lat: number;
lng: number;
image: string | null;
url: string;
};-
No Ticketmaster-specific logic
-
Smaller payloads
-
Easy mapping to lists & maps
The API tracks request volume per city (edge-safe, low cost).
-
Understand usage patterns
-
Prepare for future dashboards
-
Inform caching & rate-limit tuning
-
No personal data is stored.
GET /events
Fetch nearby events by location.
curl "https://event-pulse-api.workers.dev/events?latlong=40.7128,-74.0060&radius=10"
{
"events": [
{
"id": "Z7r9jZ1AdFA",
"title": "Live Concert",
"date": "2026-02-12",
"venue": "Madison Square Garden",
"city": "New York",
"lat": 40.7505,
"lng": -73.9934,
"image": "https://...",
"url": "https://ticketmaster.com/..."
}
],
"softWarning": "Approaching rate limit for 60s window"
}-
Node 18+
-
Wrangler CLI
npm install
wrangler dev
Environment variables are loaded from .env (not committed).
wrangler deploy
-
wrangler.jsonc
-
Durable Object migrations (new_sqlite_classes)
-
Cloudflare Free Plan compatible
Planned next steps:
-
/venues endpoint
-
Artist search
-
Pagination support
-
Observability dashboard
-
Feature-based service layer
-
Optional auth (per-user limits)
-
Mobile-first
-
Cost-aware
-
Secure by default
-
Edge-native
-
Built to scale without rewrites
Built by Greg Petropoulos as the backend foundation for the Event Pulse mobile app.