Skip to content
Tickets Please

Guest Checkout

Guest Checkout

Not every buyer wants to create an account just to attend an event. Guest checkout lets visitors purchase tickets and access their order details without logging in, using a secure token-based system. The buyer gets a unique URL they can use to view their tickets until the token expires.

How Guest Checkout Works

When a non-logged-in buyer completes a purchase, Tickets Please generates a unique token for the order. This token serves as the buyer’s credential for accessing their order details without an account.

The flow works like this:

  1. The buyer completes checkout without logging in, providing only their name and email.
  2. Tickets Please generates a unique token and associates it with the order.
  3. A cookie called tec_guest_order_token is set in the buyer’s browser.
  4. The buyer is redirected to the order confirmation page with the token as a URL parameter: ?guest_token={token}.
  5. The confirmation email also includes the tokenized URL, so the buyer can access their order from any device.

No password, no registration form, no account creation step. The buyer goes from selecting tickets to seeing their confirmation as fast as possible.

Accessing Order Details

After checkout, the buyer can view their order details in two ways:

Via the Tokenized URL

The order confirmation URL includes the guest token as a query parameter. As long as the buyer has this URL (from their browser history or confirmation email), they can revisit their order details. The URL looks like:

https://yoursite.com/order-confirmation/?guest_token=abc123def456

The tec_guest_order_token cookie persists in the buyer’s browser. If they visit the order confirmation page without the query parameter, the cookie is checked automatically and their order details are displayed.

What Guest Buyers See

The guest order view shows the same information as the My Tickets page but scoped to the single order:

  • Order number and date
  • Event name, date, and venue
  • Ticket details (type, quantity, price)
  • Attendee security codes
  • Check-in status
  • Calendar links (.ics download, Google Calendar, Outlook.com)
  • Payment summary

The guest view does not show tickets from other orders. Each token grants access to one specific order only.

REST API Access

The guest order data is available through a dedicated REST endpoint:

Endpoint: GET /tribe/tickets/v1/guest-order?token={token}

This endpoint does not require authentication. The token itself serves as the access credential. The response includes the order details, associated attendees, and event information.

Token Expiration

Guest tokens expire 24 hours after the event’s end date. This gives the buyer access to their order details through the day of the event and one full day afterward.

After expiration:

  • The tokenized URL returns a “this link has expired” message.
  • The tec_guest_order_token cookie is no longer valid.
  • The REST endpoint returns a 401 response.
  • The order data still exists in the system and is accessible to site admins. Only the guest’s token-based access is revoked.

If the buyer needs to access their order after the token expires, they can contact the site admin, who can look up the order by email address or order number.

Security Considerations

Guest tokens are cryptographically random strings. They are not sequential, guessable, or derived from order data. Knowing one token does not help an attacker find other tokens.

The token grants read-only access to a single order. It cannot be used to modify the order, request refunds, or access any other data on the site. Refund requests from guest buyers require contacting the site admin directly.

When Guests Create an Account Later

If a guest buyer later creates a WordPress account using the same email address they used at checkout, their previous guest orders are not automatically linked to the new account. An admin can manually reassign attendee records to the new user account if needed.

Common Questions

Can I disable guest checkout and require accounts? Tickets Please allows guest checkout by default. To require login, you can redirect non-logged-in users away from the checkout page using a standard WordPress login redirect or membership plugin.

Can guest buyers request refunds? Guest buyers do not have access to the refund request form on the My Tickets page since they are not logged in. They need to contact the site admin to request a refund. The admin can process the refund from the attendee management screen.

What if the buyer loses the confirmation email? If the browser cookie is still set, they can visit the order confirmation page directly and their order loads automatically. If both the email and cookie are gone, the buyer needs to contact the site admin with their name or email to look up the order.

Can I extend the token expiration time? The 24-hours-after-event-end expiration is the default. Custom expiration logic can be implemented through a filter on the token validation.

Is guest checkout available with WooCommerce integration? When WooCommerce integration is active, guest checkout follows WooCommerce’s guest checkout settings. WooCommerce has its own “Allow customers to place orders without an account” option under WooCommerce > Settings > Accounts & Privacy.

Next Steps