The Problem with Event Discovery Today
Let's paint a familiar picture: You're new in London. It's Friday afternoon, and you're thinking "I should do something tonight—maybe a yoga class or a community meetup?"
So you start the search marathon:
- 1Open Eventbrite, search "London yoga", scroll through 50+ results
- 2Try Meetup.com, filter by date, filter by location, filter by category
- 3Check Facebook Events, deal with irrelevant suggestions
- 4Maybe search Instagram for yoga studios, check their websites individually
- 5Finally find something, click through to RSVP, create another account...
30 minutes later, you're exhausted from searching, you've opened 15 tabs, and you still haven't RSVPd to anything.
"There has to be a better way. Why can't I just ask for what I want?"
Enter the Agentic Web
Now imagine this instead:
You → ChatGPT:
"Show me yoga classes in London tomorrow night"
ChatGPT → You:
"I found 3 yoga classes in London tomorrow evening:"
- Vinyasa Flow at Primrose Hill, 7:00 PM - 5 spots left - £28
- Beginner Hatha at Camden, 7:30 PM - 8 spots left - £19
- Community Power Yoga at Shoreditch, 8:00 PM - 12 spots left - £22
"Would you like me to RSVP you to the Vinyasa Flow class at Primrose Hill?"
You → ChatGPT:
"Yes, please!"
ChatGPT → You:
"I've sent a confirmation email to your address. Click the link to confirm your RSVP. See you at yoga! 🧘"
30 seconds. That's it. No apps opened. No tabs. No forms. No account creation. Just a simple conversation with your AI assistant.
This is the Agentic Web—where AI agents don't just read the web, they act on your behalf. And Who's In is the world's first and only AI-native RSVP platform built from the ground up for this future.
🏆 Industry First
While platforms like Eventbrite, Luma, Meetup, Partiful, and RSVPify remain locked in the app-browsing era, Who's In is the only event platform in the world with full OAuth 2.0 authentication and proactive webhooks for AI agents. Not "coming soon." Available now.
How We Made Events "AI-Actionable"
Making Who's In "AI Agent Ready" wasn't just about adding an API—it required rethinking how events should be structured in an AI-powered world.
1. Discovery Layer
We implemented the <code className="bg-neutral-100 px-2 py-1 rounded text-sm">/llms.txt</code> standard, a standardized file that tells AI agents "Hey, this website has capabilities you can use!"
Think of it like robots.txt, but instead of telling search engines what to crawl, it tells AI agents what actions they can perform.
2. Structured Data (Schema.org)
Every event on Who's In includes machine-readable structured data with potentialAction markup. This tells AI agents: "This event is not just readable—it's actionable."
3. RESTful API
We built a clean, public API that AI agents can use to:
- Browse upcoming public events with filters
- Search events by keywords
- Check real-time availability
- Initiate RSVPs (with user confirmation)
4. Human-in-the-Loop Safety
Here's the critical part: AI agents can't RSVP without your explicit confirmation.
When an AI initiates an RSVP on your behalf, you receive a confirmation email. You must click the link to confirm. This protects against AI errors, manipulation, and ensures you're always in control.
Taking AI Agent Integration to the Next Level
We've just launched advanced capabilities that make Who's In not just AI-actionable, but a fully-fledged AI-native platform with authenticated access and proactive notifications. Here's what's new:
OAuth 2.0: Secure Organizer Access
Industry-Standard Authentication
While anyone can browse and RSVP to public events, organizers need secure access to their private data— like attendee lists, contact information, and event analytics. We've implemented OAuth 2.0, the same authentication standard used by Google, GitHub, and Microsoft.
What This Means for You:
Ask AI for Your Attendee Lists
"Show me who's coming to my yoga class tomorrow" → AI securely accesses your event data
Manage Events Through Conversation
"How many people RSVPd to my events this week?" → Get instant analytics via ChatGPT
One-Time Authorization
Approve access once, then seamlessly interact with your events through any AI assistant
🔒 Security First: You control exactly what data AI agents can access through granular permission scopes. Revoke access anytime from your account settings.
Webhooks: Proactive AI Notifications
Real-Time Event Updates
Here's where it gets really exciting: AI agents don't just respond to your questions—they can now proactively notify you when important things happen with your events. This is the shift from reactive to proactive AI.
Real-World Scenarios:
Event Reaches Capacity
Your morning yoga class fills up while you're asleep.
💬 ChatGPT notifies you: "Your 'Beach Yoga' event just reached full capacity (20/20 attendees). 3 people are on the waitlist. Would you like to open more spots?"
New RSVP Confirmed
Someone confirms their attendance to your networking event.
💬 Claude notifies you: "Sarah Johnson just confirmed her RSVP to 'Tech Founders Mixer'. You now have 45 confirmed attendees."
Automated Follow-Ups
Your AI assistant can automatically handle common scenarios.
💬 Gemini suggests: "Your event is in 2 hours and 5 people haven't checked in yet. Want me to send them a reminder?"
⚡ The Power of Proactive AI: Instead of manually checking your dashboard, your AI assistant becomes your event co-pilot—alerting you to opportunities and issues in real-time.
The Most Technologically Advanced Event Platform
Who's In is the world's first and only AI-native event platform. We're not just adding features to an old system—we've built the entire platform from the ground up for the AI-powered future. Here's how we compare to the competition:
| Feature | Eventbrite | Luma | Meetup | Partiful | RSVPify | Who's In |
|---|---|---|---|---|---|---|
| AI Agent Discovery (llms.txt) | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ |
| OpenAPI 3.1 Specification | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ |
| AI-Actionable Schema.org Markup | ⚠️ Basic | ⚠️ Basic | ⚠️ Basic | ❌ | ❌ | ✅ Advanced |
| OAuth 2.0 for AI Agents | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ |
| Proactive Webhooks | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ |
| ChatGPT Integration | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ |
| Claude Integration | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ |
| Gemini Integration | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ |
| Free Events | ⚠️ Fees Apply | ✅ | ⚠️ Subscription | ✅ | ⚠️ Paid Plans | ✅ Always Free |
| AI-Native Architecture | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ |
Why This Matters
Legacy platforms like Eventbrite and Meetup were built for the 2010s web. They assume people will open apps, browse listings, and manually search for events. That model is becoming obsolete.
Who's In was built from day one for the AI-powered 2026+ web. We're not retrofitting AI features onto an old codebase—our entire architecture is AI-native. From our Firebase Cloud Functions to our OAuth 2.0 implementation to our webhook system, everything is designed for autonomous AI agents.
Result: Your events on Who's In are discoverable by 200+ million ChatGPT users, Claude users, Gemini users, and every future AI assistant—while your competitors' events remain trapped in apps and websites.
Real-World Use Cases
🌍 Traveling
"I'm in Barcelona next week. Show me running clubs on Wednesday morning."
AI finds local events matching your travel schedule instantly.
🏃 Fitness
"Find me a free yoga class within 2km this weekend."
AI filters by location, price, category, and time automatically.
👥 Community
"I want to meet people who like hiking in my area."
AI understands intent and finds relevant community events.
📚 Learning
"Show me professional development workshops in tech this month."
AI searches across categories and dates in one query.
Why This Matters for Event Organizers
As an event organizer on Who's In, your events are now discoverable by:
200+ Million ChatGPT Users
Anyone using ChatGPT (Plus or Enterprise) can find and RSVP to your events
Claude, Gemini, and Beyond
Works with all major AI assistants and any future agent platforms
Zero Extra Work
Just mark your event as "Public" and it's automatically AI-discoverable
💡 Pro Tip: This is a massive distribution advantage
While other platforms require people to "remember to check Eventbrite" or "scroll through Facebook Events," your Who's In events appear wherever people are already having conversations with AI. It's like being on every event platform simultaneously—without doing any extra work.
The Bigger Picture: Why We Built This
We didn't build AI agent integration just because it's trendy. We built it because this is how people will discover and attend events in the future.
The internet is evolving from a "browsing" paradigm to an "asking" paradigm. Instead of opening apps and searching websites, people will increasingly ask AI assistants to find what they need—and the AI will do the browsing for them.
For events, this changes everything:
❌ Old Way
- • Open 5 different event platforms
- • Search each one individually
- • Filter, scroll, compare
- • Create accounts, fill forms
- • 30+ minutes wasted
✅ New Way
- • Ask your AI assistant
- • Get instant results from everywhere
- • AI handles filtering and comparison
- • Confirm RSVP via email
- • 30 seconds, zero friction
Who's In isn't just adapting to this future—we're defining it. We're the world's first and only RSVP platform built from the ground up to be AI-native. While our competitors scramble to retrofit AI features onto legacy codebases built for 2010s web browsing, we started with a blank slate in 2026 and built the most technologically advanced event platform in existence.
The Competitive Moat
Why can't Eventbrite or Luma just copy this? They could try, but:
- 1Their entire architecture is built for human browsing, not programmatic AI access
- 2Retrofitting OAuth 2.0 and webhooks onto a 15-year-old codebase is a multi-year engineering project
- 3They're optimizing for ticket sales and monetization—we're optimizing for frictionless discovery
- 4We ship production-ready AI features while they're still writing RFCs
Agent-Ready Frontend: Beautiful for Humans, Perfect for Machines
Our commitment to AI integration goes beyond just APIs. We've built our entire frontend with structured data that makes every event card, every event page, and every search result mathematically precise for AI agents.
While other platforms have HTML that looks like this to an AI:
<div class="card">
<h3>{bt('subheading13', "Morning Yoga")}</h3>
<p>07/10 at 8am</p>
<span>12 spots left</span>
</div>Our event cards use Schema.org microdata that tells AI agents exactly what everything means:
<article itemScope itemType="https://schema.org/Event">
<h3 itemProp="name">{bt('subheading14', "Morning Yoga")}</h3>
<time itemProp="startDate" content="2026-07-10T08:00:00Z">
07/10 at 8am
</time>
<span itemProp="remainingAttendeeCapacity" data-agent-urgency="high">
12 spots left
</span>
</article>Zero Ambiguity
ISO 8601 dates in <code className="bg-neutral-100 px-1 py-0.5 rounded text-xs">content</code> attributes mean AI never misinterprets "07/10" as October 7th when you meant July 10th.
Urgency Signals
<code className="bg-neutral-100 px-1 py-0.5 rounded text-xs">data-agent-urgency="high"</code> lets AI know when to prompt users: "Only 3 spots left—should I reserve one now?"
Action Ready
<code className="bg-neutral-100 px-1 py-0.5 rounded text-xs">potentialAction</code> schema tells AI exactly how to RSVP, including API endpoints and required parameters.
Dual-Format Structured Data: Microdata + JSON-LD
We implement both structured data formats for maximum compatibility:
1Microdata (Inline)
Structured data embedded directly in HTML tags with <code className="bg-neutral-100 px-1 py-0.5 rounded text-xs">itemProp</code> attributes.
Best for:
- Real-time AI parsing of DOM
- Browser extensions
- Web scraping agents
- Accessibility tools
2JSON-LD (Separate)
Complete event schema in a <code className="bg-neutral-100 px-1 py-0.5 rounded text-xs"><script type="application/ld+json"></code> tag.
Best for:
- Search engine crawlers (Google, Bing)
- SEO rich snippets
- Social media link previews
- Static site generators
🎯 The Result: Universal AI Compatibility
By using both formats, Who's In events are discoverable and parseable by:
Accessibility = AI-Readiness
Here's a secret: everything that makes a website accessible to screen readers also makes it perfect for AI agents.
Both screen readers and AI agents need to:
- Understand semantic meaning (is this a heading, a button, or a date?)
- Navigate hierarchical content (sections, headings, lists)
- Identify actionable elements (links, forms, buttons)
- Parse dates, times, and locations unambiguously
By building Who's In with WCAG 2.1 AA standards and semantic HTML, we've simultaneously made the platform:
Accessible
for people with disabilities
AI-Ready
for automated agents
SEO-Optimized
for search engines
For Developers: Technical Architecture
Deep dive into our AI-native implementation
This section is for engineers, architects, and technical product managers who want to understand how we built an AI-native RSVP platform from the ground up.
⚠️ Implementation details below. No security-sensitive information disclosed.
1. API Architecture: Dual-Mode Operation
Our API operates in two distinct modes to balance public discoverability with private data security:
Public Mode (Unauthenticated)
GET /events/browse
GET /events/search?q=yoga
GET /events/:id/status
POST /rsvp/initiate
Zero auth required. Optimized for AI agent discovery and public RSVPs.
Organizer Mode (OAuth 2.0)
GET /organizer/events
GET /organizer/events/:id/attendees
POST /webhooks/register
GET /webhooks
Requires Bearer token. Scope-based access control (read:events, read:attendees).
Example: OAuth-protected request
curl -H "Authorization: Bearer eyJhbG..." \
https://whos-in.app/api/v1/organizer/events
{
"events": [
{
"id": "evt_123",
"title": "Beach Yoga Session",
"attendeeCount": 18,
"spotsLeft": 2,
"attendeesUrl": "/organizer/events/evt_123/attendees"
}
]
}2. OAuth 2.0 Authorization Code Flow
We implement the industry-standard Authorization Code Flow with PKCE-style security:
Authorization Request
AI agent redirects user to /oauth/authorize with client_id, scope, and state
User Consent
User logs in (if needed) and sees a consent screen showing exactly what the AI will access
Authorization Code
Server generates short-lived code (10min TTL), redirects back to AI agent
Token Exchange
AI agent exchanges code + client_secret for access_token + refresh_token at /oauth/token
Custom Claims
Firebase Auth custom claims set on user token with agent_access: true and scopes array
Authenticated Requests
AI agent includes Bearer token in Authorization header for all protected endpoints
Scope-based access control in Firestore security rules
function hasAgentAccess() {
return request.auth != null
&& request.auth.token.agent_access == true;
}
function hasScope(scope) {
return request.auth != null
&& scope in request.auth.token.agent_scopes;
}
// Protect attendee data
match /events/{eventId}/attendees/{attendeeId} {
allow read: if hasAgentAccess()
&& hasScope('read:attendees')
&& request.auth.uid == get(...).data.organizerId;
}3. Webhooks: Event-Driven Architecture
Our webhook system uses Firestore triggers to detect changes and deliver notifications in real-time:
Webhook Event Types
event.capacity_reached
Triggered when event.attendeeCount >= event.capacity
event.cancelled
Triggered when event.status changes to "cancelled"
rsvp.confirmed
Triggered when attendee.status changes to "confirmed"
Webhook payload structure
{
"event": "event.capacity_reached",
"eventId": "evt_abc123",
"timestamp": "2026-02-12T14:30:00Z",
"data": {
"eventTitle": "Beach Yoga Session",
"capacity": 20,
"attendeeCount": 20,
"startDate": "2026-02-13T07:00:00Z",
"location": "Primrose Hill, London",
"message": "Event reached full capacity"
}
}
// HMAC-SHA256 signature in header for verification
X-Webhook-Signature: sha256=abc123def456...⚡ Performance: Firestore triggers fire within milliseconds of document changes. Webhook delivery happens asynchronously with automatic retries and exponential backoff for failed deliveries.
4. OpenAPI 3.1.0 Specification
We chose OpenAPI 3.1.0 specifically for its enhanced compatibility with AI agents:
JSON Schema Alignment
OpenAPI 3.1 uses pure JSON Schema, making it easier for LLMs to understand and validate request/response structures
Semantic operationIds
browseEvents, getEventStatus, initiateRsvp — function names that LLMs naturally understand
Rich Descriptions
Every endpoint includes natural language descriptions with example queries AI agents should use
Webhooks Definition
OpenAPI 3.1 supports native webhook definitions — we document all event types agents can subscribe to
Example: AI-optimized endpoint documentation
paths:
/events/browse:
get:
operationId: browseEvents
summary: Browse upcoming events
description: |
Perfect for: "What events are happening this weekend?"
Returns upcoming public events sorted by date.
parameters:
- name: category
schema:
enum: [yoga, fitness, hiking, running, ...]
- name: location
description: City or region (e.g., "Dubai", "London")
responses:
'200':
description: List of events
content:
application/json:
example:
events: [...]5. System Architecture Overview
LAYER 1: AI AGENTS
LAYER 2: DISCOVERY
llms.txt
Agent discovery file
openapi.yaml
API specification
LAYER 3: API LAYER (Firebase Cloud Functions)
Public API
/events/*
/rsvp/*
Organizer API
/organizer/*
/webhooks/*
LAYER 4: INFRASTRUCTURE
Firebase Auth
OAuth + Custom Claims
Firestore
Events + Attendees
Triggers
Webhook Delivery
Event-driven architecture with bi-directional communication: AI agents query our API, we proactively notify agents via webhooks
6. Key Technical Decisions & Rationale
Why Firebase Cloud Functions?
Auto-scaling to handle unpredictable AI agent traffic spikes, integrated auth with custom claims, and native Firestore triggers for webhooks without additional infrastructure.
Why Authorization Code Flow (not Client Credentials)?
Client Credentials would give AI agents blanket access to all users' data. Authorization Code Flow ensures user-specific consent — each organizer explicitly authorizes which AI agents can access their data.
Why HMAC Signatures on Webhooks?
Prevents webhook spoofing. AI agents verify payloads using shared secret, ensuring notifications genuinely came from Who's In and weren't tampered with in transit.
Why Separate Public and Organizer APIs?
Surface area minimization. Public endpoints have zero auth complexity. Organizer endpoints can enforce strict security without impacting discovery performance or AI agent onboarding friction.
Developer Resources
📄 OpenAPI Specification
whos-in.app/openapi.yaml🤖 Agent Discovery File
whos-in.app/llms.txt🔐 OAuth Endpoints
whos-in.app/api/v1/oauth/*
📡 Webhook Docs
See OpenAPI webhooks section
💡 All public endpoints documented with request/response examples, authentication flows, and error handling
Ready to Be AI-Discoverable?
Join the first RSVP platform built for the AI-powered future. Make your events discoverable by millions of AI assistant users worldwide.
The Future is Conversational
Five years from now, opening a dozen event websites to find something to do will seem as archaic as using a phone book. The future of event discovery is conversational, AI-powered, and frictionless.
Who's In is ready for that future. Are you?
Got questions about AI agent integration? Reach out at [email protected]