In one line: a rotating ticket's barcode is regenerated every few seconds inside the official app. Any single code is valid only for that short window, so a photo or screenshot expires before it can be reused or resold. To get in, you must present the code live from the genuine app.
What "rotating" actually means
People describe these tickets in a lot of ways — "rotating", "ever-changing", "refreshing", "animated", "dynamic" — but they all mean the same thing: the barcode you see is not fixed. The app draws a new code every 15 to 60 seconds (sometimes faster), and each one supersedes the last. Often there is a subtle animation or a moving bar to signal that the code is live.
How the rotation works under the hood
The principle is the same as a time-based one-time password (the six-digit codes in authenticator apps). The issuer's app holds a secret key tied to your ticket, combines it with the current time, and produces a short-lived token that gets encoded into the barcode. The scanner — which knows the same key, or checks with a server — accepts a token only if it falls inside the current time window.
- The ticket identity stays constant — it is still your ticket.
- The token riding alongside it changes every cycle.
- A captured image freezes one token, which is stale within seconds.
Why the clock matters: rotating codes depend on the device and the scanner agreeing on the time. If your phone's clock is badly wrong, the live code can be rejected. Keep automatic date & time switched on.
Why issuers use it
A static barcode has one weakness: it is just an image, and images copy perfectly. Someone can screenshot it, sell it to several buyers, and whoever reaches the gate first gets in — leaving the rest stranded. Rotating codes close that gap:
- Screenshots become worthless — a saved image is expired on arrival.
- Resale is forced through the official channel — to hand over a working ticket you must transfer it in the app, where the issuer can see and control it.
- Touts lose their product — there is no durable artefact to sell on a street corner.
Where you'll meet it
Rotating codes show up wherever resale fraud is a serious concern:
- Major concerts and sport
- High-demand events increasingly require the official app with a refreshing code (Ticketmaster's SafeTix and AXS Mobile ID are well-known examples).
- Flights
- Some mobile boarding passes refresh their code, and many bind it to the airline's app or your phone's wallet.
- Transit and rail
- Some metro and rail apps show a rotating code for mobile-only fares to stop one pass being shared around a group.
Why a screenshot won't scan
This is the single most common surprise. The screenshot captures a genuine, well-formed barcode — the scanner reads it without complaint — but the token inside it belonged to a window that has already closed. The reader decodes it, checks the time, and rejects it as expired. Nothing is wrong with your screen or the image; the code is simply out of date the instant it is frozen. (More on this in can I screenshot my ticket?)
Transferring a rotating ticket
Because you cannot just send someone a picture, sharing a rotating ticket happens inside the app: you send a transfer to the recipient's account, they accept it, and a fresh rotating code is generated on their device. The original holder's code stops working. Always transfer well before the event — not in the queue — because the recipient may need to install the app and sign in.
What it does and doesn't protect against
- Stops: screenshot resale, mass-duplicating one ticket, off-platform tout sales.
- Doesn't stop: someone standing next to you scanning your live screen with a coordinated accomplice — that needs physical presence, a far higher bar than sharing an image. Nor does it replace an identity check when the event also verifies names or IDs.
Rotating codes are one layer in a stack. For the full picture of how tickets resist forgery, see ticket security.