diff --git a/doc/api/resources/events.rst b/doc/api/resources/events.rst
index d88d9a363..6fb694824 100644
--- a/doc/api/resources/events.rst
+++ b/doc/api/resources/events.rst
@@ -526,7 +526,7 @@ information about the properties.
 
    Get current values of event settings.
 
-   Permission required: "Can change event settings"
+   Permission required: "Can change event settings" (Exception: with device auth, *some* settings can always be *read*.)
 
    **Example request**:
 
diff --git a/src/pretix/api/serializers/event.py b/src/pretix/api/serializers/event.py
index 0825a8dee..4236c06a6 100644
--- a/src/pretix/api/serializers/event.py
+++ b/src/pretix/api/serializers/event.py
@@ -660,3 +660,40 @@ class EventSettingsSerializer(serializers.Serializer):
         settings_dict.update(data)
         validate_settings(self.event, settings_dict)
         return data
+
+
+class DeviceEventSettingsSerializer(EventSettingsSerializer):
+    default_fields = [
+        'locales',
+        'locale',
+        'last_order_modification_date',
+        'show_quota_left',
+        'max_items_per_order',
+        'attendee_names_asked',
+        'attendee_names_required',
+        'attendee_emails_asked',
+        'attendee_emails_required',
+        'attendee_addresses_asked',
+        'attendee_addresses_required',
+        'attendee_company_asked',
+        'attendee_company_required',
+        'ticket_download',
+        'ticket_download_addons',
+        'ticket_download_nonadm',
+        'ticket_download_pending',
+        'invoice_address_asked',
+        'invoice_address_required',
+        'invoice_address_vatid',
+        'invoice_address_company_required',
+        'invoice_address_beneficiary',
+        'invoice_address_custom_field',
+        'invoice_name_required',
+        'invoice_address_not_asked_free',
+        'invoice_address_from_name',
+        'invoice_address_from',
+        'invoice_address_from_zipcode',
+        'invoice_address_from_city',
+        'invoice_address_from_country',
+        'invoice_address_from_tax_id',
+        'invoice_address_from_vat_id',
+    ]
diff --git a/src/pretix/api/views/event.py b/src/pretix/api/views/event.py
index f267fd828..63cc85330 100644
--- a/src/pretix/api/views/event.py
+++ b/src/pretix/api/views/event.py
@@ -10,8 +10,8 @@ from rest_framework.response import Response
 
 from pretix.api.auth.permission import EventCRUDPermission
 from pretix.api.serializers.event import (
-    CloneEventSerializer, EventSerializer, EventSettingsSerializer,
-    SubEventSerializer, TaxRuleSerializer,
+    CloneEventSerializer, DeviceEventSettingsSerializer, EventSerializer,
+    EventSettingsSerializer, SubEventSerializer, TaxRuleSerializer,
 )
 from pretix.api.views import ConditionalListView
 from pretix.base.models import (
@@ -337,10 +337,16 @@ class TaxRuleViewSet(ConditionalListView, viewsets.ModelViewSet):
 
 
 class EventSettingsView(views.APIView):
-    permission = 'can_change_event_settings'
+    permission = None
+    write_permission = 'can_change_event_settings'
 
     def get(self, request, *args, **kwargs):
-        s = EventSettingsSerializer(instance=request.event.settings, event=request.event)
+        if isinstance(request.auth, Device):
+            s = DeviceEventSettingsSerializer(instance=request.event.settings, event=request.event)
+        elif 'can_change_event_settings' in request.eventpermset:
+            s = EventSettingsSerializer(instance=request.event.settings, event=request.event)
+        else:
+            raise PermissionDenied()
         if 'explain' in request.GET:
             return Response({
                 fname: {