Getting Started
Authentication
All V3 API requests require an API key passed as a token in the Authorization header. Keys are scoped - each key has a defined set of permissions.
How to authenticate
Include your API key on every request using the Authorization header with the Token scheme. No bearer prefix - the scheme is literally the word Token.
Never expose your API key in client-side code or public repositories. Treat it like a password.
Authorization header format
Authorization: Token YOUR_API_KEY
Scopes
Each API key carries a set of permission scopes. When you create a key, choose only the scopes your integration needs. Keys with no scopes assigned are legacy keys and have full access.
ScopeTypeDescription
read:campaigns
read
List and view campaigns. Submit access requests. Required for all campaign endpoints.
read:transactions
read
View clicks, conversions, and earnings.
read:offers
read
List and view available offers.
read:channels
read
List your publisher channels.
write:channels
write
Create and update channels.
write:links
write
Convert URLs into affiliate links.
read:reports
read
Aggregated performance reports.
read:invoices
read
List and view invoices, linked transactions.
read:missing_transactions
read
List and view missing transaction claims.
write:missing_transactions
write
Create, update, and delete missing transaction claims.
Getting started? Most integrations need
read:campaigns and write:links at minimum - the first to browse campaigns, the second to convert URLs into affiliate links. Link conversion is a write scope because it generates tracking links with side effects.
Error responses
ConditionStatusError message
No header
401
API key required. Pass Authorization: Token <key>
Invalid key
401
Invalid or expired API key
Missing scope
403
This API key lacks the 'read:campaigns' scope
401 Unauthorized
401
{ "error": "Invalid or expired API key" }