How to authenticate

Include your API key on every request using the Authorization header with the Token scheme. No bearer prefix - the scheme is literally the word Token.

⚠️
Never expose your API key in client-side code or public repositories. Treat it like a password.
Authorization header format
Authorization: Token YOUR_API_KEY
Scopes

Each API key carries a set of permission scopes. When you create a key, choose only the scopes your integration needs. Keys with no scopes assigned are legacy keys and have full access.

ScopeTypeDescription
read:campaigns read List and view campaigns. Submit access requests. Required for all campaign endpoints.
read:transactions read View clicks, conversions, and earnings.
read:offers read List and view available offers.
read:channels read List your publisher channels.
write:channels write Create and update channels.
write:links write Convert URLs into affiliate links.
read:reports read Aggregated performance reports.
read:invoices read List and view invoices, linked transactions.
read:missing_transactions read List and view missing transaction claims.
write:missing_transactions write Create, update, and delete missing transaction claims.
💡
Getting started? Most integrations need read:campaigns and write:links at minimum - the first to browse campaigns, the second to convert URLs into affiliate links. Link conversion is a write scope because it generates tracking links with side effects.
Error responses
ConditionStatusError message
No header 401 API key required. Pass Authorization: Token <key>
Invalid key 401 Invalid or expired API key
Missing scope 403 This API key lacks the 'read:campaigns' scope
401 Unauthorized 401
{
  "error": "Invalid or expired API key"
}