API Keys and REST API

AffiliateBase exposes account-scoped REST endpoints under /api/v1.

Use this page as a quick start, then move to:

• REST API Overview
• REST API Endpoint Reference
• OpenAPI Spec

1) Create an API key

Use one of these endpoints:

• GET /api/v1/api_keys
• POST /api/v1/api_keys
• DELETE /api/v1/api_keys/:id

API key secrets are only returned once when created.

2) Authenticate requests

Supported auth headers:

• Authorization: Bearer <API_KEY>
• Authorization: Basic <base64(API_KEY:)>
• X-Api-Key: <API_KEY>

3) Scope to your account

Provide account context with one of:

• ?account_id=<ACCOUNT_ID>
• X-Account-Id: <ACCOUNT_ID>

/api/v1 requests without account context return:

{ "error": "Account ID is required", "code": "MISSING_ACCOUNT_ID" }

Quick example

curl "https://app.affiliatebase.io/api/v1/affiliates?account_id=<ACCOUNT_ID>&page=1&limit=25" \
  -H "Authorization: Bearer <API_KEY>" \
  -H "Content-Type: application/json"

4) Optional permission scoping

When creating keys, permissions must be an object. If omitted, the key gets full access.

Read-only affiliates example:

{
  "name": "Read-only affiliates",
  "permissions": {
    "v1.affiliates.read": true
  }
}

What the API currently covers

• Plans and subscription lifecycle
• API keys
• Affiliates
• Affiliate coupons
• Campaigns
• Referrals
• Commissions
• Payouts
• Payout exports
• Payout runs
• Links
• Invitations

Next steps

• REST API Overview
• REST API Endpoint Reference
• OpenAPI Spec
• Tracking Script Reference