API Keys

API keys enable programmatic access to AffiliateBase for custom integrations, automation, and advanced workflows. This guide covers generating, using, and managing API keys.

Overview

With API keys, you can:

• Create and manage affiliates programmatically
• Track conversions from any system
• Build custom dashboards
• Automate payout processes
• Integrate with your existing tools

Generating API Keys

Create a New Key

1. Go to Settings → API
2. Click Generate API Key
3. Give it a descriptive name (e.g., “Production Server” or “CRM Integration”)
4. Copy the key immediately

Important: The full key is only shown once. Store it securely.

Key Format

API keys are formatted as:

ab_live_xxxxxxxxxxxxxxxxxxxx

• ab_ prefix identifies AffiliateBase keys
• live_ indicates production (vs test_ for testing)
• Followed by unique identifier

Using API Keys

Authentication

Include your API key in request headers:

curl https://api.affiliatebase.com/v1/affiliates \
  -H "Authorization: Bearer ab_live_your_api_key"

Example: List Affiliates

const response = await fetch('https://api.affiliatebase.com/v1/affiliates', {
  headers: {
    'Authorization': 'Bearer ab_live_your_api_key',
    'Content-Type': 'application/json',
  },
});

const affiliates = await response.json();

Example: Create Conversion

const response = await fetch('https://api.affiliatebase.com/v1/conversions', {
  method: 'POST',
  headers: {
    'Authorization': 'Bearer ab_live_your_api_key',
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({
    referral_id: 'ref_xxxxx',
    amount: 9900, // in cents
    currency: 'usd',
    order_id: 'order_123',
  }),
});

API Endpoints

Available Endpoints

Endpoint	Methods	Description
/v1/affiliates	GET, POST	Manage affiliates
/v1/invitations	GET, POST	Send invitations
/v1/referrals	GET	View referrals
/v1/conversions	GET, POST	Track conversions
/v1/commissions	GET	View commissions
/v1/payouts	GET, POST	Manage payouts

Response Format

All responses are JSON:

{
  "data": [...],
  "meta": {
    "total": 100,
    "page": 1,
    "per_page": 25
  }
}

Error Responses

{
  "error": {
    "code": "unauthorized",
    "message": "Invalid API key"
  }
}

Key Permissions

Current Behavior

All API keys have full access to:

• Read all data
• Create/modify affiliates
• Track conversions
• Manage payouts

Future: Scoped Keys

Planned feature for granular permissions:

• Read-only keys
• Conversion-tracking only
• Affiliate management only

Managing Keys

Viewing Keys

1. Go to Settings → API
2. See list of all keys
3. View name, created date, last used

Note: Only key prefix shown for security.

Revoking Keys

To revoke a compromised or unused key:

1. Go to Settings → API
2. Find the key
3. Click Revoke
4. Confirm revocation

Revoked keys:

• Stop working immediately
• Cannot be restored
• Generate new key if needed

Rotating Keys

Best practice: Rotate keys periodically.

1. Generate new key
2. Update your integrations
3. Verify new key works
4. Revoke old key

Security Best Practices

Do’s

✅ Store securely: Use environment variables or secret managers

# Good: Environment variable
AFFILIATEBASE_API_KEY=ab_live_xxxxx

✅ Limit access: Only give keys to systems that need them

✅ Use descriptive names: Know what each key is for

✅ Rotate regularly: Generate new keys periodically

✅ Monitor usage: Watch for unexpected API calls

Don’ts

❌ Don’t commit keys: Never in source control

// Bad: Hardcoded key
const API_KEY = 'ab_live_xxxxx'; // Don't do this!

❌ Don’t share keys: Each integration should have its own key

❌ Don’t expose client-side: Keys are for server-side use only

❌ Don’t ignore revoked keys: Clean up unused keys

Rate Limits

Current Limits

Limit Type	Value
Requests per minute	100
Requests per day	10,000

Rate Limit Headers

Responses include rate limit info:

X-RateLimit-Limit: 100
X-RateLimit-Remaining: 95
X-RateLimit-Reset: 1699999999

Exceeding Limits

If you exceed rate limits:

• 429 Too Many Requests response
• Wait until reset time
• Consider caching or batching

Testing

Test Environment

Use test keys for development:

ab_test_your_test_key

Test keys:

• Work on test/sandbox environment
• Don’t affect production data
• Safe for development

Testing Tips

1. Use test keys during development
2. Test error handling
3. Verify rate limit behavior
4. Test with realistic data volumes

Webhooks (Alternative)

For real-time updates, consider webhooks instead of polling:

• More efficient than repeated API calls
• Instant notifications
• Lower API usage

See webhook documentation for setup.

Troubleshooting

”Unauthorized” Error

1. Verify key is correct (no extra spaces)
2. Check key hasn’t been revoked
3. Ensure proper header format
4. Verify you’re using the right key (test vs live)

“Rate Limited” Error

1. Check your request frequency
2. Implement exponential backoff
3. Cache responses where possible
4. Contact support for limit increase

”Not Found” Error

1. Verify endpoint URL
2. Check resource ID is correct
3. Ensure resource exists
4. Verify API version

Integration Examples

Zapier Integration

Connect AffiliateBase with other apps:

1. Create an API key
2. Use Zapier’s webhook action
3. Configure authentication
4. Map data fields

Custom CRM Integration

Sync affiliates with your CRM:

// Fetch new affiliates daily
const affiliates = await fetchNewAffiliates();
for (const affiliate of affiliates) {
  await crmClient.createContact({
    email: affiliate.email,
    name: affiliate.name,
    source: 'AffiliateBase',
  });
}

Next Steps

• View API documentation (coming soon)
• Configure account settings
• Set up webhooks