Skip to main content

API Keys

All API requests require authentication using an API key. You can generate API keys from your Affonso Dashboard.
API keys are only shown once when created. Make sure to copy and store your key securely.

Using Your API Key

Include your API key in the Authorization header as a Bearer token: 
curl -X GET "https://api.affonso.io/v1/affiliates" \
  -H "Authorization: Bearer sk_live_your_api_key_here"

Key Formats

PrefixEnvironmentDescription
sk_live_ProductionUse for live data
sk_dev_DevelopmentUse for testing (coming soon)

Permissions

API keys can have different permission levels:
PermissionDescription
read:affiliatesView affiliate data
write:affiliatesCreate and update affiliates
read:referralsView referral data
write:referralsCreate and update referrals
create:clicksTrack click events
read:commissionsView commission data
write:commissionsCreate and update commissions
read:payoutsView payout data
write:payoutsUpdate payout status

Error Responses

CodeDescription
MISSING_API_KEYNo API key provided
INVALID_API_KEY_FORMATKey doesn’t match expected format
INVALID_API_KEYKey not found in database
API_KEY_DISABLEDKey has been deactivated
API_KEY_EXPIREDKey has expired
INSUFFICIENT_PERMISSIONSKey lacks required permission
Example Error
{
  "success": false,
  "error": {
    "code": "MISSING_API_KEY",
    "message": "API key is required. Use Authorization: Bearer <api_key>"
  }
}

Security Best Practices

API keys should only be used in server-side code. Never include them in JavaScript that runs in the browser.
Store your API keys in environment variables, not in your codebase.
Regenerate your API keys periodically and after any potential security incident.
Only grant the permissions your integration actually needs.