Generate Portal Login Token

curl -X POST "https://api.affonso.io/v1/affiliates/cmj8q1wau0003sb01lpvka478/portal-token" \
  -H "Authorization: Bearer sk_live_your_api_key"

{
  "success": true,
  "data": {
    "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "portalUrl": "https://yourcompany.affonso.io/auth/token?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "expiresAt": "2026-04-19T12:05:00.000Z"
  }
}

POST

affiliates

{id}

portal-token

curl -X POST "https://api.affonso.io/v1/affiliates/cmj8q1wau0003sb01lpvka478/portal-token" \
  -H "Authorization: Bearer sk_live_your_api_key"

{
  "success": true,
  "data": {
    "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "portalUrl": "https://yourcompany.affonso.io/auth/token?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "expiresAt": "2026-04-19T12:05:00.000Z"
  }
}

Generate a secure, single-use JWT token that allows an affiliate to be automatically signed into the hosted Affonso portal. This enables a seamless SSO-style experience where affiliates already authenticated in your application can access the portal without a second login step.

Use Case

Your users are already authenticated in your app. When they click a button to view their affiliate dashboard, you generate a portal token and redirect them to the returned portalUrl. The affiliate is automatically signed in — no email input or login step required.

Path Parameters

string

required

The affiliate’s unique identifier.

Response

success

boolean

Always true for successful responses.

data

object

The portal login token data.

Show Data Object Properties

token

string

Signed JWT login token (HS256). Valid for 5 minutes, single-use.

portalUrl

string

Ready-to-use URL that authenticates the affiliate into the portal. Redirect the user to this URL. Uses the team’s custom domain if configured, otherwise the subdomain (e.g., https://yourcompany.affonso.io/auth/token?token=eyJ...).

expiresAt

string

ISO 8601 timestamp when the token expires.

curl -X POST "https://api.affonso.io/v1/affiliates/cmj8q1wau0003sb01lpvka478/portal-token" \
  -H "Authorization: Bearer sk_live_your_api_key"

{
  "success": true,
  "data": {
    "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "portalUrl": "https://yourcompany.affonso.io/auth/token?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "expiresAt": "2026-04-19T12:05:00.000Z"
  }
}

Notes

No request body required — the team’s program is resolved automatically from your API key.
The token expires after 5 minutes and can only be used once. Generate a new token for each redirect.
The affiliate must be in ACTIVE status. Suspended, banned, or inactive affiliates cannot receive portal tokens.
Requires the write:affiliates permission on your API key.
The portalUrl automatically uses your custom domain if configured and verified, otherwise falls back to {subdomain}.affonso.io.

Delete Affiliate List Referrals

​Use Case

​Path Parameters

​Response

​Notes

Use Case

Path Parameters

Response

Notes