Authentication
  • 25 Mar 2025
  • Dark
    Light

Authentication

  • Dark
    Light

Article summary

Overview

Our APIs provide access to a range of information from your publisher or advertiser accounts. To make sure your data is safe, all of our API endpoints require authentication with use of an access token.

This token is not linked to a certain publisher or advertiser account, but to your own personal user account. If you have access to 10 different Awin publisher accounts via our website, then your personal API token grants you access to data from all of those 10 accounts.

To gain access to our APIs you must first obtain your API token from our interface. This token may then be used within your API call to gain access to performance data, create promotions, validate transactions and much more.

All of our APIs follow the OAuth 2.0 specification and require you to pass on the token in combination with the word “Bearer”. Only the Create Transactions API uses an API key authentication and simply passing on the token is sufficient. Also see:

Authentication type

Header Parameter

Example

OAuth 2.0 Bearer Token

Authorization

Bearer <your token>

API Key

x-api-key

<your token>

This page outlines how to obtain the token and authenticate correctly depending on the API you're using. Example of how to authenticate can be found below. Each API page will specify which authentication type is required.

Please note

API access for advertisers is limited to Accelerate and Advanced plans only.

Obtaining your Token

Tokens are set on a user level. Meaning that once you have created your token, it grants you access to API data from all Publisher or Advertiser accounts that you are associated with.  

Gaining access to our APIs only requires a token and no username or password. Therefore keep your token confidential. If you need to revoke your token at any time, you can do so following the instructions below.  

Step 1 - Check permissions

Before you create your token make sure that you have Admin access to the account you would like to retrieve data from. 

  • For Advertisers go to: Account > Account Permissions in the main navigation. 

  • For Publishers go to: Account > User Permissions in the main navigation 

If this is not the case, ask your admin to invite you or change your permissions.

Please note

If you add or remove your user account to or from a publisher or advertiser account, it may take up to 10 minutes until this change in access rights takes effect.

Step 2 - Create token

  • Visit https://ui.awin.com/awin-api or click on the "API credentials" link in your user menu (top right).

  • On the following page enter the password you used to login to our website and click ‘show my API token’

  • Once you click on "Show my API token", your personal token will be created and displayed, and can then be easily copied to your clipboard.

API Credentials

API Credentials screen

Authentication methods

All of our APIs use OAuth 2.0 Bearer Token authentication except for the Create Transaction API which uses an API Key (x-api-key). Below we will provide you with two examples of how each type must be handled.

Copy your token

After generating your API token (on the API Credentials page), copy it to your clipboard.

Example token (truncated for display):

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...

Add the Token to the Authorization Header

In your API request, add an Authorization header using this format:

Authorization: Bearer <your_token>

Send your request

Here are some examples using cURL, Postman and Javascript:

Example (cURL)

curl -X GET https://api.awin.com/publishers \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."

Example (Postman)

  • Open the Authorization tab

  • Set Type to Bearer Token

  • Paste your token in the Token field

  • Postman will automatically add the correct header

Or manually add the token to the headers of your API call:

Example (javascript)

fetch('https://api.awin.com/publishers', {
  headers: {
    'Authorization': 'Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...'
  }
})

Copy your token

After generating your API token (on the API Credentials page), copy it to your clipboard.

Example token (truncated for display):

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...

Add the Key to the x-api-key Header

In your API request, include the following header:

x-api-key: <your_api_key>

Send your request

Here are examples using cURL, Postman and Javascript:

Example (cURL)

curl -X GET https://api.awin.com/public/data \
  -H "x-api-key: 9e1f55b9-aaaa-47d3-98e8-f9dcba5f4b2b"

Example (Postman)

  • Go to the Headers tab

  • Add a new header:

    • Key: x-api-key

    • Value: your API key

Or manually add the token to the headers of your API call:

Example (JavaScript / Fetch)

fetch('https://api.awin.com/public/data', {
  headers: {
    'x-api-key': '9e1f55b9-aaaa-47d3-98e8-f9dcba5f4b2b'
  }
})

Revoking your token

In case someone unauthorized gets access to your token, you can also revoke it.

  • Visit https://ui.awin.com/awin-api or click on the "API credentials" link in your user menu (top right).

  • On the following page enter the password you used to login to our website and click ‘show my API token’

  • Then click ‘Revoke my API token’ below.

After confirming it by clicking on the "OK" button, your token will be revoked. Please note: all API integrations that made use of this token to access data will stop working immediately.


Was this article helpful?

What's Next