Authentication

Overview

Our APIs provide access to a range of information from your publisher or advertiser accounts. To make sure your data is safe, all of our API endpoints require authentication with use of an access token.

This token is not linked to a certain publisher or advertiser account, but to your own personal user account. If you have access to 10 different Awin publisher accounts via our website, then your personal API token grants you access to data from all of those 10 accounts.

To gain access to our APIs you must first obtain your API token from our interface. This token may then be used within your API call to gain access to performance data, create promotions, validate transactions and much more.

All of our APIs follow the OAuth 2.0 specification and require you to pass on the token in combination with the word “Bearer”. Only the Create Transactions API uses an API key authentication and simply passing on the token is sufficient. Also see:

This page outlines how to obtain the token and authenticate correctly depending on the API you're using. Example of how to authenticate can be found below. Each API page will specify which authentication type is required.

Please note

API access for advertisers is limited to Accelerate and Advanced plans only.

Obtaining your Token

Tokens are set on a user level. Meaning that once you have created your token, it grants you access to API data from all Publisher or Advertiser accounts that you are associated with.  

Gaining access to our APIs only requires a token and no username or password. Therefore keep your token confidential. If you need to revoke your token at any time, you can do so following the instructions below.  

Step 1 - Check permissions

Before you create your token make sure that you have Admin access to the account you would like to retrieve data from. 

• For Advertisers go to: Account > Account Permissions in the main navigation. 

• For Publishers go to: Account > User Permissions in the main navigation 

If this is not the case, ask your admin to invite you or change your permissions.

Please note

If you add or remove your user account to or from a publisher or advertiser account, it may take up to 10 minutes until this change in access rights takes effect.

Step 2 - Create token

• Visit https://ui.awin.com/awin-api or click on the "API credentials" link in your user menu (top right).

• On the following page enter the password you used to login to our website and click ‘show my API token’

• Once you click on "Show my API token", your personal token will be created and displayed, and can then be easily copied to your clipboard.

Authentication methods

All of our APIs use OAuth 2.0 Bearer Token authentication except for the Create Transaction API which uses an API Key (x-api-key). Below we will provide you with two examples of how each type must be handled.

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...

Authorization: Bearer <your_token>

curl -X GET https://api.awin.com/publishers \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."

fetch('https://api.awin.com/publishers', {
  headers: {
    'Authorization': 'Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...'
  }
})

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...

x-api-key: <your_api_key>

curl -X GET https://api.awin.com/public/data \
  -H "x-api-key: 9e1f55b9-aaaa-47d3-98e8-f9dcba5f4b2b"

fetch('https://api.awin.com/public/data', {
  headers: {
    'x-api-key': '9e1f55b9-aaaa-47d3-98e8-f9dcba5f4b2b'
  }
})

Revoking your token

In case someone unauthorized gets access to your token, you can also revoke it.

• Visit https://ui.awin.com/awin-api or click on the "API credentials" link in your user menu (top right).

• On the following page enter the password you used to login to our website and click ‘show my API token’

• Then click ‘Revoke my API token’ below.

After confirming it by clicking on the "OK" button, your token will be revoked. Please note: all API integrations that made use of this token to access data will stop working immediately.