- DarkLight
API_authentication
- DarkLight
Authentication and authorization
The Awin API provides access to a range of information from your publisher or advertiser accounts. To make sure your data is safe, all of our API endpoints require an oauth2 access token. This token is not linked to a certain publisher or advertiser account, but to your own personal user account. You have access to 10 different Awin publisher accounts via our website? Then your personal API token grants you access to data from all of those 10 accounts.
Please note: if you add or remove your user account to or from a publisher or advertiser account, it may take up to 10 minutes until this change in access rights takes effect in the API.
And remember: this token is the only thing you need to access your data via the API. Neither your username nor your password is required. This makes the token a very powerful key, so please make sure it doesn't fall into the wrong hands.
Creating your token
- To obtain your token visit https://ui.awin.com/awin-api or click on the "API credentials" link in your user menu:
- On the following page you have to enter the password you used to login to our website:
- Once you click on "Show my API token", your personal token will be created and displayed, and can be easily copied to the clipboard:
Using your token
To use your token for authentication, send it via the http headers. Please use "Authorization" as the key, and "Bearer <addYourTokenHere>" as the value. Here is an example how to set it up in postman:
Revoking your token
In case someone unauthorized gets access to your token, you can also revoke it on this page. This also requires your password, and an additional popup will ask if you are really sure about it.
After confirming it by clicking on the "OK" button, your token will be revoked. Please note: all API integrations that made use of this token to access data will stop working immediately.