- 25 Mar 2025
- DarkLight
Authentication
- Updated on 25 Mar 2025
- DarkLight
Overview
Our APIs provide access to a range of information from your publisher or advertiser accounts. To make sure your data is safe, all of our API endpoints require authentication with use of an access token.
This token is not linked to a certain publisher or advertiser account, but to your own personal user account. If you have access to 10 different Awin publisher accounts via our website, then your personal API token grants you access to data from all of those 10 accounts.
To gain access to our APIs you must first obtain your API token from our interface. This token may then be used within your API call to gain access to performance data, create promotions, validate transactions and much more.
All of our APIs follow the OAuth 2.0 specification and require you to pass on the token in combination with the word “Bearer”. Only the Create Transactions API uses an API key authentication and simply passing on the token is sufficient. Also see:
Authentication type | Header Parameter | Example |
---|---|---|
OAuth 2.0 Bearer Token | Authorization | Bearer <your token> |
API Key | x-api-key | <your token> |
This page outlines how to obtain the token and authenticate correctly depending on the API you're using. Example of how to authenticate can be found below. Each API page will specify which authentication type is required.
Please note
API access for advertisers is limited to Accelerate and Advanced plans only.
Obtaining your Token
Tokens are set on a user level. Meaning that once you have created your token, it grants you access to API data from all Publisher or Advertiser accounts that you are associated with.
Gaining access to our APIs only requires a token and no username or password. Therefore keep your token confidential. If you need to revoke your token at any time, you can do so following the instructions below.
Step 1 - Check permissions
Before you create your token make sure that you have Admin access to the account you would like to retrieve data from.
For Advertisers go to: Account > Account Permissions in the main navigation.
For Publishers go to: Account > User Permissions in the main navigation
If this is not the case, ask your admin to invite you or change your permissions.
Please note
If you add or remove your user account to or from a publisher or advertiser account, it may take up to 10 minutes until this change in access rights takes effect.
Step 2 - Create token
Visit https://ui.awin.com/awin-api or click on the "API credentials" link in your user menu (top right).
On the following page enter the password you used to login to our website and click ‘show my API token’
Once you click on "Show my API token", your personal token will be created and displayed, and can then be easily copied to your clipboard.
(1).png)
API Credentials screen
Authentication methods
All of our APIs use OAuth 2.0 Bearer Token authentication except for the Create Transaction API which uses an API Key (x-api-key). Below we will provide you with two examples of how each type must be handled.
Copy your token
After generating your API token (on the API Credentials page), copy it to your clipboard.
Example token (truncated for display):
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
Add the Token to the Authorization Header
In your API request, add an Authorization
header using this format:
Authorization: Bearer <your_token>
Send your request
Here are some examples using cURL, Postman and Javascript:
Example (cURL)
curl -X GET https://api.awin.com/publishers \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
Example (Postman)
Open the Authorization tab
Set Type to
Bearer Token
Paste your token in the Token field
Postman will automatically add the correct header
Or manually add the token to the headers of your API call:
Example (javascript)
fetch('https://api.awin.com/publishers', {
headers: {
'Authorization': 'Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...'
}
})
Copy your token
After generating your API token (on the API Credentials page), copy it to your clipboard.
Example token (truncated for display):
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
Add the Key to the x-api-key
Header
In your API request, include the following header:
x-api-key: <your_api_key>
Send your request
Here are examples using cURL, Postman and Javascript:
Example (cURL)
curl -X GET https://api.awin.com/public/data \
-H "x-api-key: 9e1f55b9-aaaa-47d3-98e8-f9dcba5f4b2b"
Example (Postman)
Go to the Headers tab
Add a new header:
Key:
x-api-key
Value: your API key
Or manually add the token to the headers of your API call:
Example (JavaScript / Fetch)
fetch('https://api.awin.com/public/data', {
headers: {
'x-api-key': '9e1f55b9-aaaa-47d3-98e8-f9dcba5f4b2b'
}
})
Revoking your token
In case someone unauthorized gets access to your token, you can also revoke it.
Visit https://ui.awin.com/awin-api or click on the "API credentials" link in your user menu (top right).
On the following page enter the password you used to login to our website and click ‘show my API token’
Then click ‘Revoke my API token’ below.
After confirming it by clicking on the "OK" button, your token will be revoked. Please note: all API integrations that made use of this token to access data will stop working immediately.