API Keys enable comprehensive programmatic access to the Affelios platform, allowing you to retrieve data, manage integrations, synchronize information, and interact with all platform features without manual dashboard access. This guide will show you how to create API keys and help you understand how API keys are scoped so that you know how to best manage API access for your programs and integrations.
Prerequisites
Before creating API keys, ensure you have the necessary permissions:Required Permissions
- API Keys Permission: Minimum requirement for creating and managing API keys
- User Access: Affiliates need to request this permission from their program manager
- Operator Access: Operators can grant API key permissions to users
Security Notice: Program managers should avoid creating API keys for users. Instead, grant them access to create their own API keys. This ensures that API keys are automatically limited to the data the user already has permission to access. If a user has admin access, they’ll be allowed to view all data within a program through their API keys, but if they’re an affiliate, they’ll only see their own data regardless of API key permissions.
Creating API Keys
Step-by-Step Creation Process
1
Access API Key Settings
Navigate to your Settings and select “API Keys” from the menu.
2
Create New API Key
Click the “Create API Key” button to start the creation process.
3
Configure Permissions
Assign different permissions to your API key depending on your use case. You can only assign permissions within the scope of permissions your user possesses on the related program.
4
Copy and Store Key
Once created, copy and securely store your API key. You will not be able to retrieve this key again at a later time.
Permission Configuration
Permission Best Practices
When configuring API key permissions, follow these guidelines:
- Avoid assigning all read/write permissions
- Keep API key permissions limited to their required purpose
- Only assign permissions that match your user’s access level
- Regularly review and update permissions as needed
Available Permissions
Available Permissions
API keys can be configured with various permission levels:
- Read Access: View data and reports
- Write Access: Create and modify data
- Admin Access: Full program management capabilities
- Affiliate Access: Limited to own affiliate data
- Operator Access: Full program access (if user has operator role)
Permission Scoping
Permission Scoping
User Permission Constraints:
API keys are always limited by the user’s existing permissions. You can only assign API key permissions that match or are within the scope of permissions your user account already possesses on the related program.Data Access Levels:
- Affiliate Level: Access only to own affiliate data (affiliates can only see their own data)
- Program Level: Access to all data within a program (operators can see all program data)
- API Keys: Create and manage API keys (requires API Keys permission)
- Reports: Generate and export reports (requires Reports permission)
- Affiliates: Manage affiliate accounts (requires Affiliate Management permission)
- Commissions: View and manage commission data (requires Commission access)
Important: If you are an affiliate, you will only be able to view or modify your own data through API keys, even if you have API key permissions. Program managers should grant users the ability to create their own API keys rather than creating keys for them.
API Key Structure
Key Format
API keys follow a specific format for identification and security:
API keys are scoped to an individual user and can only access data that the user has permission to view. The data scope is always limited by the user’s existing permissions - API keys cannot provide access to data beyond what the user account can already see through the dashboard. The key format includes both random characters and UUID components for enhanced security.
Using API Keys
Authentication Method
Authentication in Requests
To use your API key in requests, include it in the
X-Api-Key header of all API calls. For detailed examples and implementation guidance, see our Authentication documentation.Platform Integration Capabilities
API Key Use Cases
API keys enable comprehensive platform interactions beyond simple data retrieval:
Data Management
Data Management
Retrieve and Sync Data:
- Fetch affiliate performance metrics
- Download commission reports
- Access conversion tracking data
- Export program analytics
Integration Management
Integration Management
Platform Integrations:
- Connect e-commerce platforms (Shopify, WooCommerce)
- Sync product catalogs and inventory
- Manage affiliate tracking links
- Configure webhook endpoints
Program Administration
Program Administration
Operational Tasks:
- Create and manage affiliate accounts
- Configure commission plans
- Process payouts and payments
- Manage program settings and branding
Real-time Operations
Real-time Operations
Live Platform Interaction:
- Track conversions in real-time
- Update affiliate status and permissions
- Process commission calculations
- Send notifications and alerts
Security Best Practices
API Key Security
Follow these security guidelines to protect your API keys and data:
Key Storage
Key Storage
Secure Storage:
- Store API keys in environment variables
- Use secure credential management systems
- Never hardcode keys in source code
- Rotate keys regularly for enhanced security
Access Control
Access Control
Permission Management:
- Grant minimum required permissions
- Regularly audit API key usage
- Revoke unused or compromised keys
- Monitor API key activity logs
- Affiliates: Limited to own data only
- Operators: Full program access
Monitoring & Alerts
Monitoring & Alerts
Usage Monitoring:
- Track API key usage patterns
- Set up alerts for unusual activity
- Monitor failed authentication attempts
- Review access logs regularly
- Have a plan for compromised keys
- Know how to quickly revoke access
- Document key rotation procedures
Managing API Keys
Key Lifecycle Management
1
Create New Key
Generate a new API key when needed for new integrations or applications.
2
Configure Permissions
Set appropriate permissions based on the intended use case.
3
Test Integration
Verify the key works correctly with your application.
4
Monitor Usage
Regularly check API key usage and performance.
5
Rotate Keys
Periodically rotate keys for enhanced security.
6
Revoke Unused Keys
Remove keys that are no longer needed.
Key Management Dashboard
Dashboard Features
The API Keys dashboard provides comprehensive management capabilities:
Key Overview
Key Overview
Key Information:
- Key name and description
- Creation date and last used
- Permission levels and scope
- Usage statistics and limits
Usage Analytics
Usage Analytics
Performance Metrics:
- API call frequency and patterns
- Success and error rates
- Response times and performance
- Data access patterns
Security Controls
Security Controls
Access Management:
- Enable/disable keys instantly
- Modify permissions in real-time
- View access logs and history
- Set usage limits and alerts
Next Steps
Now that you understand API key management, you can start integrating with the Affelios API to access your data programmatically.
- API Authentication - Learn about authentication methods and security
- API Reference - Explore available endpoints and data structures
- Integration Examples - See practical integration examples
- Webhook Setup - Set up real-time data notifications
- Platform Integrations - Connect with e-commerce platforms
- Tracking Implementation - Set up conversion tracking