API authentication

From Wiki

Jump to: navigation, search

Contents

Authentication and authorization

The Awin API provides access to a range of information from your publisher or advertiser accounts. To make sure your data is safe, all of our API endpoints require an oauth2 access token. This token is not linked to a certain publisher or advertiser account, but to your own personal user account. You have access to 10 different Awin publisher accounts via our website? Then your personal API token grants you access to data from all of those 10 accounts.
Please note: if you add or remove your user account to or from a publisher or advertiser account, it may take up to 10 minutes until this change in access rights takes effect in the API.
And remember: this token is the only thing you need to access your data via the API. Neither your username nor your password is required. This makes the token a very powerful key, so please make sure it doesn't fall into the wrong hands.

Creating your token

To obtain your token visit https://ui.awin.com/awin-api or click on the "API credentials" link in your user menu:
Image:API_credentials_link.png

On the following page you have to enter the password you used to login to our website:
Image:API_enter_password.png

Once you click on "Show my API token", your personal token will be created and displayed, and can be easily copied to the clipboard:
Image:API_enter_password_success.png

Using your token

There are two ways you can transfer your token in an API call:

1) As part of the URL

You just have to add the additional parameter accessToken= to the URL, e.g.:

https://api.awin.com/accounts?accessToken=<addYourTokenHere>


CURL example:

curl -X GET --header 'Accept: application/json' 'https://api.awin.com/accounts?accessToken=<addYourTokenHere>'


2) As part of the http headers

To send your token via the http headers, please use "Authorization" as the key, and "Bearer <addYourTokenHere>" as the value. Here is an example how to set it up in postman: Image:API_token_header.png


Revoking your token

In case someone unauthorized gets access to your token, you can also revoke it on this page. This also requires your password, and an additional popup will ask if you are really sure about it.

Image:API_revoke_token_modal.png


After confirming it by clicking on the "OK" button, your token will be revoked. Please note: all API integrations that made use of this token to access data will stop working immediately.

Privacy

Due to new European legislation regarding how websites store information about you, AWIN is updating its privacy policy. You can see the new version of our policy here. If you would like to see the information we capture on this website, please click here for further details. In order to accept cookies on this site please click the 'I ACCEPT' button