Empowering Your Partners with API Access

Issuing an Affiliate API key to a partner gives them direct, programmatic access to their own reporting, postbacks, offers, and account data. For most networks, the day-to-day reality without API keys is an account manager pulling reports on request — partners ask for last week's conversions, a sub_id breakdown, or an invoice summary, and someone on your team has to go grab it. The Affiliate API exists specifically to make those interactions self-serve.

This article covers when to issue partner API keys, what your partners can do with them, how to create one, and what to monitor afterwards.

Why issue API keys to partners

The day-to-day cost of not having API keys looks roughly like this:

❌ Without an API key

Partner DMs the AM — "can you pull last week's conversions broken out by sub_id?"

AM context-switches, opens Conversion Report, configures filters, exports CSV.

CSV emailed back. Partner notices a sub_id is missing — replies asking why.

Repeat next week. And the week after.

⏱ ~30 min per request · 24-48h partner wait

✅ With an API key

One-time: AM creates a key, shares it with the partner.

Partner wires the API into their own dashboard or scheduled script.

Reports refresh on the partner's schedule — daily, hourly, real-time, whatever they need.

AM only steps in for actual relationship work.

⚡ ~15 min one-time setup · 0 partner wait

Multiplied across all your active partners, that delta is real ops drag — plus a strategic upside on the partner-stickiness side:

Less repetitive ops work. Every recurring "can you pull a report for me?" turns into a one-time setup. Your team gets time back for actual partner relationships.

Faster feedback loops. Partners pulling their own data spot anomalies (drops in conversions, weird sub_id mixes) earlier and surface them before they become escalations.

Stickier integrations. Once a partner has wired your data into their own dashboards or commission engine, the cost of switching networks goes up materially.

Table stakes for sophisticated partners. Partners with their own BI infrastructure tend to assume API access by default. Not having it can be a deal-breaker.

Which partners are good candidates

Not every partner needs an API key, and issuing one to a partner who can't use it adds operational surface area without much upside. Good candidates usually have most of the following:

Established run-rate. They're past the early ramp where things still change frequently.

Technical resource on their side. An in-house engineer, BI analyst, or external consultant who can wire the API into something useful.

Volume that justifies it. Multiple offers or a substantial sub_id matrix — enough scale that programmatic access beats UI clicking.

Their own data stack. An attribution platform, BI tool, or commission engine they want to feed Everflow data into.

Clean track record. Stable communication and traffic quality — a partner you trust with direct data access.

Skip API access for partners still in onboarding, partners without technical capacity to use the API responsibly, or any partner with open fraud or quality flags.

What partners can do with the key

The Affiliate API gives partners access to the same data and controls they see in Partner Platform, plus a few surfaces that don't have a UI equivalent.

Reporting

Pull aggregated reporting data with custom dimensions and metrics.

Search conversions by date, status, offer, or any sub parameter.

Stream raw clicks for low-latency feeds into their data warehouse.

Look up on-hold conversions and individual click or conversion details by ID.

Export aggregated data and conversion lists to CSV.

Offers & tracking

List runnable offers with payout and creative metadata.

Generate tracking URLs and impression URLs programmatically.

Retrieve deals, coupon codes, and product feeds.

Postbacks & account

Create, update, search, and delete partner postbacks.

Pull billing data and invoice history.

Inspect traffic-blocking and source-control settings.

How to issue an API key to a partner

The full walkthrough lives in Partner API Keys & API Documents. The short version:

Open the partner's API tab

From the left navigation, go to Partners → Manage, click into the partner you want to issue a key to, then open the API tab on the Partner Details page.

Partner Details page in Core Platform with the API tab highlighted

Click Add and confirm

In the API Keys section, click Add. A confirmation modal asks you to confirm you want to create a new key for this partner — click OK to proceed.

Confirmation modal -- Are you sure you want to create a new API key -- with the OK button highlighted

Share the key with the partner

The new key appears in the API Keys table with the date it was created and who created it. Send it to your partner through a secure channel — password manager share, encrypted email, or whatever your team uses for credentials. Affiliate keys remain visible to network admins after creation, so if your partner loses theirs you can re-share without issuing a new one.

API Keys table showing the new key plus the Table Actions menu with Export to CSV/JSON option

Revoke when needed

To revoke a key, open the three-dot menu on the row and choose Revoke. Revoke any key that's been exposed, that belongs to a team member who's left the partner, or that's tied to a partner you're no longer working with.

Three-dot row menu open with the Revoke option highlighted

What your partner sees on their end

Once you've issued the key, this is the view your partner lands on inside Partner Platform under Company → My Account → API. The key is theirs to copy from this card. If they say they can't see this tab, they don't have a key yet — go back to step 2.

Partner Platform My Account API tab showing the partner-side view of the API key card

Permissions you need

Creating an Affiliate API key is a privileged action and requires either:

Full-control Security permission on the affiliate manager role assigned to your user.

Or Control Center → Accounts → Accounts & History Logs (Full Access).

"Forbidden" error on key creation?If you click Add and see a Forbidden message in the bottom-right corner, the user you're logged in as (or impersonating) doesn't have one of the permissions above. Update the role from Security Settings or have a Super User make the change.

Security & governance

API keys are credentials, and the same handling rules apply that you'd expect for any production credential.

Recommend an IP allowlist on the key for partners calling the API from fixed servers. The allowlist lives next to the key on the same API tab.

One key per integration, not one shared across many. Easier to revoke just the affected integration if something goes wrong.

Rotate on partner-side turnover. If the partner's technical contact leaves, revoke and issue a fresh key.

Watch for unusual patterns. Rate-limit hits, off-hours bursts, or requests against endpoints they've never used before are signals worth a quick check-in.

What to send your partner

Once you've issued the key, point your partner at the partner-facing companion article: Using Your Partner Platform API Key. It walks them through where to find the key in their own UI, how to authenticate requests, what they can do with the key, and basic troubleshooting. That keeps your end-of-the-conversation short — "here's your key, here's the doc" — without you having to explain the API surface yourself.

Troubleshooting

Partner says they don't see the API tab

The API tab in the partner's My Account section only appears once a key has been issued. Confirm you completed the issuance flow above, then ask the partner to refresh the page.

Partner is hitting rate limits

Rate limits are network-wide, not per-key — resetting or rotating the key won't help. For partners running high-frequency reporting, point them at Firehose, the real-time event stream designed for high-volume use cases. Reach out to your Customer Success contact to enable it.

Partner lost their key

You can re-share the existing key from the API tab on Partner Details — you don't need to issue a new one. Affiliate keys remain visible to admins after creation specifically for this case.

Partner thinks their key is exposed

Revoke immediately from the three-dot menu on the row, then issue a fresh key. Treat it the way you'd treat an exposed password.

Partner is asking for an Advertiser or Network API key instead

The Affiliate API only covers a single partner's scope. If the partner is actually trying to act as an advertiser or admin (e.g., a managed-services partner who runs their own offers on your platform), they need a different key type and a different conversation. See the dev hub references at the bottom of this article for both Network and Affiliate API surfaces.

Technical reference

Two API surfaces are relevant here. The Affiliate API is what your partner will use with the key you just issued. The Network API (Core Platform) is what your own systems use for admin-level operations. Both reference docs live on the developer hub:

Affiliate API reference Network API reference Authentication & headers

More for production integrations

Rate limiting — budgets, 429 handling, and how to design pull cadences.

Paging — walking through large result sets without missing rows.

Overview