REST API - Authentication

The REST API uses  basic authentication with a combination of a Public Key and Token.

Before you can authenticate an API request, you need a set of API keys. These are user-specific and can be created in Affiliates → Tools → API Keys:

To generate a new set of API keys, enter the username of the user the keys should belong to and click Generate New API Keys.

Note: the user account the API keys are associated with must have the proper capabilities in order for the API to work. Typically this means the user needs to have the Administrator role. See our documentation on roles and capabilities for more information.

Once the API keys are created, you can authenticate with the REST API by including the keys in the authentication header. The Public Key should be passed as the user and the Token as the password.

For example, using Postman, our authenticated request would look like this:

If using curl, an authenticated request would look like this:

curl -u 229c1d4292800a4fdaa1099a4c646c9a:c7fd218923e058e1637698e5257855de http://local.wp/woo/wp-json/affwp/v1/affiliates

The authorization header must be included with every API request in order to properly authenticate with the API. If basic authentication is not provided or the credentials are incorrect, an error message will be returned: 

  "code": "rest_forbidden",
  "message": "Sorry, you are not allowed to do that.",
  "data": {
    "status": 403