Skip to main content

Authentication

Obtaining Your Credentials

The Affiliate API uses two credentials to authorize requests:
  1. Access Token: An OAuth2 bearer token tied to the affiliate’s session
  2. Account ID: Identifies the FirstPromoter company account
There is currently no UI to retrieve these credentials directly. The easiest way to obtain them is via your browser’s Network tab while logged into the affiliate dashboard:
  1. Log in to the affiliate dashboard
  2. Open your browser’s DevTools (F12 or right-click → Inspect) and go to the Network tab
  3. Reload the page or perform any action to trigger an API request
  4. Click on any request to v2.firstpromoter.com
  5. Under Request Headers, you will find:
    • Authorization: Bearer {your_access_token}
Copy the access token and store it securely. To get your Account ID, make a request to the /me endpoint using your access token and look for the cid field in the response: 
GET https://v2.firstpromoter.com/api/v2/affiliate/promoters/me
Authorization: Bearer {your_access_token}
The cid value inside the company object in the response is your Account ID.
The access token is tied to the affiliate’s session and will expire when the session ends or the user logs out. You will need to retrieve a new token each time.

Making Authenticated Requests

All API requests must include both credentials in your request headers: 
Authorization: Bearer {your_access_token}
ACCOUNT-ID: {your_account_id}

Example Request

GET https://v2.firstpromoter.com/api/v2/affiliate/promoters/me
Authorization: Bearer 01234567890abcdef
ACCOUNT-ID: 123456
Replace {your_access_token} with the bearer token from the Network tab and {your_account_id} with the account ID found in the same request headers.

Security Best Practices

  • Never expose your access token in client-side code or public repositories
  • Use HTTPS for all API communications
  • Retrieve a fresh token if requests start returning 401 Unauthorized