# Overview The Rewardful API is organized around [REST](https://en.wikipedia.org/wiki/Representational_state_transfer). Our API has predictable resource-oriented URLs, accepts [form-encoded](https://en.wikipedia.org/wiki/POST_\(HTTP\)#Use_for_submitting_web_forms) request bodies, returns [JSON-encoded](https://www.json.org/json-en.html) responses, and uses standard HTTP response codes, authentication, and verbs. {% hint style="info" %} We highly recommend checking out [Insomnia](https://insomnia.rest/), a desktop app that makes testing API requests and responses a breeze 👍 {% endhint %} ## Authentication All API requests require authentication with [HTTP Basic Auth](https://en.wikipedia.org/wiki/Basic_access_authentication), similar to how Stripe authenticates. Provide your API Secret as the basic auth `username` value. You do not need to provide a password. ```bash curl https://api.getrewardful.com/v1/affiliates/7B016217-18AF-44DD-A30C-0DE0C1534D2A \ -u YOUR_API_SECRET: ``` **Be sure to replace `YOUR_API_SECRET` with your actual API Secret.** For example, if your API secret was `ABC123`, the `curl` command to fetch all affiliates would be: ```bash curl --request GET \ --url https://api.getrewardful.com/v1/affiliates \ -u ABC123: ``` Your API Secret can be found on the [Company Settings](https://app.getrewardful.com/company/edit) page. {% hint style="danger" %} **Keep your API Secret safe!** Your API Secret grants **full access** to your Rewardful account. Do not: * Share your API Secret with third parties * Commit your API Secret to version control (i.e. Git) * Share your API Secret over email or chat * Send your API Secret to the web browser in HTML or JavaScript {% endhint %} Contact us as soon as possible if you believe your API Secret has been compromised so we can rotate it for you. ## Request and Response Formats Rewardful will provide a JSON-based REST API through which merchants can create affiliate accounts and fetch data for reporting. Endpoints accept [form-encoded](https://en.wikipedia.org/wiki/POST_\(HTTP\)#Use_for_submitting_web_forms) request bodies and return [JSON-encoded](http://www.json.org/) responses. Rewardful uses [UUID strings](https://en.wikipedia.org/wiki/Universally_unique_identifier) for primary keys (IDs) for all resources. If you plan to store Rewardful IDs in your database, make sure to use a column type (string, UUID, etc) appropriate for your database engine. Dates and times in the Rewardful API are represented as [ISO 8601](https://en.wikipedia.org/wiki/ISO_8601) formatted strings. ## Errors Missing or invalid authorization will return a `401 Unauthorized` JSON response: ```javascript { "error": "Invalid API Secret." } ``` Requesting a nonexistent object will return a `404 Not Found` JSON response: ```javascript { "error": "Affiliate not found: " } ``` Passing invalid data to a create/update endpoint will return a `422 Unprocessable` Entity JSON response: ```javascript { "error": "Could not create affiliate.", "details": ["Email can't be blank"] } ``` ## Pagination API endpoints that return a list of objects include pagination, unless noted otherwise. The data structure has two root objects: | Key | Description | | ------------ | ------------------------------------------------------------------------- | | `pagination` | Pagination data, such as current/next/previous page numbers, counts, etc. | | `data` | An array of objects returned for the specified page number. | ### The \`pagination\` object | Key | Description | | --------------- | ----------------------------------------------------------------- | | `previous_page` | Previous page number. Will be `null` if there's no previous page. | | `current_page` | Current page number. | | `next_page` | Next page number. Will be `null` if there's no next page. | | `count` | The number of objects on *this* page. | | `limit` | The requested number of objects per page. | | `total_pages` | The total number of pages. | | `total_count` | The total number of objects returned across all pages. | ### Example This example demonstrates the `pagination` for a collection of 150 objects in total, split into 3 pages of 50 objects per page: ```javascript { "pagination": { "previous_page": 1, "current_page": 2, "next_page": 3, "count": 50, "limit": 50, "total_pages": 3, "total_count": 150 }, "data": [ // Array of objects ] } ``` ## Expanding objects Many objects allow you to request additional information as an expanded response by using the `expand` request parameter. You can use `expand` to expand a single type of object, or `expand[]` to expand multiple types of objects. The documentation for each endpoint will list which objects are expandable (if any) for that endpoint. For example, to expand an `affiliate` you would prepend this query string parameter to the request URL: ``` ?expand=affiliate ``` To expand both `affiliate` and `sale` objects, prepend this query string parameter to the request URL: ``` ?expand[]=affiliate&expand=sale ``` ## Rate limits The Rewardful REST API uses *rate limiting* to help maximize its uptime and stability. Users who send many requests in quick succession may see error responses that show up as HTTP status code `429`. These `429` responses will include [RateLimit header fields](https://www.ietf.org/archive/id/draft-polli-ratelimit-headers-02.html#name-header-specifications) which you can use to gracefully handle failures and retry requests when your quota resets. In most cases the API rate limit is 45 requests per 30 second window. Please treat these limits as absolute maximums and do not generate unnecessary load. If you plan to run a batch script (such as programmatically creating many affiliates via API), please throttle your API usage by adding sleep/delay mechanisms to your script. We may reduce limits at any time to prevent abuse.