API keys in Post Affiliate Pro are used to authenticate and authorize external applications that communicate with your account via the API v3 (REST API). Each API key serves as an identifier of your Post Affiliate Pro account (similar to your username and password) that allows external systems to access your data through the API. Keys can have specific permissions and can be assigned to different integrations or users.
Never share your API key with anyone you do not trust. If your API key is compromised or lost, delete it and generate a new one, or use the Regenerate option to replace the existing key.
How can I create an API key
While logged in as a merchant, go to Configuration > Tools > Integration > API v3 (REST API).
In this section, you can view your API URL, access the API documentation, and manage your API keys.
Click the Add API key button to create a new key. The Add API key window will appear where you can configure the following fields:
- Name - enter a custom name to identify your API key.
- Expiration date time - optional field, leave empty if you want the key to never expire.
- Whitelist - specify which IP addresses can use this key.
- Access scopes - define which parts of the system the key can access, and whether each has Read or Write permissions.
You can create multiple API keys for different integrations, each with its own access scope and expiration date. This allows you to manage and revoke specific integrations independently.
How to manage API keys
All existing API keys are listed in the API v3 (REST API) section. You can edit, regenerate, or delete any key from this list. When you regenerate a key, the old one is immediately invalidated, and a new key will be displayed only once.
When you generate or delete an API key, all integrations using the old key will stop working immediately. Update your systems or integrations with the new key to restore functionality.
Using your API key
To authenticate your requests, include the API key in the header of each API call.
The easiest way to verify or test your API key is directly within the integrated API documentation (Swagger UI) available in your merchant panel. Click the Authorize button in the documentation window.
In the Value field, enter your API key and confirm by clicking Authorize.
Once authorized, all requests executed from the interface will automatically include your API key in their headers. This allows you to test endpoints and confirm that your key has the correct permissions and access scopes.
For more information about available endpoints and examples, visit the Post Affiliate Pro API v3 documentation.