Getting started
Testing & going live
Build and verify your whole integration with a test API key, then create a live key once your merchant profile is approved. Both environments run the exact same pipeline — only the key prefix and who can create them differ.
Test keys vs live keys at a glance
Test keys are prefixed ak_test_ and work as soon as you have an account. Live keys are prefixed ak_live_ and can only be created by an approved merchant. Everything else about the two is identical:
- Test keys can be created as soon as you have an account; they exercise the full pipeline safely.
- Live keys can only be created by an APPROVED merchant.
- Both environments use identical signing, validation, dedup and commission rules.
- The signing secret is shown only once, at key creation — store it securely.
Create a test API key
Sign in to your merchant dashboard and go to API Keys. Create a new key and choose the test environment — it will be issued with the ak_test_ prefix. You do not need to be approved to create test keys; they are available the moment your account exists. Copy the signing secret shown on creation and keep it somewhere safe.
How test mode differs from live mode
There is no separate “sandbox” codebase. Test keys exercise the same authentication, HMAC-SHA256 signing, request validation, deduplication and commission logic as live keys — see Authentication for the request signing rules that apply to both. Use a test key for safe, end-to-end integration work; use a live key only for real affiliate traffic that should produce billable conversions and commissions.
Test conversions
With a test key you can POST test conversions through the normal conversion endpoint and watch them flow through the pipeline. They attribute against tracked clicks, run through scoring and dedup, and appear in your dashboard exactly as live conversions would — so you can confirm your payload, attribution and commission expectations before switching to real traffic.
Test webhooks
Test webhooks are signed just like live ones. Send your signed webhook with an X-External-Event-Id header so the platform can deduplicate retries — replaying the same external event id is a no-op. This lets you verify your signature, your idempotency handling and your end-to-end webhook wiring against a test key before going live.
Request live access
To create a live key, complete your merchant profile and submit the onboarding “Request live API access” step. An admin reviews your account; once they approve you, the live environment unlocks and you can create a key with the ak_live_ prefix from the same API Keys page. Until that approval lands, only test keys can be created.
Admin approval for live access
Live access is gated on manual admin approval — it is not granted automatically when you finish the profile. After you submit the request, an administrator checks your merchant details and either approves the account or follows up for more information. Live key creation stays disabled until that approval is recorded.
Live API safety rules
Treat live keys as production credentials. Rotate keys periodically and immediately on any suspected leak; restrict each key to known source IPs with the allowlist; store the signing secret in a secret manager rather than in source control or config files; and always sign the exact bytes of the request body so your computed signature matches the server’s byte-for-byte.
Production checklist
Before you flip your traffic to a live key: confirm your test integration attributes conversions and verifies webhooks end to end, complete your profile and obtain admin approval, create your ak_live_ key and store its secret in a secret manager, set an IP allowlist, and plan key rotation. For the full step-by-step, see the full go-live checklist.