Affiliate Authentication Guide

Before production API keys are issued, every integration needs to pass our certification process. This is required to improve our services, avoid compliance issues, and identify technical concerns while enabling a partnership.

Overview

Every API request you make to the Teak API must be authenticated by including an Authorization Header with a valid, unexpired token. To authenticate clients via the API, you'll need a public_key and secret_key to create a token.

The authorization token is a signed data blob that contains configuration and authorization information required by the Teak API. For security, a new authorization token should be generated for each request sent to Teak.

Your server is responsible for generating the authorization token. When your server sends an authorization token to your client, your client can authenticate the application to communicate directly with Teak.

Try it out!

If you'd like a working example of our Authentication API calls, follow this link to our API Reference Guide! Feel free to swap out the values and see what a proper request and response call looks like.

❗️

Security Warning

You should never expose your SECRET KEY client-side. If you decide to do authenticated calls client-side, you should create the authentication token from your server and send it client-side for use.

👍

API Key Length

The public and secret key will never exceed 55 characters in length for storing in your database.

🚧

Making API Calls

All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.