Join PartnersMy
The platform where brands and affiliates grow together.
Competitive commissions, real-time tracking and secure payouts. Everything you need to monetize your traffic or scale your affiliate program.
Join PartnersMy
Competitive commissions, real-time tracking and secure payouts. Everything you need to monetize your traffic or scale your affiliate program.
Advanced API
PartnersMy uses different methods depending on access type: API key for integrations, JWT for the dashboard and OAuth for social signup.
External integrations use an API key with the ps_ prefix.
Send it in the x-api-key: ps_xxx header or Authorization: Bearer ps_xxx.
The key is stored hashed (SHA-256) and never in plain text.
Create keys from Settings → API in the dashboard. They're shown only once.
You can have multiple active keys and revoke them individually.
Each key tracks the last-used date and can have an expiration date.
The dashboard uses a JWT obtained on login.
Send the token as Authorization: Bearer {jwt}.
It refreshes automatically with refresh tokens (7-day httpOnly cookie).
These endpoints do NOT work with API keys — they require an active session.
Request a 6-digit code to your email with POST /api/auth/magic-code.
Verify with POST /api/auth/magic-code/verify — returns JWT + refresh.
The code expires after 10 minutes.
For new accounts use /api/auth/register-magic and /api/auth/register-magic/verify.
Google and LinkedIn are available for signup and login.
Start the flow at GET /api/auth/social/{provider}.
If the email matches an existing account, it links automatically.
You can unlink a provider from Settings if you have a password or another social account active.
Store API keys only on the server. Never expose them in client-side code.
Revoke keys immediately if they're leaked.
Always use HTTPS. Unencrypted HTTP requests are rejected.
Refresh tokens rotate on every use — a new one invalidates the previous.