Resources
API Documentation
The Webmachine REST API allows you to integrate with our affiliate marketing platform programmatically. All endpoints use JSON request and response bodies, and are served at the base URL of your deployment.
Overview
Base URL
https://marketplace.webmachine.io/api/v1Authentication
Most endpoints require a Bearer token in the Authorization header. Obtain tokens via the login endpoint. Tokens expire after 30 minutes and can be refreshed using the refresh endpoint with an HTTP-only cookie.
Authorization: Bearer <access_token>Response Format
All responses follow a consistent envelope format:
// Success
{
"success": true,
"data": { ... },
"meta": {
"page": 1,
"per_page": 20,
"total": 150,
"total_pages": 8
}
}
// Error
{
"success": false,
"error": {
"code": "VALIDATION_ERROR",
"message": "...",
"details": { ... }
}
}Rate Limiting
API requests are rate limited to 100 requests per window. Login attempts are limited to 5 consecutive failures before temporary lockout. Rate limit headers are included in all responses.
Endpoints
Authentication
/api/v1/auth/registerRegister a new user account (name, email, password, role)
/api/v1/auth/loginLogin with email and password. Returns access_token + refresh cookie
/api/v1/auth/refreshRefresh the access token using the refresh cookie
/api/v1/auth/logoutLogout and clear the refresh cookie
/api/v1/auth/meGet the current authenticated user profile
/api/v1/auth/sessionsList all active sessions for the current user
/api/v1/auth/sessions/:idRevoke a specific session by ID
Two-Factor Authentication
/api/v1/auth/2fa/setupInitiate 2FA setup. Returns QR code URI and backup codes
/api/v1/auth/2fa/verifyVerify 2FA setup with a 6-digit TOTP code
/api/v1/auth/2fa/disableDisable 2FA. Requires current password and TOTP code
/api/v1/auth/2fa/verify-loginComplete login when 2FA is enabled
Websites
/api/v1/websitesList websites (own for advertisers, all for admins)
/api/v1/websitesSubmit a new website for approval
/api/v1/websites/:id/approveApprove a pending website
/api/v1/websites/:id/rejectReject a website (reason required)
/api/v1/websites/:id/resubmitResubmit a rejected website
Campaigns
/api/v1/campaignsList campaigns. Filtered by role automatically
/api/v1/campaignsCreate a new campaign (checks wallet balance)
/api/v1/campaigns/:idUpdate campaign details
/api/v1/campaigns/:id/statusChange campaign status
/api/v1/campaigns/:id/joinJoin a campaign (creates tracking link)
/api/v1/campaigns/:id/leaveLeave a campaign
Tracking
/api/v1/affiliate/linksList all tracking links for the current affiliate
/api/v1/affiliate/linksCreate a new tracking link for a campaign
/api/v1/track/:codeClick redirect endpoint (records tracking event)
/api/v1/track/conversionRecord a server-to-server conversion postback
Wallet & Payments
/api/v1/wallet/balanceGet wallet balances (total, available, reserved, spent)
/api/v1/wallet/transactionsList transaction history
/api/v1/wallet/fundAdd funds to advertiser wallet
/api/v1/wallet/withdrawRequest a withdrawal
/api/v1/wallet/walletsList saved crypto wallet addresses
/api/v1/wallet/walletsAdd a new crypto wallet (24h verification)
Postbacks
/api/v1/postbacksList postback configurations
/api/v1/postbacksCreate a new postback URL
/api/v1/postbacks/:idUpdate a postback configuration
/api/v1/postbacks/:idDelete a postback
/api/v1/postbacks/:id/logsView postback fire logs
Real-Time Events (SSE)
Event Stream
GET /api/v1/events/stream?token=<access_token>Connect to the SSE endpoint to receive real-time updates. Events include website approvals, campaign status changes, tracking events, wallet updates, fraud alerts, and force-logout signals.
Need API Support?
Contact [email protected] for API integration assistance. Webmachine is a product of PRPPC OU, Tallinn, Estonia.
Related: Help Center | Blog | Platform Status