Refport
API Reference

Authentication

All Refport API requests are authenticated with a Bearer token derived from your API key.

The Refport REST API uses Bearer token authentication. Every request must include your API key in the Authorization header.

API keys

Generate and manage API keys in the Refport dashboard under Settings → API Keys.

API keys grant full access to your account. Store them in environment variables and never expose them in client-side code or commit them to source control.

Making authenticated requests

Include your API key as a Bearer token in the Authorization header:

curl -X POST https://app.refport.co/api/track/lead \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{ ... }'

Using the SDK

The SDK handles authentication automatically. Pass your API key once when initialising the client:

import { Refport } from 'refport';

const refport = new Refport({
  apiKey: process.env.REFPORT_API_KEY!,
});

All subsequent calls use this key transparently.

Error responses

If your API key is missing or invalid, the API returns:

{
  "error": {
    "code": "UNAUTHORIZED",
    "message": "Invalid or missing API key"
  }
}

HTTP status: 401 Unauthorized

Rate limits

The API enforces rate limits per API key. If you exceed the limit, you'll receive a 429 Too Many Requests response. Implement exponential backoff before retrying.

The SDK throws a RefportRateLimitError in this case — see Node.js SDK error handling.

Embedded Portal

Embed a referral dashboard inside your app so partners can view their stats, copy their link, and manage payouts without leaving your product.

Track Lead

Report a lead conversion event — typically a user sign-up — and attribute it to a referral click.

On this page

API keysMaking authenticated requestsUsing the SDKError responsesRate limits