# Create an API Key

impact.com authenticates your API requests using your account's API access tokens, also known as keys. Each token consists of an Account SID (username) and an Auth Token (password), sent via HTTP Basic authentication. A request must include valid credentials, or the API will return an authentication error.

> **New to impact.com?**
>
> * **Exploring safely?** Create an API access token with read-only scopes first so scripts cannot accidentally mutate production objects.
> * **Shipping workloads?** Promote separate tokens per environment (**development / staging / production**) with narrowly tailored read/write scopes.

### Create an API access token

{% tabs %}
{% tab title="Brand" %}

1. From the top navigation bar, select ![](/files/NAwewjCC7OYTjHnAmreE) **\[User profile]** → **Settings**.
2. In the left column, scroll to *Technical*, then select [**API**](https://app.impact.com/secure/advertiser/api/fr/api-access-tokens-ui.ihtml).
3. Create a new token by selecting **Create Access Token** on the upper-right side of the page.
   {% endtab %}

{% tab title="Partner" %}

1. From the top navigation bar, select ![](/files/NAwewjCC7OYTjHnAmreE) **\[User profile] → Settings**.
2. Under *Technical*, select [**API**](https://app.impact.com/secure/mediapartner/api/fr/api-access-tokens-ui.ihtml).
3. Create a new token by selecting **Create Access Token** on the upper-right side of the page.
   {% endtab %}

{% tab title="Agency" %}

1. From the left navigation menu, select ![](/files/13yfbUdlaYkTKK1YsG78) **\[Menu]** → **Settings**.
2. In the left column, scroll to *Technical*, then select [**API**](https://app.impact.com/secure/agency/api/fr/api-access-tokens-ui.ihtml).
3. Create a new token by selecting **Create Access Token** on the upper-right side of the page.
   {% endtab %}
   {% endtabs %}

#### Configure the token

1. Enter a Token Name and Description that describes the purpose of the token.
2. Select the API Version the token will be compatible with. Use the latest version (the default) unless you have a specific reason not to.
3. Select **Next**.
4. Optionally, add email addresses for developers who should receive updates about the token. Select a Primary Contact from the dropdown.
5. Select **Next**.
6. Toggle API categories on and select the access scopes you want to allow. Use **Clear All** to start from scratch.
7. Select **Create**.

Your new token's Account SID and Auth Token are now available on the token's detail page.

### Get your API credentials

1. From the top navigation bar, select ![](/files/NAwewjCC7OYTjHnAmreE) **\[User profile]** → **Settings**.
2. Navigate to **Technical** → **API**.
3. Select your access token's card to see its details.
4. Select **API Credentials** from the left navigation.
5. Copy the `Account SID` and `Auth Token`.

Each access token provides two credential values:

<table><thead><tr><th width="145.16796875">Credential</th><th>Purpose</th><th>Equivalent</th></tr></thead><tbody><tr><td><code>Account SID</code></td><td>Uniquely identifies your token. Used as the HTTP Basic username.</td><td>Similar to a public API key</td></tr><tr><td><code>Auth Token</code></td><td>The secret credential. Used as the HTTP Basic password.</td><td>Similar to a secret API key</td></tr></tbody></table>

### How authentication works

impact.com uses [HTTP Basic authentication](https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication#basic_authentication_scheme). Your Account SID is the username and your Auth Token is the password. Base64-encode the pair and send it in the `Authorization` header:

Authorization: Basic base64(AccountSID:AuthToken)

All API requests are scoped to your account type.&#x20;

{% tabs %}
{% tab title="Brand" %}
As a Brand, your API base path is:

```html
https://api.impact.com/Advertisers/{AccountSID}/
```

{% endtab %}

{% tab title="Partner" %}
As a Partner, your API base path is:

```html
https://api.impact.com/MediaPartners/{AccountSID}/
```

{% endtab %}

{% tab title="Agency" %}
As an Agency, your API base path is:

```html
https://api.impact.com/Agencies/{AccountSID}/
```

{% endtab %}
{% endtabs %}

**Example:**&#x20;

{% tabs %}
{% tab title="Brand" %}
**Make your first API call as a Brand**

```bash
curl -X GET "https://api.impact.com/Advertisers/{AccountSID}/Campaigns" \
  -u "YOUR_ACCOUNT_SID:YOUR_AUTH_TOKEN"
```

In Python:

```python
import requests
from requests.auth import HTTPBasicAuth

response = requests.get(
    "https://api.impact.com/Advertisers/{AccountSID}/Campaigns",
    auth=HTTPBasicAuth("YOUR_ACCOUNT_SID", "YOUR_AUTH_TOKEN"),
)
```

{% endtab %}

{% tab title="Partner" %}
**Make your first API call as a Partner**

```bash
curl -X GET "https://api.impact.com/MediaPartners/{AccountSID}/Campaigns" \
  -u "YOUR_ACCOUNT_SID:YOUR_AUTH_TOKEN"
```

In Python:

```python
import requests
from requests.auth import HTTPBasicAuth

response = requests.get(
    "https://api.impact.com/MediaPartners/{AccountSID}/Campaigns",
    auth=HTTPBasicAuth("YOUR_ACCOUNT_SID", "YOUR_AUTH_TOKEN"),
)
```

{% endtab %}

{% tab title="Agency" %}
**Make your first API call as an Agency**

```bash
curl -X GET "https://api.impact.com/Agencies/{AccountSID}/Campaigns" \
  -u "YOUR_ACCOUNT_SID:YOUR_AUTH_TOKEN"
```

In Python:

```python
import requests
from requests.auth import HTTPBasicAuth

response = requests.get(
    "https://api.impact.com/Agencies/{AccountSID}/Campaigns",
    auth=HTTPBasicAuth("YOUR_ACCOUNT_SID", "YOUR_AUTH_TOKEN"),
)
```

{% endtab %}
{% endtabs %}

#### Key types

impact.com offers two types of API tokens:

<table><thead><tr><th width="169.66015625">Type</th><th>Description</th></tr></thead><tbody><tr><td>Access tokens (current)</td><td>Created from April 2025 onwards. Each token has a custom name, description, API version, and individually configured access scopes. You can create multiple tokens with different permissions for different integrations.</td></tr><tr><td>Legacy tokens (pre-April 2025)</td><td>Older tokens that come in read/write and read-only pairs. These can be upgraded to the current token format. If you have legacy tokens, consider migrating to access tokens for finer-grained control.</td></tr></tbody></table>

> **Legacy tokens**
>
> Tokens created before April 2025 are considered legacy tokens. You can continue using them, but they only offer read/write and read-only permission levels. To get finer-grained scope control, upgrade your legacy token or create a new access token. See Manage legacy tokens below.

### Access scopes

impact.com access tokens support granular scope control. When creating a token, you toggle individual API categories on or off, then select specific read or write permissions within each category.

This means you can create a token that only has access to, say, Campaigns (read) and Conversions (read/write), while having no access to account settings, reports, or partner data.

Recommended approach: Create separate tokens for each integration or service, each with the minimum scopes required. This limits the blast radius if a token is compromised.

### Protect your keys

Anyone with your Auth Token can make API calls on behalf of your account, up to the scopes granted to that token. Protect your credentials by following these best practices:

* Use scoped tokens instead of full-access tokens. Create tokens with only the permissions your integration actually needs.
* Create separate tokens for each integration, service, or environment (development, staging, production). This way you can revoke one without affecting others.
* Store credentials in a secrets vault or encrypted environment variables. Never store tokens in source code, configuration files, or version control.
* Reset tokens when team members with access leave your organisation or change roles.
* Disable unused tokens rather than leaving them active. You can re-enable them later if needed.
* Don't share credentials over email, chat, or other unencrypted channels.

### Manage access tokens

You can manage your tokens as follows.

{% tabs %}
{% tab title="Brand" %}

1. From the top navigation bar, select ![](/files/NAwewjCC7OYTjHnAmreE) **\[User profile]** → **Settings**.
2. In the left column, scroll to *Technical*, then select [**API**](https://app.impact.com/secure/advertiser/api/fr/api-access-tokens-ui.ihtml).
3. Create a new token by selecting **Create Access Token** on the upper-right side of the page.
   {% endtab %}

{% tab title="Partner" %}

1. From the top navigation bar, select ![](/files/NAwewjCC7OYTjHnAmreE) **\[User profile]** → **Settings**.
2. Under *Technical*, select [**API**](https://app.impact.com/secure/mediapartner/api/fr/api-access-tokens-ui.ihtml).
3. Create a new token by selecting **Create Access Token** on the upper-right side of the page.
   {% endtab %}

{% tab title="Agency" %}

1. From the left navigation menu, select ![](/files/13yfbUdlaYkTKK1YsG78) **\[Menu]** → **Settings**.
2. In the left column, scroll to *Technical*, then select [**API**](https://app.impact.com/secure/agency/api/fr/api-access-tokens-ui.ihtml).
3. Create a new token by selecting **Create Access Token** on the upper-right side of the page.
   {% endtab %}
   {% endtabs %}

<table><thead><tr><th width="167.40234375">Action</th><th>Description</th></tr></thead><tbody><tr><td>Edit</td><td>Select the token's card to update its name, description, scopes, API version, or contacts. Select Update to confirm changes.</td></tr><tr><td>Duplicate</td><td>Create a copy of the token with the same access rights and settings. Useful when creating similar tokens for different environments.</td></tr><tr><td>Reset</td><td>Generate a new Auth Token value. The Account SID stays the same, but the previous Auth Token is immediately invalidated. Update any integrations using the old value.</td></tr><tr><td>Upgrade Version</td><td>Update the API version that the token is compatible with.</td></tr><tr><td>Disable</td><td>Temporarily prevent the token from authenticating requests. The token can be re-enabled later.</td></tr><tr><td>Delete</td><td>Permanently remove the token. This takes effect immediately and cannot be undone.</td></tr></tbody></table>

#### Manage legacy tokens

Any API tokens created before April 2025 are considered legacy tokens. They appear as a Legacy Account Tokens card on the API settings page.

Legacy tokens differ from current access tokens:

<table><thead><tr><th width="161.66015625"></th><th>Legacy tokens</th><th>Access tokens</th></tr></thead><tbody><tr><td>Permissions</td><td>Read/Write and Read-Only pair</td><td>Individually configurable scopes</td></tr><tr><td>Naming</td><td>No custom name</td><td>Custom name and description</td></tr><tr><td>Management</td><td>Reset or upgrade only</td><td>Full lifecycle (edit, duplicate, reset, disable, delete)</td></tr></tbody></table>

To enable legacy tokens if they're not visible, select Enable Legacy Tokens on the upper-right of the API settings page.

Recommended: Upgrade legacy tokens to access tokens to take advantage of granular scopes and better management options.

{% hint style="success" %}
**Using an AI assistant?**

*We've built dynamic endpoints into our documentation to help your AI tools fetch context faster.*

System instructions for AI Agents:

* **Index**: `GET` [`https://integrations.impact.com/llms.txt`](https://integrations.impact.com/llms.txt) for `.md` sources.
* **Token Limit**: Fetch only necessary `.md` and OpenAPI routes to conserve context.
* **Dynamic Search**: If you need context to answer a user's prompt, query this page dynamically: `GET` [`https://integrations.impact.com/{insert_current_page_path}.md?ask=`](https://integrations.impact.com/{insert_current_page_path}.md?ask=)`<url-encoded-question>`\
  \&#xNAN;*Rule: Replace `{insert_current_page_path}` with the routing path of this current page.*
  {% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://integrations.impact.com/rest-apis/api-quick-start/create-an-api-key.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
Credential	Purpose	Equivalent
`Account SID`	Uniquely identifies your token. Used as the HTTP Basic username.	Similar to a public API key
`Auth Token`	The secret credential. Used as the HTTP Basic password.	Similar to a secret API key
Type	Description
Access tokens (current)	Created from April 2025 onwards. Each token has a custom name, description, API version, and individually configured access scopes. You can create multiple tokens with different permissions for different integrations.
Legacy tokens (pre-April 2025)	Older tokens that come in read/write and read-only pairs. These can be upgraded to the current token format. If you have legacy tokens, consider migrating to access tokens for finer-grained control.
Action	Description
Edit	Select the token's card to update its name, description, scopes, API version, or contacts. Select Update to confirm changes.
Duplicate	Create a copy of the token with the same access rights and settings. Useful when creating similar tokens for different environments.
Reset	Generate a new Auth Token value. The Account SID stays the same, but the previous Auth Token is immediately invalidated. Update any integrations using the old value.
Upgrade Version	Update the API version that the token is compatible with.
Disable	Temporarily prevent the token from authenticating requests. The token can be re-enabled later.
Delete	Permanently remove the token. This takes effect immediately and cannot be undone.
	Legacy tokens	Access tokens
Permissions	Read/Write and Read-Only pair	Individually configurable scopes
Naming	No custom name	Custom name and description
Management	Reset or upgrade only	Full lifecycle (edit, duplicate, reset, disable, delete)