Skip to main content

Integration overview

The Affiliate System integration has three parts:

  1. Login — your backend authenticates and receives an access token.
  2. Webhooks — your platform exposes two endpoints (deposits and withdrawals) that we call to notify you of transactions.
  3. Launch — you embed the affiliate system in an iframe using the token.

The order matters

The most common integration problem comes from doing these in the wrong order. Webhooks come first; launching the system is unlocked only after your webhooks pass our QA.

Getting a 403 when you open the system is expected

Before your webhooks pass QA, opening the affiliate system (the iframe) returns 403. This is correct, not a bug. Your login keeps working from the start — it returns a valid token immediately, so you can build and test login while QA is pending. Only the iframe launch is gated. Once your webhooks pass QA, the launch is enabled and returns 200.

The steps

  1. Review the notification structure in this documentation — the payloads we send for deposits and withdrawals, and the response we expect from your endpoints.
  2. Implement your two webhook endpoints (deposits and withdrawals) and validate the signature, using that documented structure. No credentials are needed for this step.
  3. You're registered and receive your staging credentials. Once your endpoints are ready, share them with your Apuestería contact; they register you and deliver your staging credentials through a one-time link. From this point your login works and returns a valid token immediately.
  4. We run the webhook QA against your live endpoints.
  5. The system launch is enabled in staging once QA passes.
  6. Go-live — we issue your production credentials and the production URL.