Record an affiliate conversion
Records an affiliate conversion and creates the campaign form submission it maps to.
Attribution flow. A partner shares an Introw affiliate link (/r/{code}). Introw logs a server-side click and redirects the visitor to your site with an opaque irw_id param. The affiliate.js snippet stores that id in a first-party, last-click _introw_aff cookie (90-day window). When the visitor converts, you send the cookie value as clickId. Because every conversion is anchored to a real server-side click and deduplicated, attribution can never be forged or inflated.
Two authentication paths:
- Server-to-server (recommended for backend conversions): send an
x-api-keysecret that holds theaffiliate:writescope. No publishable key or Origin is required. - Browser (via
affiliate.js): send the campaign publishable key in thex-introw-publishable-keyheader (or thepublishableKeybody field). The requestOriginmust match the campaign’s allowed-origins allowlist; an empty allowlist permits any origin.
Responses are deliberately forgiving so the browser snippet never surfaces errors on your page: an invalid, expired, or already-converted click returns 200 with status: ignored/duplicate rather than an error. A newly attributed conversion returns 201 with status: recorded.
Authorizations
Introw API key shown once when the credential is created.
Body
Signed affiliate click token captured at click time. In the browser this is the value of the first-party _introw_aff cookie set by affiliate.js (read it with window.introw.affiliate.getClickId()). A missing, malformed, expired, or forged token causes the conversion to be safely ignored (HTTP 200) rather than rejected.
1 - 256Campaign publishable key, used only on the browser (client-side) path. Safe to expose publicly. Prefer sending it via the x-introw-publishable-key header; this body field is an alternative. Ignored on the server-to-server path, which authenticates with the secret x-api-key header and the affiliate:write scope.
1 - 128Email of the converting customer, when known. Used to enrich the resulting form submission and CRM record. Send an empty string or omit when unavailable.
^(?!\.)(?!.*\.\.)([A-Za-z0-9_'+\-\.]*)[A-Za-z0-9_+-]@([A-Za-z0-9][A-Za-z0-9\-]*\.)+[A-Za-z]{2,}$Arbitrary conversion metadata (e.g. plan, deal value, order id). Each key is mapped onto a campaign form field via the campaign's field mapping; unmapped keys are stored alongside the submission.
Response
Conversion was a duplicate or had no valid/unexpired click token, so nothing new was recorded.
Outcome of the conversion. recorded (HTTP 201): a new conversion was attributed and a form submission was created. duplicate (HTTP 200): this click was already converted, so nothing new was recorded. ignored (HTTP 200): the click token was missing, invalid, or expired, so no attribution was made.
recorded, duplicate, ignored Affiliate conversion id, when a new conversion was recorded; otherwise null.
Form submission id created from the conversion, when available; otherwise null.