Skip to main content
Track when traffic from a partner’s affiliate link converts. Introw attributes every conversion to a signed, server-side click record, so attribution cannot be forged or double-counted. You report conversions with the Record an affiliate conversion endpoint — either server-to-server or directly from the browser with the affiliate.js snippet.

How attribution works

  1. A partner shares an Introw affiliate link (/r/{code}). Introw logs a server-side click and redirects the visitor to your site with an opaque irw_id query param.
  2. The affiliate.js snippet on your site reads irw_id, stores it in a first-party, last-click _introw_aff cookie (90-day window), and strips it from the URL.
  3. When the visitor converts (signup, purchase, …), you call the conversions endpoint with the cookie value as clickId.
  4. Introw verifies the signed click token, deduplicates, and creates a campaign form submission from the conversion payload.
Because every conversion is anchored to a real click and deduplicated, partners cannot inflate their numbers and you cannot accidentally double-count.

Forgiving responses

The browser snippet must never surface errors on your page, so the endpoint is intentionally lenient:
statusHTTPMeaning
recorded201A new conversion was attributed and a form submission created
duplicate200This click already converted — nothing new was recorded
ignored200The click token was missing, invalid, or expired

Choose an integration

Option A — Client-side (browser)

Add the snippet once in the <head> of every page. It stores the attribution cookie, auto-tracks HubSpot form submissions, and exposes window.introw.affiliate.track(...). The organisation publishable key is safe to expose and the same for every campaign — the visitor’s click cookie decides which campaign a conversion belongs to, so one snippet covers all your campaigns. Find your key on any campaign’s Install tab. 
<script async src="https://app.introw.io/affiliate.js" data-publishable-key="pk_aff_org_..."></script>
Call track when a visitor converts. You don’t need to pass a key — the snippet’s organisation key is used automatically, and the visitor’s click cookie decides which campaign the conversion belongs to: 
window.introw.affiliate.track({
  email: customer.email,
  properties: { plan: "pro" },
});
Each campaign also has its own publishable key (on its Install tab), but you rarely need it. Passing it scopes the call to that one campaign as a guard: if the visitor’s click belongs to a different campaign, the conversion is ignored rather than recorded. It does not relabel the conversion — the click cookie is always the source of truth for attribution. 
// Optional: only record if this visitor's click is for this specific campaign.
window.introw.affiliate.track({ publishableKey: "pk_aff_...", email: customer.email });
Browser conversions are accepted only from the campaign’s allowed origins (configure them on the campaign’s Install tab). Leave the allowlist empty to accept any origin.

HubSpot forms

Once the snippet is installed, HubSpot form submissions are tracked automatically — no embed-code changes and no track call. The snippet listens for both classic (hsFormCallback postMessage) and HubSpot Forms v4 (hs-form-event:*) submit events, reads the submitted email, and records the conversion against the visitor’s click cookie.

Option B — Server-to-server

Recommended when conversions happen on your backend. Use a secret API key with the affiliate:write scope and send the click id captured from the _introw_aff cookie: 
curl -X POST "https://api.introw.io/api/v1/affiliate/conversions" \
  -H "x-api-key: $INTROW_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "clickId": "<value of the _introw_aff cookie>",
    "email": "[email protected]",
    "properties": { "plan": "pro" }
  }'

Conversion properties

Send arbitrary metadata in properties (for example plan, deal value, or order id). Each key is mapped onto a campaign form field via the campaign’s field mapping; unmapped keys are stored alongside the submission.

Authentication

The server-to-server path uses a secret API key with the affiliate:write scope — see Authentication. The browser path authenticates with the campaign publishable key plus the Origin allowlist instead of a secret key.

API reference

Record an affiliate conversion

POST /api/v1/affiliate/conversions