Get started
Authentication
Every REST request needs a bearer token. The key carries a set of scopes; read is included by default and covers most of what you'll want: campaigns, creators, videos, stats, leaderboards. The messages and referrals scopes are opt-in because they expose sensitive data (DM contents, customer attribution); only attach them when you actually need them.
http
Authorization: Bearer ugcb_live_your_api_key_here
readalways included- View campaigns, creators, videos, stats, and leaderboards
messagesopt-in- View direct message conversations and message history
referralsopt-in- Bind customers to referral codes and look up their attributed creator and discount
To rotate a key, create a new one first, switch your callers over, then delete the old key from the same Settings page. Deleting a key takes effect immediately. There's no grace period.
API keys are bearer credentials. Anyone who has the string can act as you. Never paste them into client-side code, public repos, or screenshots. If a key leaks, rotate it immediately from the API Keys page.