How AffilFinder works
A clear picture of publishers, the embed, geo decisions, offers, clicks, and billing — without implementation noise.
On this page
AffilFinder connects publishers who have geo-restricted audiences with advertisers who pay per click to reach those visitors. One embed, three public surfaces, money moves automatically.
The three roles
| Role | What they do |
|---|---|
| Publisher | Owns websites, defines where their product is legally available (geo rules), and embeds the AffilFinder script. |
| Advertiser | Funds a balance, creates CPC offers, and pays when eligible visitors click through to their landing pages. |
| AffilFinder | Matches offers to traffic, enforces geo and quality rules, tracks impressions and clicks, and moves money on your contract. |
You can be a publisher, an advertiser, or both inside one organization.
The three public surfaces
Dashboard
Where you configure websites, geo rules, offers, budgets, analytics, billing, and team access.
Widgets
Three embeds (geo-blocking, section, decline) plus an iframe fallback. One script tag per site.
Public API
REST endpoints the widgets speak: /v1/decision, /v1/offers, /v1/events/*, /v1/r redirects.
End-to-end flow (browser)
Visitor opens your page
The page loads your content plus the AffilFinder script from
cdn.affilfinder.com/widget.js(or the section / decline variant). The script is small and async — it never blocks first paint.Decision
The script issues a
GET /v1/decisioncall carrying your public key, website key, and the visitor's server-resolved country. The API decides — allowed or blocked — against the geo rule you set on the website.Allowed → pass through
If the visitor is on the allowed side, nothing else happens. Your site behaves exactly as it would without AffilFinder. The script does post a small
snippet-pingso the dashboard knows the widget is alive.Blocked → offers render
On the monetization path the widget calls
GET /v1/offersto get a ranked list of eligible sponsored offers for that country, then renders them in either a full-screen overlay (geo-blocking), an inline container (section), or triggered overlay (decline).Impression and click tracking
The widget posts impressions and, when visitors click, a click event plus a hop through
GET /v1/rso attribution lands before the advertiser's landing page.Money moves
The advertiser's balance is debited; your publisher earnings are credited. Payouts per your contract and the billing guide.
The soft-decline path (optional)
Some teams want to show alternative offers only after their own eligibility or risk checks fail — think failed KYC, declined deposit, or "we can't serve you here." For that flow you:
Enable decline in the dashboard
Websites → [Your site] → Site details → toggle Decline widget. This reveals your integration secret — a server-only credential. Never ship it to the browser.
Embed widget-decline.js and open a session
The script creates a
sessionIdand starts polling. Your backend captures the id (via theaffilfinder:decline-sessionDOM event orwindow.__AFFILFINDER_DECLINE_SESSION_ID, then posts it to your API).Trigger from your server
When your rules say "show offers now," call
POST /v1/widget-decline/triggerwithAuthorization: Bearer <integration_secret>and thesessionId. The next poll seesreadyand the overlay opens with the same offer UI as geo-blocking.
See Decline widget for the full server-side example.
The dashboard and the API
The public API lives at api.affilfinder.com — that's what the widget calls from every page view. The dashboard at app.affilfinder.com is where you configure websites, geo rules, offers, budgets, analytics, billing, and team access.
Configuration changes you make in the dashboard — new geo rules, a paused offer, updated budget — take effect immediately on the next decision call. No redeploy of the embed needed.
Security posture (the short version)
- Origin check on every API call. The browser's
Originmust match the domain registered on the website. Unknown origins get403. - Keys are scoped per website. If a key leaks, you rotate only that site — not your whole account.
- Integration secret stays server-side. It's the only credential that can arm a decline session.
- Rate limits on widget and event endpoints to keep noisy neighbors from impacting your analytics.
- Minimal client data. The widget attaches a first-party visitor/session id (so we can deduplicate real visitors), a coarse device bucket (mobile/tablet/desktop), and the page's country from IP. No URLs, referrers, UTMs, or user-agent beyond the standard HTTP header are stored with each event.
For the SOC 2 posture and subprocessor list, see the Trust center.
Funding and earnings (conceptual)
Advertisers top up via card (Stripe) or crypto (NowPayments), set a CPC and budgets per offer, and target countries that match their product. Publishers earn a share of every billable click — you see both sides in real time in Analytics and Billing.
Exact rates, holds, and payout schedules live in your agreement and in the in-product billing screens.
Where to go next
Quickstart
Two-minute install: add a website, paste the script, verify from a VPN.
Core concepts
Keys, decisions, impressions, clicks, CPCs, budgets — the vocabulary used everywhere else.
Widget integration reference
Every data-* attribute and widget behavior, cross-linked to the relevant API.
API reference
Public /v1/* endpoints with request/response shapes and curl examples.
Need more help?
Can't find what you're looking for? Our team responds within one business day.