Referral Rock API

Reference »   Web Hooks »   Zapier » About Referral Rock »


The Referral Rock API provides programmatic access to the data within your account. Using the api, referral programs can be retrieved for internal use or integrating into other systems. You can also embed the sharing experience as well as access members, referrals, rewards, and all the major objects in your account. If you need help, please use our in-app chat or see our help documents.


All calls to Referral Rock's API require SSL. Ensure all requests are pointed to and not or your request will fail with a 404 error.

Rate Limiting

Referral Rock API requests are rate limited to prevent excessive requests. If you are hitting the rate limit or need your limit increased please reach out to Referral Rock's support team.


The Referral Rock API uses Basic Authentication using the credentials of your public and private API key. With each request made, you will need to include an Authorization header. Private API keys are only displayed one time in Referral Rock immediately after they are generated. When generating a new key, please be sure to copy the private key when it is first displayed as you won't be able to view them later.

Manage and generate API Keys:

Using your Referral Rock API Key

Manage and generate new API Keys directly from the API page

Basic apiPublicKey:apiPrivateKey

If your API Public Key was "abc123" and your API Private Key was "xyz456", this string would be:

Basic abc123:zyx456

Now we’ll need to Base64 Encode the apiPublicKey:apiPrivateKey portion of the string. Most programming languages have functionality to take care of this for you. If not, there are tools online like this one. Use our example API keys we’d end up with the following encoded string:

Basic YWJjMTIzOnp5eDQ1Ng==

Making Calls

The Reference page lists all available endpoints within the Referral Rock API, as well as documentation on usage and data.

Now let’s put this all together and make our first call. Using a tool like postman, here is what a call to the programs endpoint looks like.

GET /api/programs?offset=0&count=30 HTTP/1.1
Authorization: Basic Y29udGFjdEByZWZlcnJhbHJvY2suY29tOklMdXZSM2ZlcnJhbHoh