QuantumAPI

Partner API

The Partner API lets you programmatically manage referrals, track commissions, and automate payouts. Authenticate with your partner API key and integrate our partner services into your own systems.

Authentication

Partner API keys use the prefix mislata_pa_. Create one in the Partner Portal under Settings → API Keys. Pass it in the Authorization header:

Authorization header
Authorization: Bearer mislata_pa_your_api_key_here

Key endpoints

Referrals

GET /api/v1/partners/referrals
curl -H "Authorization: Bearer mislata_pa_..." \
  https://api.quantumapi.eu/api/v1/partners/referrals

# Response
{
  "data": [
    {
      "id": "ref_abc123",
      "tenantId": "tnt_xyz",
      "status": "active",
      "createdAt": "2026-01-15T10:30:00Z"
    }
  ],
  "total": 42
}

Commissions

GET /api/v1/partners/commissions
curl -H "Authorization: Bearer mislata_pa_..." \
  https://api.quantumapi.eu/api/v1/partners/commissions?period=2026-01

# Response
{
  "data": [
    {
      "referralId": "ref_abc123",
      "amount": 119.60,
      "currency": "EUR",
      "status": "calculated",
      "period": "2026-01"
    }
  ],
  "totalAmount": 1435.20
}

Referral codes

POST /api/v1/partners/codes
curl -X POST -H "Authorization: Bearer mislata_pa_..." \
  -H "Content-Type: application/json" \
  -d '{"label": "blog-campaign-feb"}' \
  https://api.quantumapi.eu/api/v1/partners/codes

# Response
{
  "code": "ref_blog_feb_7kx",
  "url": "https://quantumapi.eu/?ref=ref_blog_feb_7kx",
  "createdAt": "2026-02-01T09:00:00Z"
}

Webhooks

Configure webhook endpoints in your Partner Portal to receive real-time notifications. All payloads are signed with HMAC-SHA256 using your webhook secret.

Available events

referral.created

A new customer signed up via your link

referral.converted

Referred customer subscribed to a paid plan

commission.calculated

Monthly commission has been calculated

payout.completed

Payment has been sent to your account

Verifying webhook signatures (Node.js)
import { createHmac } from 'crypto'

function verifyWebhook(payload, signature, secret) {
  const expected = createHmac('sha256', secret)
    .update(payload)
    .digest('hex')
  return signature === `sha256=${expected}`
}

// In your webhook handler:
const isValid = verifyWebhook(
  req.body,
  req.headers['x-quantumapi-signature'],
  process.env.WEBHOOK_SECRET
)

Rate limits

Partner API endpoints are rate-limited to 100 requests per minute per API key. Webhook deliveries are retried 3 times with exponential backoff (1s, 10s, 60s).

qapi — QuantumAPI CLI Documentation