Linkolino / API documentation / Universal integration

Implementation documentation

Universal integration for any online store

Use this option when your store runs on a custom engine, a non-standard cart or your own checkout. The implementation has two parts: store the click identifier and send a server-side postback after an order.

Who should use the universal integration

Universal integration is the best option when the store has its own engine, custom cart, non-standard checkout or a technical team that can add a small amount of code on the store side.

No plugin required

Works through a script and postback API.

API key stays safe

The key remains on the store backend.

Universal

Can be implemented in any e-commerce stack.

How the process works

1

The affiliate generates a link

The link goes through Linkolino, for example `https://app.linkolino.pl/r/abc123`. After the click, we store it and redirect the customer to the store.

2

The store stores the identifier

Save `visitor_id` in a cookie, session or cart data. This identifier later lets you attribute the order to the click.

3

The customer places an order

Checkout works normally. Linkolino does not need to take part in payment processing or know card details.

4

The store backend sends a postback

After the order is placed or paid, the store backend sends `order_id`, `amount` and `visitor_id` to Linkolino.

5

Linkolino creates a conversion

The system checks the program, calculates commission according to its rules and shows the conversion in merchant and affiliate panels.

Store-side configuration

Minimal implementation has two parts. The browser snippet stores the identifier. The backend sends confirmed order data.

1. Script storing `visitor_id`

Paste the script globally in the store template or through Google Tag Manager. Do not put the API key in it.

Simple snippet example

<script>
  (function () {
    var params = new URLSearchParams(window.location.search);
    var visitorId = params.get("ll_visitor_id") || params.get("visitor_id");

    if (visitorId) {
      var expires = new Date();
      expires.setDate(expires.getDate() + 30);
      document.cookie =
        "linkolino_visitor_id=" + encodeURIComponent(visitorId) +
        "; expires=" + expires.toUTCString() +
        "; path=/; SameSite=Lax";
    }
  })();
</script>

2. Save the identifier with the order

At checkout, copy `linkolino_visitor_id` from the cookie to session, cart or order metadata. The backend then has access to it when sending the postback.

Postback from the store backend

A postback is a server-side request sent from the store backend to Linkolino. It is the recommended conversion registration method because it does not depend on the customer browser and does not expose the API key.

Endpoint and payload

POST https://app.linkolino.pl/api/postback/PROGRAM_ID
X-Api-Key: YOUR_API_KEY
Content-Type: application/json

{
  "order_id": "ORD-12345",
  "amount": "249.90",
  "currency": "PLN",
  "visitor_id": "VISITOR_ID_FROM_COOKIE_OR_SESSION",
  "customer_id": "optional-customer-id",
  "sub_id": "optional-campaign"
}

Required fields

Field Required Description
order_id yes Unique store order number.
amount yes Order value used to calculate commission.
visitor_id recommended Click identifier saved earlier in the store.
currency no Currency code, `PLN` by default.
customer_id no Internal customer identifier, if available.
sub_id no Optional campaign or source marker.

curl example

curl -X POST \
  -H "X-Api-Key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "order_id": "ORD-12345",
    "amount": "249.90",
    "currency": "PLN",
    "visitor_id": "VISITOR_ID"
  }' \
  "https://app.linkolino.pl/api/postback/PROGRAM_ID"

Success response

{
  "success": true,
  "conversion_id": "550e8400-e29b-41d4-a716-446655440000",
  "status": "pending"
}

Security and data correctness

Do not expose `api_key` in JavaScript

The API key should be used only on the store backend. The frontend script may store the identifier, but it should not create final conversions with a secret.

Use a unique `order_id`

This protects against double commission for the same order.

Send the postback after the right status

Most often this means paid or accepted order. Creating a cart alone should usually not generate commission.

Handle returns and cancellations

If the store supports cancelling or refunding orders, define the operational correction process in Linkolino.

How to test the integration

  1. 1. Create an affiliate program and copy `PROGRAM_ID` and API key from the Integrations panel.
  2. 2. Generate an affiliate link and click it in a new browser session.
  3. 3. Check whether the store saved `visitor_id` in a cookie, session or test order.
  4. 4. Place a test order.
  5. 5. Send a postback from the backend or manually with `curl` in a test environment.
  6. 6. If you rotate the API key, update the backend configuration immediately and rerun a test postback with the new key.
  7. 7. Check whether the conversion appeared in the merchant panel.

Frequently asked questions

Can this be implemented only by pasting a script?

Browser-side order detection is possible, but it is not recommended for final commission settlement. The script can help with attribution, while final conversion should come from the store backend.

Does Linkolino need customer personal data?

No. Basic operation needs `order_id`, amount and `visitor_id`. If you pass a customer identifier, use an internal ID or hash, not full personal data.

Does Linkolino handle the payment?

No in this flow. The store handles payment normally, and Linkolino receives order information after the fact.

When should the postback be sent?

After the status that business-wise means a commissionable sale: paid, accepted or fulfilled, depending on program rules.