URL Structure

API requests start with:

For example:


Authentication to the API is controlled using an access token. You may send your access token as a query param or HTTP header.

To send the token as a query param set the access_token value in the url.

To send as an HTTP header set the Authorization header.

Authorization: Bearer API-KEY

We recommend sending the token as an HTTP header for security reasons.

Your authentication access token can be found at

Making a request without an access token or with a bad access token will result in a 401 - bad or missing access token error. (The exception is the /sessions endpoint which is used to get a user's access token)

Your Application Name

You can set your application name by either setting the HTTP_APPLICATION_NAME HTTP header or setting an APPLICATION_NAME cookie.

Setting the application name will set the via property of every bonus created by that application to the application name.


ATOM Extension

Bonuses -

You can get a list of bonuses as an ATOM RSS Feed by adding the extension .atom to the normal bonuses 'Index' API call.

For example:

Once making a .atom RSS call, you can add the parameter navori=true to get an xml response with formating for Navori.


Calls to the Bonusly API generally return a JSON in the format of either:


  "success": true, 
  "result": {*results*}



  "success": false, 
  "message": "*message*"

Possible results (successes) and messages (errors) are listed for each endpoint.