Use the REST API to add new participants, trigger referrals, get campaign data, and get participant data from a secure environment.

Getting started

Note: The REST API is only available to users on a GrowSurf paid plan.

Step 1: Get your API key

  1. 1.
    Go to your GrowSurf Account page
  2. 2.
    Generate a new API key (if you don't already have one) or click on your existing API key to copy it to your clipboard
Your API key holds many privileges, so be sure to keep it secure! Do not share your API key in publicly accessible areas such as GitHub, Bitbucket, Web Browsers, and Front End client code.
Do not use the RESTful API in browser applications. Exposing your secret API key within front end code exposes it to security risks. Anybody with a bit of programming knowledge could potentially hijack your API key and begin making requests on your behalf.

Step 2: Set up authentication

The GrowSurf REST API uses your API key to authenticate requests. Here's how to set up authentication:
  1. 1.
    Set a plain text header named Authorization with the contents being Bearer <YOUR_API_ACCESS_KEY> where <YOUR_API_ACCESS_KEY> is your API key.

Example Authenticated Request

curl -X "GET" "" -H "Authorization: Bearer TWZ4X4NXESMX03MT66HHS6Z9Z91E"
OkHttpClient client = new OkHttpClient();
Request request = new Request.Builder()
.addHeader("Authorization", "Bearer TWZ4X4NXESMX03MT66HHS6Z9Z91E")
Response response = client.newCall(request).execute();
const request = require("request");
const options = {
method: 'GET',
url: '',
headers: {
Authorization: 'Bearer TWZ4X4NXESMX03MT66HHS6Z9Z91E'
request(options, function (error, response, body) {
if (error) throw new Error(error);
import requests
url = ""
headers = {
'Authorization': "Bearer TWZ4X4NXESMX03MT66HHS6Z9Z91E"
response = requests.request("GET", url, headers=headers)
$request = new HttpRequest();
'Authorization' => 'Bearer TWZ4X4NXESMX03MT66HHS6Z9Z91E'
try {
$response = $request->send();
echo $response->getBody();
} catch (HttpException $ex) {
echo $ex;
package main
import (
func main() {
url := ""
req, _ := http.NewRequest("GET", url, nil)
req.Header.Add("Authorization", "Bearer TWZ4X4NXESMX03MT66HHS6Z9Z91E")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := ioutil.ReadAll(res.Body)

Base URL

All endpoints for the GrowSurf REST API start with the same base URL:

Next steps

Run in Postman