The Partner Portal
Your sub-affiliates don’t use your dashboard. They log into a separate Partner
Portal at /affiliate-portal — a deliberately minimal, fully-branded space where
they see only their own masked stats and payouts.
📷 Replace with /screenshots/partner-portal.png — the affiliate’s earnings overview.
What an affiliate sees
| Page | Shows |
|---|---|
| Overview | Their conversions count, earned commission, clicks, CR, commission-tier progress, an earnings chart, and the next settlement date. |
| Conversions | Their recent conversions — masked (see below). |
| Payouts | Payout history and the next expected settlement. |
| Settings | Push-notification and payout-notification opt-ins. |
The portal is its own branded space (SYNAPTYX ::PARTNER) and is fully
internationalized.
How sign-in works
- Invited affiliates set a password via an accept link.
- They log in with email/pseudonym + password (protected by a Cloudflare Turnstile
captcha). The portal uses its own session cookie (
synaptyx_affiliate_session), completely separate from your operator session. - If an affiliate somehow lands on the main dashboard, they’re redirected back to the portal — and vice-versa.
What’s hidden — data masking
This is the important part. Sub-affiliates must never see your margins or sensitive details. Masking is enforced server-side, before any data leaves the backend:
| Hidden from affiliates | Why |
|---|---|
| Your offer revenue | They see their commission, never your gross. |
| Offer name & CPA network name | Protects your sources. |
| External transaction IDs & raw postback payloads | Sensitive operational data. |
| Raw user-agent / referrer | Privacy. |
| Precise IP | Truncated (IPv4 → /24, IPv6 → /64). |
Masking is guaranteed at the type level: the portal’s data structures literally
don’t include fields like revenue or offerName, so a future code change can’t
accidentally leak them. The portal’s API client is also restricted to portal-only
endpoints.