Affinity — Authentication - Future Demand Developer Kit

Affinity uses a dedicated credential, separate from any other Future Demand service. Request it via support.future-demand.com.

Getting a credential

Open a ticket at support.future-demand.com requesting Affinity API access.
Specify the environment(s): staging and/or production.
Briefly describe the integration surface (homepage shelf, detail-page “you might also like”, email recommendations, etc.). This helps Future Demand provision the right scope.

You’ll receive a token bound to your partner and the requested environment.

Sending requests

Send the API key on every request. Affinity scopes requests via the key itself — no additional tenant header is required.

curl -s "https://fd-recommender.stg.future-demand.com/<endpoint>" \
  -H "X-API-Key: $AFFINITY_API_KEY"

The exact header name (X-API-Key, Authorization: Bearer ..., etc.) is set when your credential is provisioned — your account contact will confirm the convention for your token.

Token lifecycle

Confirm with your account contact:

Expiry — whether the token rotates on a schedule.
Refresh — whether there’s a refresh endpoint, or whether you request a new token via support each cycle.
Rotation — request a new credential ahead of expiry; both will be honoured during a grace window.

Error responses

Affinity is a FastAPI service and returns errors in the standard FastAPI shape:

Status	Meaning
`401`	Missing or invalid credential.
`403`	Authenticated but not authorised for this endpoint or partner scope.
`404`	Resource not found.
`422`	Validation error — see `detail[]` in the body.
`429`	Rate limit.
`5xx`	Server error — retry with backoff.

Validation error body:

{
  "detail": [
    {
      "loc":  ["body", "user_id"],
      "msg":  "field required",
      "type": "value_error.missing"
    }
  ]
}

Security checklist

Never ship the token to a browser

Call Affinity from your backend (server-rendered pages, API routes, edge functions). If you need to render recommendations in a SPA, proxy the call through your own backend so the token never leaves your origin.

One credential per environment

Don’t reuse staging tokens in production or vice versa. Future Demand issues distinct credentials per environment.

Rotate on staff turnover

Affinity credentials are bound to your partner, not individual users. If the human who requested it leaves, rotate via support.

Log only the request id, not the token

Make sure your request logs strip Authorization / X-API-Key headers. The x-request-id response header is what you want in support tickets.

Affinity — Quickstart Cookbook — Token Refresh

​Getting a credential

​Sending requests

​Token lifecycle

​Error responses

​Security checklist

Getting a credential

Sending requests

Token lifecycle

Error responses

Security checklist