⚙️Postback

Experience a seamless journey towards setting up your own Postback as we walk you through each step, providing comprehensive guidance along the way.

Quick Info : When a user successfully completes an offer, we immediately trigger a call to the Postback URL you have provided in your placement. This call contains all the relevant information required to credit your users, serving as a real-time notification to your server.

Postback Parameters

PARAMETER

DESCRIPTION

EXAMPLE

REWARD_VALUE and PAYOUT parameters are always absolute values, you will need to check status parameter to see if you need to add or subtract that amount from your users.

All values are URL encoded.

Examples

This is how we call your postback url :

Without Values

https://example.com/api/adbreakmedia?user=[YOUR_USER_ID]&reward=[REWARD_VALUE]&offerName=[OFFER_NAME]&offerId=[OFFER_ID]&ip=[USER_IP]&status=[STATUS]&transaction_id=[TXID]&country=[COUNTRY]&is_multi=[MULTI_EVENT]&ename=[EVENT_NAME]&eid=[EVENT_ID]&hash=[HASH]&sub1=[SUB1]&sub2=[SUB2]

With Values

https://example.com/api/adbreakmedia?user=abc123&coins=999&offerName=Lords%20Mobile&offerId=5620&ip=139.144.178.218&status=completed&transaction_id=1b6acc68414e699ebab37e0d5d2a17ab&country=US&is_multi=true&ename=Lords%20Mobile%20Castle%20level%207&eid=476ede1881042f072794e3cfb5c&hash=0c4c8e302e7a074a8a1c2600cd1af07505843adb2c026ea822f46d3b5a98dd1f

Note :

Our servers expect an HTTP Status Code 200 from your Postback URL. If this response is not received from your URL, we will attempt to resend the Postback up to 5 times. There is a 1 hour delay between each attempt. After 5th attempt, you will receive a Postback failure email from us. Please be aware that the message returned by your postback endpoint should not include error messages such as fail or error. Otherwise, it will be considered a postback failure.

Security

For enhanced security and to prevent tampering, please ensure that the postback URL used is exclusively designated for AdBreak Media. Additionally, consider whitelisting the server IP 139.144.178.218 for added protection.

You should also verify the hash received in the Postback to ensure that the call comes from our servers. Hash parameter should match SHA256 of :

[YOUR_USER_ID]+[OFFER_ID]+[TXID]+[PUBLISHER_SECRET_KEY]

To obtain your publisher secret key, please navigate to the dashboard settings/secret credentials section. Make sure to use this key for your postback verification purposes.

<?php
    function calculateSHA256Hash($data) {
        return hash('sha256', $data);
    }

    $serverIPs = ["139.144.178.218"];
    $serverIP = $_SERVER["HTTP_X_FORWARDED_FOR"] ?? $_SERVER["REMOTE_ADDR"] ?? "No Need";

    if (!in_array($serverIP, $serverIPs)) {
        http_response_code(400);
        exit("Access Denied");
    }

    $user = $_GET['user'];
    $offerId = $_GET['offerId'];
    $txid = $_GET['txid'];
    $received_hash = $_GET['hash'];

    $secret = '4bd91dc2fd97f2d2ecad9425019c179ffd26c5a866e991192ea8c43bf79e0a63';
    $calculated_hash = calculateSHA256Hash($user . $offerId . $txid . $secret);

    if ($received_hash === $calculated_hash) {
        // Your actions here
        http_response_code(200);
        echo "Approved";
    } else {
        http_response_code(400);
        echo "Unauthorized";
    }
?>

const http = require('http');
const crypto = require('crypto');
const ipRangeCheck = require('ip-range-check');

function calculateSHA256Hash(data) {
  const hash = crypto.createHash('sha256');
  hash.update(data);
  return hash.digest('hex');
}

const server = http.createServer((req, res) => {
  const serverIPs = ["139.144.178.218"];
  let serverIP = req.headers["x-real-ip"] || req.headers["x-forwarded-for"] || "No Need";

  if (!ipRangeCheck(serverIP, serverIPs)) {
    res.writeHead(400);
    res.end("Access Denied");
    return;
  }

  const { hash, user, offerId, txid } = req.url.split('?')[1]
    .split('&')
    .reduce((acc, param) => {
      const [key, value] = param.split('=');
      acc[key] = value;
      return acc;
    }, {});

  const secret = '4bd91dc2fd97f2d2ecad9425019c179ffd26c5a866e991192ea8c43bf79e0a63';
  const generatedHash = calculateSHA256Hash(user + offerId + txid + secret);

  if (hash === generatedHash) {
    //your action here
    
    res.writeHead(200);
    res.end("Approved");
  } else {
    res.writeHead(400);
    res.end("Unauthorized");
  }
});

server.listen(3000, () => {
  console.log('Server is running on port 3000');
});

require 'digest'
require 'sinatra'
require 'ipaddr'

def calculate_sha256_hash(data)
  Digest::SHA256.hexdigest data
end

get '/endpoint' do
  server_ips = ["139.144.178.218"]
  server_ip = request.env["HTTP_X_FORWARDED_FOR"] || request.env["REMOTE_ADDR"] || "No Need"

  unless server_ips.include? server_ip
    status 400
    return "Access Denied"
  end
  
  user = params['user']
  offerId = params['offerId']
  txid = params['txid']
  received_hash = params['hash']
  
  secret = '4bd91dc2fd97f2d2ecad9425019c179ffd26c5a866e991192ea8c43bf79e0a63'
  calculated_hash = calculate_sha256_hash("#{user}#{offerId}#{txid}#{secret}")

  if received_hash == calculated_hash
    # your actions here
    status 200
    "Approved"
  else
    status 400
    "Unauthorized"
  end
end

from flask import Flask, request, abort
import hashlib

app = Flask(__name__)

def calculate_sha256_hash(data):
    return hashlib.sha256(data.encode()).hexdigest()

@app.route('/endpoint', methods=['GET'])
def endpoint():
    server_ips = ["139.144.178.218"]
    server_ip = request.headers.get('X-Real-IP', request.remote_addr)
    
    if server_ip not in server_ips:
        abort(400, "Access Denied")

    user = request.args.get('user')
    offerId = request.args.get('offerId')
    txid = request.args.get('txid')
    received_hash = request.args.get('hash')

    secret = '4bd91dc2fd97f2d2ecad9425019c179ffd26c5a866e991192ea8c43bf79e0a63'
    calculated_hash = calculate_sha256_hash(user + offerId + txid + secret)

    if received_hash == calculated_hash:
        # Your actions here
        return "Approved", 200
    else:
        abort(400, "Unauthorized")

if __name__ == '__main__':
    app.run(debug=True)

If you encounter any difficulties while setting up the postback, please don't hesitate to reach out to us at publishers@adbreakmedia.com. Our team will be more than happy to assist you as soon as possible!

PreviousAccount Setup NextWeb Offerwall

Last updated 10 months ago