# Postback {% hint style="info" %} **Quick Info :** \ When a user successfully completes an offer, we immediately trigger a call to the Postback URL you have provided in your placement. This call contains all the relevant information required to credit your users, serving as a real-time notification to your server. {% endhint %} ### Postback Parameters

PARAMETER	DESCRIPTION	EXAMPLE
[YOUR_USER_ID]	This is the unique identifier code of the user who completed action on your platform.	123GnL
[REWARD_VALUE]	The amount of your virtual currency to be credited to your user.	9000
[OFFER_NAME]	The Name of the offer completed.	Lords Mobile
[MULTI_EVENT]	Boolean: `true` for a multi-event offer, `false` otherwise.	false
[EVENT_NAME]	Name of the event action that got conversion	Lords Mobile Castle level 7
[EVENT_ID]	ID of the event action that got conversion	476ede1881042f072794e3cfb5c
[STATUS]	For determining the reward amount, `completed` status adds currency while `rejected` status subtracts it..	completed
[OFFER_ID]	ID of the offer as displayed on the AdBreak Media dashboard	5620
[USER_IP]	IP address of the user that completed the offer	139.144.178.218
[PAYOUT]	Amount in USD that you earned for this conversion	90.00
[TXID]	Unique ID of the conversion generated by AdBreak Media	1b6acc68414e699ebab37e0d5d2a17ab
[COUNTRY]	Country (ISO2 form) from the lead comes.	US
[HASH]	SHA256 hash that can be used to verify that the call has been made from our servers.	2cfbbd0297294396caf5c7db13bc36d5
[SUB1]	Extra Param that you passed though offerwall	Sa123s
[SUB2]	Extra Param that you passed though offerwall	Na70t

`REWARD_VALUE` and `PAYOUT` parameters are always absolute values, you will need to check status parameter to see if you need to add or subtract that amount from your users. All values are URL encoded. ### Examples This is how we call your postback url : #### Without Values ``` https://example.com/api/adbreakmedia?user=[YOUR_USER_ID]&reward=[REWARD_VALUE]&offerName=[OFFER_NAME]&offerId=[OFFER_ID]&ip=[USER_IP]&status=[STATUS]&transaction_id=[TXID]&country=[COUNTRY]&is_multi=[MULTI_EVENT]&ename=[EVENT_NAME]&eid=[EVENT_ID]&hash=[HASH]&sub1=[SUB1]&sub2=[SUB2] ``` #### With Values {% tabs %} {% tab title="Completed" %} {% hint style="success" %} {% endhint %} {% endtab %} {% tab title="Rejected" %} {% hint style="danger" %} {% endhint %} > Please note that only the status will be changed to "rejected" in the callback, while all other values will remain the same. If you are using the transaction ID as a unique parameter, please ensure that you take appropriate action considering that the transaction ID will remain the same in the rejected callback. > {% endtab %} > {% endtabs %} {% hint style="info" %} **Note :** Our servers expect an HTTP Status Code 200 from your Postback URL. If this response is not received from your URL, we will attempt to resend the Postback up to 5 times. There is a 1 hour delay between each attempt. After 5th attempt, you will receive a Postback failure email from us.\ \ Please be aware that the message returned by your postback endpoint should not include error messages such as `fail` or `error`. Otherwise, it will be considered a postback failure. {% endhint %} ### Security For enhanced security and to prevent tampering, please ensure that the postback URL used is exclusively designated for AdBreak Media. Additionally, consider whitelisting the server IP `139.144.178.218` for added protection. You should also verify the hash received in the Postback to ensure that the call comes from our servers. Hash parameter should match SHA256 of : ``` [YOUR_USER_ID]+[OFFER_ID]+[TXID]+[PUBLISHER_SECRET_KEY] ``` {% hint style="info" %} To obtain your publisher secret key, please navigate to the dashboard settings/secret credentials section. Make sure to use this key for your postback verification purposes. {% endhint %} {% tabs %} {% tab title="PHP" %} ```php ``` {% endtab %} {% tab title="Node JS" %} ```typescript const http = require('http'); const crypto = require('crypto'); const ipRangeCheck = require('ip-range-check'); function calculateSHA256Hash(data) { const hash = crypto.createHash('sha256'); hash.update(data); return hash.digest('hex'); } const server = http.createServer((req, res) => { const serverIPs = ["139.144.178.218"]; let serverIP = req.headers["x-real-ip"] || req.headers["x-forwarded-for"] || "No Need"; if (!ipRangeCheck(serverIP, serverIPs)) { res.writeHead(400); res.end("Access Denied"); return; } const { hash, user, offerId, txid } = req.url.split('?')[1] .split('&') .reduce((acc, param) => { const [key, value] = param.split('='); acc[key] = value; return acc; }, {}); const secret = '4bd91dc2fd97f2d2ecad9425019c179ffd26c5a866e991192ea8c43bf79e0a63'; const generatedHash = calculateSHA256Hash(user + offerId + txid + secret); if (hash === generatedHash) { //your action here res.writeHead(200); res.end("Approved"); } else { res.writeHead(400); res.end("Unauthorized"); } }); server.listen(3000, () => { console.log('Server is running on port 3000'); }); ``` {% endtab %} {% tab title="Ruby" %} ```ruby require 'digest' require 'sinatra' require 'ipaddr' def calculate_sha256_hash(data) Digest::SHA256.hexdigest data end get '/endpoint' do server_ips = ["139.144.178.218"] server_ip = request.env["HTTP_X_FORWARDED_FOR"] || request.env["REMOTE_ADDR"] || "No Need" unless server_ips.include? server_ip status 400 return "Access Denied" end user = params['user'] offerId = params['offerId'] txid = params['txid'] received_hash = params['hash'] secret = '4bd91dc2fd97f2d2ecad9425019c179ffd26c5a866e991192ea8c43bf79e0a63' calculated_hash = calculate_sha256_hash("#{user}#{offerId}#{txid}#{secret}") if received_hash == calculated_hash # your actions here status 200 "Approved" else status 400 "Unauthorized" end end ``` {% endtab %} {% tab title="Python" %} ```python from flask import Flask, request, abort import hashlib app = Flask(__name__) def calculate_sha256_hash(data): return hashlib.sha256(data.encode()).hexdigest() @app.route('/endpoint', methods=['GET']) def endpoint(): server_ips = ["139.144.178.218"] server_ip = request.headers.get('X-Real-IP', request.remote_addr) if server_ip not in server_ips: abort(400, "Access Denied") user = request.args.get('user') offerId = request.args.get('offerId') txid = request.args.get('txid') received_hash = request.args.get('hash') secret = '4bd91dc2fd97f2d2ecad9425019c179ffd26c5a866e991192ea8c43bf79e0a63' calculated_hash = calculate_sha256_hash(user + offerId + txid + secret) if received_hash == calculated_hash: # Your actions here return "Approved", 200 else: abort(400, "Unauthorized") if __name__ == '__main__': app.run(debug=True) ``` {% endtab %} {% endtabs %} > If you encounter any difficulties while setting up the postback, please don't hesitate to reach out to us at . Our team will be more than happy to assist you as soon as possible!