Links
⚙️

Postback

Experience a seamless journey towards setting up your own Postback as we walk you through each step, providing comprehensive guidance along the way.
Quick Info : When a user successfully completes an offer, we immediately trigger a call to the Postback URL you have provided in your placement. This call contains all the relevant information required to credit your users, serving as a real-time notification to your server.

Postback Parameters

PARAMETER
DESCRIPTION
EXAMPLE
[YOUR_USER_ID]
This is the unique identifier code of the user who completed action on your platform.
123GnL
[REWARD_VALUE]
The amount of your virtual currency to be credited to your user.
9000
[OFFER_NAME]
The Name of the offer completed.
Lords Mobile
[MULTI_EVENT]
Boolean: true for a multi-event offer, false otherwise.
false
[EVENT_NAME]
Name of the event action that got conversion
Lords Mobile Castle level 7
[EVENT_ID]
ID of the event action that got conversion
476ede1881042f072794e3cfb5c
[STATUS]
For determining the reward amount, completed status adds currency while rejected status subtracts it..
completed
[OFFER_ID]
ID of the offer as displayed on the AdBreak Media dashboard
5620
[USER_IP]
IP address of the user that completed the offer
139.144.178.218
[PAYOUT]
Amount in USD that you earned for this conversion
90.00
[TXID]
Unique ID of the conversion generated by AdBreak Media
1b6acc68414e699ebab37e0d5d2a17ab
[COUNTRY]
Country (ISO2 form) from the lead comes.
US
[HASH]
SHA256 hash that can be used to verify that the call has been made from our servers.
2cfbbd0297294396caf5c7db13bc36d5
[SUB1]
Extra Param that you passed though offerwall
Sa123s
[SUB2]
Extra Param that you passed though offerwall
Na70t
REWARD_VALUE and PAYOUT parameters are always absolute values, you will need to check status parameter to see if you need to add or subtract that amount from your users.
All values are URL encoded.

Examples

This is how we call your postback url :

Without Values

https://example.com/api/adbreakmedia?user=[YOUR_USER_ID]&reward=[REWARD_VALUE]&offerName=[OFFER_NAME]&offerId=[OFFER_ID]&ip=[USER_IP]&status=[STATUS]&transaction_id=[TXID]&country=[COUNTRY]&is_multi=[MULTI_EVENT]&ename=[EVENT_NAME]&eid=[EVENT_ID]&hash=[HASH]&sub1=[SUB1]&sub2=[SUB2]

With Values

Completed
Rejected
https://example.com/api/adbreakmedia?user=abc123&coins=999&offerName=Lords%20Mobile&offerId=5620&ip=139.144.178.218&status=completed&transaction_id=1b6acc68414e699ebab37e0d5d2a17ab&country=US&is_multi=true&ename=Lords%20Mobile%20Castle%20level%207&eid=476ede1881042f072794e3cfb5c&hash=0c4c8e302e7a074a8a1c2600cd1af07505843adb2c026ea822f46d3b5a98dd1f
https://example.com/api/adbreakmedia?user=abc123&coins=999&offerName=Lords%20Mobile&offerId=5620&ip=139.144.178.218&status=rejected&transaction_id=1b6acc68414e699ebab37e0d5d2a17ab&country=US&is_multi=true&ename=Lords%20Mobile%20Castle%20level%207&eid=476ede1881042f072794e3cfb5c&hash=0c4c8e302e7a074a8a1c2600cd1af07505843adb2c026ea822f46d3b5a98dd1f
Please note that only the status will be changed to "rejected" in the callback, while all other values will remain the same. If you are using the transaction ID as a unique parameter, please ensure that you take appropriate action considering that the transaction ID will remain the same in the rejected callback.
Note :
Our servers expect an HTTP Status Code 200 from your Postback URL. If this response is not received from your URL, we will attempt to resend the Postback up to 5 times. There is a 1 hour delay between each attempt. After 5th attempt, you will receive a Postback failure email from us. Please be aware that the message returned by your postback endpoint should not include error messages such as fail or error. Otherwise, it will be considered a postback failure.

Security

For enhanced security and to prevent tampering, please ensure that the postback URL used is exclusively designated for AdBreak Media. Additionally, consider whitelisting the server IP 139.144.178.218 for added protection.
You should also verify the hash received in the Postback to ensure that the call comes from our servers. Hash parameter should match SHA256 of :
[YOUR_USER_ID]+[OFFER_ID]+[TXID]+[PUBLISHER_SECRET_KEY]
To obtain your publisher secret key, please navigate to the dashboard settings/secret credentials section. Make sure to use this key for your postback verification purposes.
PHP
Node JS
Ruby
Python
<?php
function calculateSHA256Hash($data) {
return hash('sha256', $data);
}
$serverIPs = ["139.144.178.218"];
$serverIP = $_SERVER["HTTP_X_FORWARDED_FOR"] ?? $_SERVER["REMOTE_ADDR"] ?? "No Need";
if (!in_array($serverIP, $serverIPs)) {
http_response_code(400);
exit("Access Denied");
}
$user = $_GET['user'];
$offerId = $_GET['offerId'];
$txid = $_GET['txid'];
$received_hash = $_GET['hash'];
$secret = '4bd91dc2fd97f2d2ecad9425019c179ffd26c5a866e991192ea8c43bf79e0a63';
$calculated_hash = calculateSHA256Hash($user . $offerId . $txid . $secret);
if ($received_hash === $calculated_hash) {
// Your actions here
http_response_code(200);
echo "Approved";
} else {
http_response_code(400);
echo "Unauthorized";
}
?>
const http = require('http');
const crypto = require('crypto');
const ipRangeCheck = require('ip-range-check');
function calculateSHA256Hash(data) {
const hash = crypto.createHash('sha256');
hash.update(data);
return hash.digest('hex');
}
const server = http.createServer((req, res) => {
const serverIPs = ["139.144.178.218"];
let serverIP = req.headers["x-real-ip"] || req.headers["x-forwarded-for"] || "No Need";
if (!ipRangeCheck(serverIP, serverIPs)) {
res.writeHead(400);
res.end("Access Denied");
return;
}
const { hash, user, offerId, txid } = req.url.split('?')[1]
.split('&')
.reduce((acc, param) => {
const [key, value] = param.split('=');
acc[key] = value;
return acc;
}, {});
const secret = '4bd91dc2fd97f2d2ecad9425019c179ffd26c5a866e991192ea8c43bf79e0a63';
const generatedHash = calculateSHA256Hash(user + offerId + txid + secret);
if (hash === generatedHash) {
//your action here
res.writeHead(200);
res.end("Approved");
} else {
res.writeHead(400);
res.end("Unauthorized");
}
});
server.listen(3000, () => {
console.log('Server is running on port 3000');
});
require 'digest'
require 'sinatra'
require 'ipaddr'
def calculate_sha256_hash(data)
Digest::SHA256.hexdigest data
end
get '/endpoint' do
server_ips = ["139.144.178.218"]
server_ip = request.env["HTTP_X_FORWARDED_FOR"] || request.env["REMOTE_ADDR"] || "No Need"
unless server_ips.include? server_ip
status 400
return "Access Denied"
end
user = params['user']
offerId = params['offerId']
txid = params['txid']
received_hash = params['hash']
secret = '4bd91dc2fd97f2d2ecad9425019c179ffd26c5a866e991192ea8c43bf79e0a63'
calculated_hash = calculate_sha256_hash("#{user}#{offerId}#{txid}#{secret}")
if received_hash == calculated_hash
# your actions here
status 200
"Approved"
else
status 400
"Unauthorized"
end
end
from flask import Flask, request, abort
import hashlib
app = Flask(__name__)
def calculate_sha256_hash(data):
return hashlib.sha256(data.encode()).hexdigest()
@app.route('/endpoint', methods=['GET'])
def endpoint():
server_ips = ["139.144.178.218"]
server_ip = request.headers.get('X-Real-IP', request.remote_addr)
if server_ip not in server_ips:
abort(400, "Access Denied")
user = request.args.get('user')
offerId = request.args.get('offerId')
txid = request.args.get('txid')
received_hash = request.args.get('hash')
secret = '4bd91dc2fd97f2d2ecad9425019c179ffd26c5a866e991192ea8c43bf79e0a63'
calculated_hash = calculate_sha256_hash(user + offerId + txid + secret)
if received_hash == calculated_hash:
# Your actions here
return "Approved", 200
else:
abort(400, "Unauthorized")
if __name__ == '__main__':
app.run(debug=True)
If you encounter any difficulties while setting up the postback, please don't hesitate to reach out to us at [email protected]. Our team will be more than happy to assist you as soon as possible!