When a user completes an offer or survey, we send a postback. This is how we tell your server that one of your users has successfully completed an offer. You can then use the information to reward your users.
You can customize the postback link to include all the parameters you need to reward your users. To achieve this, you'll need to customize your postback URL with the desired parameters.
Our server will make a HTTP POST request to your server including all of the following parameters.
| Parameter |
Description |
Example |
subId
|
Unique user identifier, passed by publisher. |
revlum1 |
transId
|
Transaction ID. Use this to prevent double booking |
REV-351 |
offerName
|
Name of the completed offer. |
Revlum - Sign up and Earn |
reward
|
User reward in app currency. You can configure it in the currency settings. |
25.0 |
reward_name
|
The name of your in app currency. |
Coins |
payout
|
Complete payment in USD, paid to the publisher. |
0.100000 |
userIp
|
The user's IP address who completed the action. |
192.168.1.1 |
country
|
The country the user took the offer from as ISO2 Code. |
US |
status
|
Determines whether to add or subtract the amount of the reward. "1" is when the virtual currency should be added to the user and "2" when it should be subtracted. |
1 (valid) / 2 (chargeback) |
debug
|
Check if it’s a test or a live postback call. |
1 (test) / 0 (live) |
signature
|
MD5 hash that can be used to verify that the call has been made from our servers. |
17b4e2a70d6efe9796dd4c5507a9f9ab
|
"reward" and "payout" parameters are always absolute values, you will need to check status parameter to see if you need to add or subtract that amount from your users.
S2S Postback Security
In order to make postbacks safe, you should verify the signature received in the postback. This is an important feature for you to make sure that the postback, which you use as a base to reward your users, is coming from Revlum and is not fake. By checking the hash, you can be sure that the postback was actually sent by us and that it is legit.
Signature parameter should match MD5 of subId transactionId reward secret key. You can find your secret key in My Websites section.
The formula to be checked is as follows:
<?php
$secret = "";
$subId = isset($_REQUEST['subId']) ? $_REQUEST['subId'] : null;
$transId = isset($_REQUEST['transId']) ? $_REQUEST['transId'] : null;
$reward = isset($_REQUEST['reward']) ? $_REQUEST['reward'] : null;
$signature = isset($_REQUEST['signature']) ? $_REQUEST['signature'] : null;
if(md5($subId.$transId.$reward.$secret) != $signature)
{
echo "ERROR: Signature doesn't match";
return;
}
?>
Our servers wait for a response for a maximum time of 60 seconds before the timeout. In this case, postback will be marked as failed. Please, check if the transaction ID sent to you was already entered in your database, this will prevent to give twice the same amount of virtual currency to the user.
Whitelist our IP
We will be sending postbacks from any of the following IP addresses. Please make sure they are whitelisted if needed to be in your server.
209.159.156.198
Postback Response
Our servers will expect your website to respond with "ok". If your postback doesn't return "ok" as response, postback will be marked as failed (even if postback was successfully called) and you will be able to resend it manually from our website.