The following example is not a working one but should be enough to understand how you should implement postback in your backend.
<?php
$secret = "";
$allowed_ips = array(209.159.156.198);
if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
{
$IP = $_SERVER['HTTP_X_FORWARDED_FOR'];
}
else
{
$IP = $_SERVER['REMOTE_ADDR'];
}
if(!in_array($IP, $allowed_ips))
{
echo "ERROR: Invalid source";
return;
}
$userId = isset($_REQUEST['subId']) ? $_REQUEST['subId'] : null;
$transId = isset($_REQUEST['transId']) ? $_REQUEST['transId'] : null;
$reward = isset($_REQUEST['reward']) ? $_REQUEST['reward'] : null;
$reward_name = isset($_REQUEST['reward_name']) ? $_REQUEST['reward_name'] : null;
$payout = isset($_REQUEST['payout']) ? $_REQUEST['payout'] : null;
$ipuser = isset($_REQUEST['userIp']) ? $_REQUEST['userIp'] : "0.0.0.0";
$country = isset($_REQUEST['country']) ? $_REQUEST['country'] : null;
$status = isset($_REQUEST['status']) ? $_REQUEST['status'] : null;
$debug = isset($_REQUEST['debug']) ? $_REQUEST['debug'] : null;
$signature = isset($_REQUEST['signature']) ? $_REQUEST['signature'] : null;
if(md5($userId.$transId.$reward.$secret) != $signature)
{
echo "ERROR: Signature doesn't match";
return;
}
if($status == 2)
{
$reward = -abs($reward);
}
if(isNewTransaction($transId))
{
processTransaction($userId, $reward, $transId);
}
else
{
}
echo "ok";
?>
String secret = "";
String[] allowedIps = new String[]{"209.159.156.198"};
String IP;
if (System.getProperty("http.xForwardedFor") != null) {
IP = System.getProperty("http.xForwardedFor");
} else {
IP = System.getProperty("remoteAddr");
}
if (!Arrays.asList(allowedIps).contains(IP)) {
System.out.println("ERROR: Invalid source");
return;
}
String userId = System.getProperty("subId", null);
String transId = System.getProperty("transId", null);
String reward = System.getProperty("reward", null);
String rewardName = System.getProperty("reward_name", null);
String payout = System.getProperty("payout", null);
String ipuser = System.getProperty("userIp", "0.0.0.0");
String country = System.getProperty("country", null);
String status = System.getProperty("status", null);
String debug = System.getProperty("debug", null);
String signature = System.getProperty("signature", null);
MessageDigest messageDigest = MessageDigest.getInstance("MD5");
byte[] bytes = (userId + transId + reward + secret).getBytes();
byte[] signatureBytes = messageDigest.digest(bytes);
String calculatedSignature = DatatypeConverter.printHexBinary(signatureBytes).toLowerCase();
if (!calculatedSignature.equals(signature)) {
System.out.println("ERROR: Signature doesn't match");
return;
}
if (status.equals("2")) {
reward = String.valueOf(-Math.abs(Integer.parseInt(reward)));
}
if (isNewTransaction(transId)) {
processTransaction(userId, reward, transId);
} else {
// This transaction already exists
}
System.out.println("ok");
let secret = ""; // Get your secret key from Revlum
// Proceess only requests from Revlum IP addresses
let allowedIps = [209.159.156.198];
let IP = "0.0.0.0";
if (typeof req.headers['x-forwarded-for'] !== 'undefined') {
IP = req.headers['x-forwarded-for'];
} else {
IP = req.connection.remoteAddress;
}
if (!allowedIps.includes(IP)) {
console.error("ERROR: Invalid source");
return;
}
// Get postback variables
let userId = req.query.subId || null;
let transId = req.query.transId || null;
let reward = req.query.reward || null;
let rewardName = req.query.reward_name || null;
let payout = req.query.payout || null;
let userIp = req.query.userIp || "0.0.0.0";
let country = req.query.country || null;
let status = req.query.status || null;
let debug = req.query.debug || null;
let signature = req.query.signature || null;
// Validate signature
if (md5(userId + transId + reward + secret) !== signature) {
console.error("ERROR: Signature doesn't match");
return;
}
// Add or substract the reward
if (status === 2) {
// 2 = Chargeback, substract reward from user
reward = -Math.abs(reward);
}
// Check if the transaction is new, use transId to valiate it
if (isNewTransaction(transId)) {
// Transaction is new, reward your user
processTransaction(userId, reward, transId);
} else {
// This transaction already exists
}
console.log("ok"); // Important!
const crypto = require('crypto');
const querystring = require('querystring');
const secret = ""; // Get your secret key from Revlum
const allowedIps = [
'209.159.156.198'
];
const IP = (req.headers['x-forwarded-for'] || req.connection.remoteAddress).split(',')[0];
if (!allowedIps.includes(IP)) {
res.status(401).send('ERROR: Invalid source');
return;
}
const postback = querystring.parse(req.body);
const { subId, transId, reward, reward_name, payout, userIp, country, status, debug, signature } = postback;
const signatureVerify = crypto.createHash('md5').update(`${subId}${transId}${reward}${secret}`, 'utf-8').digest('hex');
if (signatureVerify !== signature) {
res.status(401).send('ERROR: Signature doesn\'t match');
return;
}
const processedReward = status === '2' ? -Math.abs(reward) : reward;
if (isNewTransaction(transId)) {
processTransaction(subId, processedReward, transId);
} else {
// This transaction already exist
}
res.send('ok');
secret = "" # Get your secret key from Revlum
# Proceess only requests from Revlum IP addresses
allowed_ips = [209.159.156.198]
IP = (request.env["HTTP_X_FORWARDED_FOR"] || request.remote_ip)
unless allowed_ips.include?(IP)
return "ERROR: Invalid source"
end
# Get postback variables
user_id = params[:subId] || nil
trans_id = params[:transId] || nil
reward = params[:reward] || nil
reward_name = params[:reward_name] || nil
payout = params[:payout] || nil
ipuser = params[:userIp] || "0.0.0.0"
country = params[:country] || nil
status = params[:status] || nil
debug = params[:debug] || nil
signature = params[:signature] || nil
# Validate signature
unless Digest::MD5.hexdigest("#{user_id}#{trans_id}#{reward}#{secret}") == signature
return "ERROR: Signature doesn't match"
end
# Add or substract the reward
if status == 2
# 2 = Chargeback, substract reward from user
reward = -reward.abs
end
# Check if the transaction is new, use trans_id to valiate it
if is_new_transaction(trans_id)
# Transaction is new, reward your user
process_transaction(user_id, reward, trans_id)
else
# This transaction already exists
end
"ok" # Important!
using System;
using System.Linq;
using System.Web;
using System.Net;
using System.Security.Cryptography;
namespace RevlumPostbackExample
{
class Program
{
private static string secret = "";
private static string[] allowedIps = new string[] { "209.159.156.198" };
static void Main(string[] args)
{
string IP = HttpContext.Current.Request.ServerVariables["HTTP_X_FORWARDED_FOR"] ?? HttpContext.Current.Request.ServerVariables["REMOTE_ADDR"];
if (!allowedIps.Contains(IP))
{
Console.WriteLine("ERROR: Invalid source");
return;
}
string userId = HttpContext.Current.Request["subId"];
string transId = HttpContext.Current.Request["transId"];
string reward = HttpContext.Current.Request["reward"];
string rewardName = HttpContext.Current.Request["reward_name"];
string payout = HttpContext.Current.Request["payout"];
string ipUser = HttpContext.Current.Request["userIp"] ?? "0.0.0.0";
string country = HttpContext.Current.Request["country"];
string status = HttpContext.Current.Request["status"];
string debug = HttpContext.Current.Request["debug"];
string signature = HttpContext.Current.Request["signature"];
using (var md5 = MD5.Create())
{
var hash = md5.ComputeHash(System.Text.Encoding.ASCII.GetBytes(userId + transId + reward + secret));
var hashStr = BitConverter.ToString(hash).Replace("-", "").ToLower();
if (hashStr != signature)
{
Console.WriteLine("ERROR: Signature doesn't match");
return;
}
}
int rewardNum = int.Parse(reward);
if (status == "2")
{
rewardNum = -Math.Abs(rewardNum);
}
if (IsNewTransaction(transId))
{
ProcessTransaction(userId, rewardNum, transId);
}
else
{
Console.WriteLine("This transaction already exists");
}
Console.WriteLine("ok");
}
private static bool IsNewTransaction(string transId)
{
// implementation here
return true;
}
private static void ProcessTransaction(string userId, int reward, string transId)
{
// implementation here
}
}
}
import os
import hashlib
secret = "" # Get your secret key from Revlum
allowed_ips = [209.159.156.198]
IP = os.environ.get('HTTP_X_FORWARDED_FOR', os.environ['REMOTE_ADDR'])
if IP not in allowed_ips:
print("ERROR: Invalid source")
return
userId = os.environ.get('subId', None)
transId = os.environ.get('transId', None)
reward = os.environ.get('reward', None)
reward_name = os.environ.get('reward_name', None)
payout = os.environ.get('payout', None)
ipuser = os.environ.get('userIp', "0.0.0.0")
country = os.environ.get('country', None)
status = os.environ.get('status', None)
debug = os.environ.get('debug', None)
signature = os.environ.get('signature', None)
valid_signature = hashlib.md5((userId + transId + reward + secret).encode()).hexdigest()
if valid_signature != signature:
print("ERROR: Signature doesn't match")
return
if status == 2:
reward = -abs(reward)
if isNewTransaction(transId):
processTransaction(userId, reward, transId)
else:
pass
print("ok")