🔑Postback

Whenever a user completes an offer, we'll make a call to the Postback URL that you indicated in your app attaching all the information that you will need to credit your users.

Our server will make an HTTP GET request to your server including all the following parameters:

Parameter	Description
subid	The unique identifier for the user who completed the offer.
transid	Unique identification code of the transaction made by your user on Medioot.
reward	The amount of the reward that the user earned for completing the offer.
payout	The offer payour in $
signature	MD5 hash that can be used to verify that the call has been made from our servers
status	Determines whether to add or subtract the amount of the reward. "1" is when the virtual currency should be added to the user and "2" when it should be subtracted. This may be because the advertiser has canceled the user's transaction, either because he/she committed fraud or because it has been a mistake entering the data needed to complete the campaign
userIp	The user's IP Address who completed the action.
userIp	The user's IP Address who completed the action.
campaign_id	Id of the offer completed
offer type	Offers/Surveys/PTC/Shortlink.
country	Country (ISO2 Form) from the lead comes
uuid	Unique identification code of the click made by your user on Medioot
​​offer_name	Name of the offer completed

"Rewards" and "Payout" parameters are always absolute values, you will need to check the "Status" parameter to see if you need to add or subtract that amount from your users

Custom Postback Parameters

If you would like to receive custom parameter names in your postbacks, you can specify them in the postback URL like the following example,

    
     https://postback.example.com/?custom={subId2}&nameOfCampaign={campaign_name}
    
  

You can use any of the parameters from the "Postbacks Parameters" table. You will need to put them between { }

Security

You should verify the signature received in the postback to ensure that the call comes from our servers. The signature parameter should match the MD5 of

    
    subid, transactionid, reward secret
    
  

You can find your secret in your app dashboard.The formula to be checked is as follows:

    
     <?php

                $secret = ""; // 
                
                $subId = isset($_GET['subId']) ? $_GET['subId'] : null;
                $transId = isset($_GET['transId']) ? $_GET['transId'] : null;
                $reward = isset($_GET['reward']) ? $_GET['reward'] : null;
                $signature = isset($_GET['signature']) ? $_GET['signature'] : null;
                
                // validate signature
                if(md5($subId.$transId.$reward.$secret) != $signature)
                {
                    echo "ERROR: Signature doesn't match";
                    return;
                }
                
                ? >
    
  

Postback Response

Our server will expect the following answers:

• -"OK" when you receive a new transaction

• -"DUP" when you receive a duplicate transaction. In this case, our server will stop further attempts for that transaction

Our servers wait for a response for a maximum of 60 seconds before the 'timeout'. In this case, it will be retried on up to five occasions during the following hours. Please check if the transaction ID sent to you was already entered in your database. This will prevent giving twice the same amount of virtual currency to the user because of the timeout.

Postback Example

The following example is not a working one but should be enough to understand how you should implement your postback in your website/app.

    
    <php

                    $secret = ""; // 
                    $userId = isset($_GET['subId']) ? $_GET['subId'] : null;
                    $transactionId = isset($_GET['transId']) ? $_GET['transId'] : null;
                    $points = isset($_GET['reward']) ? $_GET['reward'] : null;
                    $signature = isset($_GET['signature']) ? $_GET['signature'] : null;
                    $action = isset($_GET['status']) ? $_GET['status'] : null;
                    $ipuser = isset($_GET['userIp']) ? $_GET['userIp'] : "0.0.0.0";
                    
                    // validate signature
                    if(md5($userId.$transactionId.$points.$secret) != $signature)
                    {
                        echo "ERROR: Signature doesn't match";
                        return;
                    }
                    
                    if($action == 2) // action = 1 CREDITED // action = 2 REVOKED
                    {
                        $points = -abs($points);
                    }
                    
                    if(isNewTransaction($transactionId)) // Check if the transaction is new
                    {
                        processTransaction($userId, $points, $transactionId);
                        echo "OK";
                    }
                    else
                    {
                        // If the transaction already exist please echo DUP.
                        echo "DUP";
                    }
                    
                    ? >