Pangeaforum

Postback notifications

Whenever a user completes an offer, we will make a call to the Postback URL that you indicated in your app attaching all the information that you will need to credit your users.

Our server will make a HTTP GET request to your server including all the following parameters.

Postback Parameters

PARAMETER DESCRIPTION
subId This is the unique identifier code of the user who completed action on your platform.
transId Unique identification code of the transaction made by your user on Pangeaforum.
reward The amount of your virtual currency to be credited to your user.
payout The offer payout in $
signature MD5 hash that can be used to verify that the call has been made from our servers.
status Determines whether to add or subtract the amount of the reward. "1" is when the virtual currency should be added to the user and "2" when it should be subtracted. This may be because the advertiser has canceled the user's transaction, either because he/she committed fraud or because it has been a mistake entering the data needed to complete the campaign
userIp The user's IP address who completed the action.
campaign_id Id of the offer completed
offer type short | surf | offer
country Country (ISO2 form) from the lead comes
uuid Unique identification code of the click made by your user on Pangeaforum

"reward" and "payout" parameters are always absolute values, you will need to check status parameter to see if you need to add or subtract that amount from your users.

Custom Postback Parameters

If you would like to receive custom parameter names in your postbacks, you can specify them in the postback URL like the following example,

http://postback.example.com/?custom={subId2}&nameOfCampaign={campaign_name}

You can use any of the parameters from the "Postbacks Parameters" table. You will need to put them between { }

Security

You should verify the signature received in the postback to ensure that the call comes from our servers. Signature parameter should match MD5 of SUBID TRANSACTIONID REWARD SECRET

You can find your secret in your app dashboard apps dashboard.

The formula to be checked is as follows:

<?php

                $secret = ""; // check your app info at https://www.adswedmedia.com
                
                $subId = isset($_GET['subId']) ? $_GET['subId'] : null;
                $transId = isset($_GET['transId']) ? $_GET['transId'] : null;
                $reward = isset($_GET['reward']) ? $_GET['reward'] : null;
                $signature = isset($_GET['signature']) ? $_GET['signature'] : null;
                
                // validate signature
                if(md5($subId.$transId.$reward.$secret) != $signature)
                {
                    echo "ERROR: Signature doesn't match";
                    return;
                }
                
                ?>

Responding to the Postback

Our server will expect the following answers:

  • "OK" when you receive a new transaction.
  • "DUP" when you receive a duplicate transaction. In this case, our server will stop further attempts for that transaction

Any other answer will cause that our server.

Our servers wait for a response for a maximum time of 60 seconds before the 'timeout'. In this case, it will be retried sending the same transaction up to 5 occasions during the following hours. Please, check if the transaction ID sent to you was already entered in your database. This will prevent to give twice the same amount of virtual currency to the user because of the timeout.

Postback Example

The following example is not a working one but should be enough to understand who you should implement your postback in your site/app.

<?php

                    $secret = ""; // check your app info at https://www.adswedmedia.com
                    $userId = isset($_GET['subId']) ? $_GET['subId'] : null;
                    $transactionId = isset($_GET['transId']) ? $_GET['transId'] : null;
                    $points = isset($_GET['reward']) ? $_GET['reward'] : null;
                    $signature = isset($_GET['signature']) ? $_GET['signature'] : null;
                    $action = isset($_GET['status']) ? $_GET['status'] : null;
                    $ipuser = isset($_GET['userIp']) ? $_GET['userIp'] : "0.0.0.0";
                    
                    // validate signature
                    if(md5($userId.$transactionId.$points.$secret) != $signature)
                    {
                        echo "ERROR: Signature doesn't match";
                        return;
                    }
                    
                    if($action == 2) // action = 1 CREDITED // action = 2 REVOKED
                    {
                        $points = -abs($points);
                    }
                    
                    if(isNewTransaction($transactionId)) // Check if the transaction is new
                    {
                        processTransaction($userId, $points, $transactionId);
                        echo "OK";
                    }
                    else
                    {
                        // If the transaction already exist please echo DUP.
                        echo "DUP";
                    }
                    
                    ?>