Postback Notifications
Whenever a user completes an offer, AdJoyOffers will call the Postback URL configured in your app, attaching all the information required to credit your users.
1. How Postback Works
Our server will make an HTTP GET request to your server including the parameters below.
2. Postback Parameters
| Parameter | Description |
|---|---|
| subId | Unique identifier of the user who completed the action. |
| transId | Unique transaction ID generated by EliteWall. |
| reward | Amount of virtual currency to be credited. |
| payout | Payout value in USD. |
| signature | MD5 hash to verify the request origin. |
| status | “1” = credit; “2” = revoke/chargeback. |
| userIp | IP address of the user who completed the offer. |
| campaign_id | ID of the offer completed. |
| offer_type | Offer type (short | surf | offer). |
| country | Country (ISO2 code) where the lead originated. |
| uuid | Unique click ID of the user’s action. |
Note: reward and payout are absolute values. Use the status parameter to decide if you should credit or revoke.
3. Custom Parameters
You can receive custom parameter names in your postbacks by specifying them in your URL:
http://postback.example.com/?custom={subId2}&nameOfCampaign={campaign_name}Wrap parameter names in { } using any of the parameters from the table above.
4. Security
Verify the signature received to ensure the call originates from AdJoyOffers servers. The signature must match the MD5 of:
- SUBID
- TRANSACTIONID
- REWARD + SECRET
You can find your secret key in your app dashboard.
<?php
$secret = ""; // check your app info
$subId = $_GET['subId'] ?? null;
$transId = $_GET['transId'] ?? null;
$reward = $_GET['reward'] ?? null;
$signature = $_GET['signature'] ?? null;
// validate signature
if(md5($subId.$transId.$reward.$secret) != $signature) {
echo "ERROR: Signature doesn't match";
return;
}
?>5. Responding to Postback
Our server expects one of the following responses:
- OK → new transaction accepted.
- DUP → duplicate transaction, no further attempts will be made.
Any other response may cause retries (up to 5 attempts over several hours).
6. Full Example
<?php
$secret = ""; // check your app info
$userId = $_GET['subId'] ?? null;
$transactionId = $_GET['transId'] ?? null;
$points = $_GET['reward'] ?? null;
$signature = $_GET['signature'] ?? null;
$action = $_GET['status'] ?? null;
$ipuser = $_GET['userIp'] ?? "0.0.0.0";
// validate signature
if(md5($userId.$transactionId.$points.$secret) != $signature) {
echo "ERROR: Signature doesn't match";
return;
}
if($action == 2) { // 1 = CREDITED, 2 = REVOKED
$points = -abs($points);
}
if(isNewTransaction($transactionId)) {
processTransaction($userId, $points, $transactionId);
echo "OK";
} else {
echo "DUP";
}
?>7. Whitelisted IPs
Postbacks may come from any of the following IPs. Please whitelist them if required: