Server-to-server callback event handlers

Read time 8 minutes

A commission event occurs after a user has completed an ad offer.

  • For Rewarded Video and Offerwall, this means that the user should be rewarded with virtual currency or items. ironSource calls the commission event callback (as defined in the Callback URL parameter in the application settings) with details about the reward.
  • For Rewarded Video and Offerwall, you must implement the commission event callback so that your code awards the correct amount to the correct user. For Interstitial, the event only informs you that the user has completed an offer (no reward is involved).

The following sections describe the syntax of the commission event callback, provide a code sample, and describe how to authenticate, manage, and test the event callback.

  • For Rewarded Video, a client-side event is also sent when a user completes an ad offer (sees a RewardedVideoDidReceiveCredit for iOS or onRVAdCredited for Android), in addition to the server-side commission event callback being called.
  • For OfferWall, the client-side event ssaOfferWallDidReceiveCredit (for iOS) or onOWAdCredited (for Android) is called. The recommended best practice is to use the server-side event to trigger the user reward, because the authenticity of the callback can be verified. Ensure that you do not reward the user twice for the same event when handling the ssaRewardedVideoDidReceiveCredit (iOS) or onRVAdCredited (Android).

Commission event callbacks
Commission event callbacks

The commission event callback is called when a user has completed an ad offer and should be rewarded with credit or virtual items. You are responsible for implementing the code to handle this event.

Parameters
Parameters

NameTypeDescription
[USER_ID]String

The unique identifier of the user to be rewarded. This is sent by the calling app when initializing the ironSource product. The URL-encoded form is passed (for example, "123%40abc.com" rather than "123@abc.com").

[REWARDS]IntThe number of credit units to be awarded to the user.
[EVENT_ID]StringA unique identifier of the callback event, generated by ironSource server, and composed of alphanumeric characters
[ITEM_NAME]StringThe name of the virtual item to be awarded (if the virtual item option is used).
TimestampStringA string representation of the exact date and time at which this callback was called, in the following format: YYYYMMDDHHMM (for example: "201001021455" stands for January 2, 2010 14:55).
signatureString

An MD5 hash string to be used for authentication (see Authenticating the Commission Event Callback). This key is generated based on the following formula: md5([TIMESTAMP][EVENT_ID][USER_ID] [REWARDS][PRIVATE_KEY]). The [USER_ID] element is the URL-decoded value of the userID (for example, "123@abc.com" rather than "123%40abc.com"). The [PRIVATE_KEY] element is the value you defined in the Private Key setting.

Response
Response

Your application must acknowledge receiving the commission event by sending an HTTP response with a status of 200 (OK), where the "\[EVENT\_ID\]:OK" string appears anywhere in the response.

<xml>
<status>dae8e6cf42b1357f8652ad6ecb5b24f1:OK</status>
</xml>

Sample commission event callback code - PHP
Sample commission event callback code - PHP

The following PHP code sample demonstrates a typical commission event callback handler. All you need to do after copying the code is to implement the **alreadyProcessed()**\ and **doProcessEvent()** functions and set the **\[YOUR\_PRIVATE\_KEY\]** string to the correct value.

// get the variables
$userId = $_GET['applicationUserId'];
$eventId = $_GET['eventId'];
$rewards = $_GET['rewards'];
$signature = $_GET['signature'];
$timestamp = $_GET['timestamp'];
$privateKey = ‘[YOUR_PRIVATE_KEY]';
// validate the call using the signature
if (md5($timestamp.$eventId.$userId.$rewards.$privateKey) != $signature)
{
   echo "Signature doesn't match parameters";
   return;
}
// check that we haven't processed the same event before
if (!alreadyProcessed($eventId)){
   // grant the rewards
   doProcessEvent($eventId, $userId, $rewards);
}
// return ok
echo $eventId.":OK";

Sample commission event callback code - Java
Sample commission event callback code - Java

The following Java code sample demonstrates a typical commission event callback handler. All you need to do after copying the code is to implement the **getPostParameter()** and **alreadyProcessed()**\ methods and set the **\[myPrivateKey\]** string to the correct value.

import java.security.*;
import java.math.BigInteger;
public class HelloWorld {
     public static void main(String []args) {
        
        validateSuperSonicCallback();
     }
     
    public static String getPostParameter(String param){
         // TODO : your app implementaion for get post parmas
        return "";
     }
	 
	  public static boolean alreadyProcessed(String eventId){
         // TODO 
        return true;
     }
     public static boolean validateSuperSonicCallback() {
         
         String applicationUserId = getPostParameter("applicationUserId");
         String eventId = getPostParameter("eventId");
         String signature = getPostParameter("signature");
         String userId = getPostParameter("userId");
         String rewards = getPostParameter("rewards");
         String timestamp = getPostParameter("timestamp");
         String privateKey = "myPrivateKey" ;// enter your private key
         String mySignature = "";
        try {
            String message = timestamp + eventId + userId + rewards +privateKey;
            MessageDigest md = MessageDigest.getInstance("MD5"); 
            md.update(message.getBytes());
            BigInteger hash = new BigInteger(1, md.digest());
            String result = hash.toString(16);
            while(result.length() < 32) {
                result = "0" + result;
            }
                        System.out.println(result); // Display the string.
        } catch (NoSuchAlgorithmException e){
        }
        if (mySignature!=signature){
	     return false;
	}else{
	     return !alreadyProcessed(eventId);
    }
     
  }
}

Authenticating the commission event callback
Authenticating the commission event callback

To protect your code from unauthorized access, the recommended best practice is to test the commission event callback signature and source to verify that the call was made by ironSource.

To authenticate the commission event callback you can perform the following actions:

  1. Generate the MD5 hash value from the call's parameters, according to this formula: md5(\[TIMESTAMP\]\[EVENT\_ID\]\[USER\_ID\] \[REWARDS\]\[PRIVATE\_KEY\]), and then verify that the result is identical to the signature parameter value.
  2. Verify that the call originates from one of the following IP addresses:
    • 79.125.5.179
    • 79.125.26.193
    • 79.125.117.130
    • 176.34.224.39
    • 176.34.224.41
    • 176.34.224.49
    • 34.194.180.125
    • 34.196.56.165
    • 34.196.251.81
    • 34.196.253.23
    • 54.88.253.218
    • 54.209.185.78