Postback notifications

Whenever a user completes an offer, we will make a call to the Postback URL that you indicated in your app attaching all the information that you will need to credit your users.

Our server will make a HTTP GET request to your server including all the following parameters.

Postback Parameters

Parameter Description
subId This is the unique identifier code of the user who completed action on your platform.
transId Unique identification code of the transaction made by your user on Wannads.
If an offer is rejected a new transaction will be generated with a different transId.
reward The amount of your virtual currency to be credited to your user.
payout The offer payout in $
signature MD5 hash that can be used to verify that the call has been made from our servers.
status Determines whether to add or subtract the amount of the reward. "1" is when the virtual currency
should be added to the user and "2" when it should be subtracted. This may be because the
advertiser has canceled the user's transaction, either because he/she committed fraud or because
it has been a mistake entering the data needed to complete the campaign.
userIp The user's IP address who completed the action.
campaign_id Id of the offer completed.
campaign_name Name of the offer completed.
country Country (ISO2 form) from the lead comes.
uuid Unique identification code of the click made by your user on Wannads.
If you receive a negative transaction you can use this to match it with the original positive transaction, both transactions will have the same uuid.
subId2 Extra param available.

"reward" and "payout" parameters are always absolute values, you will need to check status parameter to see if you need to add or subtract that amount from your users.

Custom Postback Parameters

If you would like to receive custom parameter names in your postbacks, you can specify them in the postback URL like the following example,{subId2}&nameOfCampaign={campaign_name}

You can use any of the parameters from the "Postbacks Parameters" table. You will need to put them between { }


You should verify the signature received in the postback to ensure that the call comes from our servers.

Signature parameter should match MD5 of subId transactionId reward secret

You can find your secret in your app dashboard apps dashboard.

The formula to be checked is as follows:


$secret = ""; // check your app info at

$subId = isset($_GET['subId']) ? $_GET['subId'] : null;
$transId = isset($_GET['transId']) ? $_GET['transId'] : null;
$reward = isset($_GET['reward']) ? $_GET['reward'] : null;
$signature = isset($_GET['signature']) ? $_GET['signature'] : null;

// validate signature
if(md5($subId.$transId.$reward.$secret) != $signature)
    echo "ERROR: Signature doesn't match";


Responding to the Postback

Our server will expect the following answers:

  • "OK" when you receive a new transaction.
  • "DUP" when you receive a duplicate transaction. In this case, our server will stop further attempts for that transaction.

Any other answer will cause that our server.

Our servers wait for a response for a maximum time of 60 seconds before the 'timeout'. In this case, it will be retried sending the same transaction up to 5 occasions during the following hours. Please, check if the transaction ID sent to you was already entered in your database. This will prevent to give twice the same amount of virtual currency to the user because of the timeout.

Postback Example

The following example is not a working one but should be enough to understand who you should implement your postback in your site/app.


$secret = ""; // check your app info at
$userId = isset($_GET['subId']) ? $_GET['subId'] : null;
$transactionId = isset($_GET['transId']) ? $_GET['transId'] : null;
$points = isset($_GET['reward']) ? $_GET['reward'] : null;
$signature = isset($_GET['signature']) ? $_GET['signature'] : null;
$action = isset($_GET['status']) ? $_GET['status'] : null;
$ipuser = isset($_GET['userIp']) ? $_GET['userIp'] : "";

// validate signature
if(md5($userId.$transactionId.$points.$secret) != $signature)
    echo "ERROR: Signature doesn't match";

if($action == 2) // action = 1 CREDITED // action = 2 REVOKED
    $points = -abs($points);

if(isNewTransaction($transactionId)) // Check if the transaction is new
    processTransaction($userId, $points, $transactionId);
    echo "OK";
    // If the transaction already exist please echo DUP.
    echo "DUP";


IPs to whitelist

We will be sending the postbacks for any of the following IP addresses. Please make sure they are whitelisted if needed to be in your server.