Skip to main content

Set Up Server-to-Server (S2S) Payouts

To enable S2S payouts, set up an endpoint on your server to receive notifications about user rewards from Playback Direct. When a request is made to your endpoint, you then must manage the distribution of these rewards to the users.

Endpoint Structure

The key names can be customized, or you can use the default names. Please ensure that no special characters should be included in the values, otherwise our backend may transform the request, which could cause issues with the payout. Default GET / https://example.com/example?user_id={user_id}&pd_user={pd_user}&transaction_id={transaction_id}&virtual_currency={virtual_currency}&rev_usd={rev_usd}&secure_hash={secure_hash} Customized (Example) GET / https://example.com/example?user_id={user_id}&trans={transaction_id}&playback_id={pd_user}&gems={virtual_currency}&revenue={rev_usd}&app={app_name}&event={task_name}&secure_hash={secure_hash}

S2S Parameters

Example Response URL: https://example.com/example?user_id=f3069c9ef82c4579&trans=e8525f9b-3dd3-4319-bdda-c1e1f375f5bf&playback_id=cvLEJINc5hJzI4R9w0nA&gems=1200&revenue=120&app=MyAppName&event=CompleteTutorial&secure_hash=db951fdd56e3de10894c132108f25b54016a739db67ef3cc630dc56c8332cce5

S2S Security: IP Whitelisting

When we make payout request to publishers, we send an HTTP request from the following set of IPs.
To enhance security, use these IP addresses for IP-level blocking on endpoints receiving Playback’s S2S payout requests. Allow only these specific IPs access.

S2S Security: Secure Hash

A secure hash can be sent for you to verify the authenticity of these requests. This is an additional measure that is recommended to be used to prevent fraudulent requests. The secure_hash is generated as a SHA-256 hash of the required query parameters of the request along with the s2s_tokenand encoded into a hexadecimal string. The s2s_token is used as the secret key which your Playback Direct rep will provide to you.
Below is an example script that shows how to calculate the secure_hash from the URL query params. The resulting value can be compared against the secure_hash sent in the the URL. You would implement some version of this in your backend. Typescript

Retry Logic

If we receive a 4xx / 5xx from your endpoint, we have an established retry logic for the failed S2S requests. If a request fails, we retry after 10 minutes. A second failure prompts a retry in another 10 minutes. Subsequent failures lead to retries every 2 hours from the initial failed attempt. After 12 hours we stop retrying the request.
If you observe an extended period of unsuccessful requests, contact your Playback Direct rep for further investigation into the issue.
We also have alerts and logging placed on our side. If certain thresholds are met where consistenst retries are necessary, we may temporarily pause offers and follow up with you to resolve the underlying issues.

Testing Payouts

Follow these steps to verify the correct functioning of payouts:
  1. Install apps from within the Playback Direct implementation in your app.
  2. Engage in the offers and complete the tasks required to earn rewards.
  3. One a task has been completed. Verify the following:
    1. The completed task is reflected within the offer details page within Playback Direct
    2. Check to make sure you received a reward notification to your API endpoint.
    3. Make sure that your user’s currency balance was updated according to what was sent to the API endpoint within your app.
Your Playback Direct rep can help in testing and troubleshooting the integration as well.