Whitelisting The Persona.ly IP's
se one of the two following methods.MD5 Encrypted Signature
While defining a postback, when clicking on Advanced Settings, the first of the advanced parameters we support is an MD5 encrypted signature, under the parameter pub_signature.
The encryption generates a 128-bit hash comprised of the following parameters: user_id, publisher_hash, publisher_secret_key. The user_id parameter is dynamic of course, and publisher_hash and publisher_secret_key are available inside the postback settings window.
When entering your postback URL, make sure to include pub_signature inside your corresponding parameter.
- Past Versions: If you have been using the signature parameter so far, note that it is still supported.
Node.js Implementation Example
// Example of use
// Running via the node CLI from script directory
// HOSTNAME=127.0.0.1 PORT=3000 node persoly_postback.js
const crypto = require('crypto');
const http = require('http');
const url = require('url');
const hostname = process.env.HOSTNAME || '127.0.0.1';
const port = process.env.PORT || 3000;
const publisherHash = 'Your publisher hash';
const publisherSecretKey = 'Your publisher secret key';
// Persona.ly server IP addresses
const allowedIps = ['52.200.142.249', '159.203.84.146'];
const validatePostback = ({ remoteIp, userId, pubSignature }) => {
// Proceess only requests from Persona.ly IP addresses
// This is optional validation
if (allowedIps.indexOf(remoteIp) < 0) {
return false;
}
// Create validation pubSignature
const validSignature = crypto
.createHash('md5')
.update(`${userId}:${publisherHash}':'${publisherSecretKey}`)
.digest('hex');
if (pubSignature !== validSignature) {
// pubSignatures not equal - send error code
return false;
}
// Validation was successful
return true;
};
const processPostback = ({ remoteIp, userId, pubSignature, amount, placementId }) => {
const isValidPostback = validatePostback({ remoteIp, userId, pubSignature });
if (isValidPostback) {
// proccessing code goes here
}
return isValidPostback;
};
const server = http.createServer((request, response) => {
const { query } = url.parse(request.url, true);
const remoteIp = response.connection.remoteAddress;
// Get postback params
const { userId, pubSignature, amount, placementId } = query;
const processPostbackResult = processPostback({ remoteIp, userId, pubSignature, amount, placementId });
response.writeHead(200, { 'Content-Type': 'text/plain' });
response.end(processPostbackResult ? '1' : '0');
});
server.listen(port, hostname, () => {
console.log(`${new Date()}: Server running at http://${hostname}:${port}/`);
});
/*
Success requests examples:
- GET: localhost:3000/processPostback?placementId=123456&userId=userId123&pubSignature=4b13f5c094f6412df0fab77d1ceedcde
*/
/*
Fail requests examples:
- GET: localhost:3000/processPostback?placementId=123456&userId=userId123&pubSignature=23b17eeb474a7sdf053sdf25b6d36p7b
*/
PHP Implementation Example
<?phpg
$publisher_hash = 'Your publisher hash'; // You can find it in your postback setting
$publisher_secret_key = 'Your publisher secret key'; // You can find it in your postback setting
// Persona.ly server IP addresses
$allowed_ips = array(
'52.200.142.249',
'159.203.84.146',
);
// Process only requests from Persona.ly IP addresses
// This is optional validation
if (!in_array($_SERVER['REMOTE_ADDR'], $allowed_ips)) {
echo 0;
exit();
}
// Get params
$user_id = $_REQUEST['user_id'];
$amount = $_REQUEST['amount'];
$offer_id = $_REQUEST['offer_id'];
$placement_id = $_REQUEST['placement_id'];
$offer_name = $_REQUEST['offer_name'];
$pub_signature = $_REQUEST['pub_signature'];
// Create publisher validation signature. This validation is optional.
$publisher_validation_signature = md5($user_id . ':' . $publisher_hash . ':' . $publisher_secret_key);
if ($publisher_signature != $publisher_validation_signature) {
// Signatures not equal - send error code
echo 0;
exit();
}
// Validation was successful. Credit user process.
echo 1;
exit();
Whitelisting The Persona.ly IP’s
While defining a postback, click on Show List of IP’s, and update your backend to allow reporting only from those IP’s.