For Web Callback, AppLixir uses Reward Management System (RMS) that ensures users receive rewards only after properly watching ads, prevents cheating with anti-scripting features, limits the number of rewards per user within a dynamic 24-hour period, and enforces a minimum time gap between video ad views to maintain fairness and profitability.
The AppLixir Reward Management System uses an HTTPS endpoint call to relay the reward events to your server. This setup requires:
- Enabling reward events
To enable reward events to be sent to the site server, add the following parameters to the options field while invoking invokeApplixirVideoUnit method.
Field | Description |
accountId | Account Id of the user as shown in the site panel in the Applixir Web application. Required. |
siteId | Site Id, specific to the site, shown in the Applixir Web Application. Required. |
userId | Unique user Id of the logged in user playing the site. Typically a GUID, required. |
custom | Any custom data to be sent to the backend server. The data should be sent in JSON format. Optional. |
For example, the following html code snippet shows the changes required for setting up RMS.
<body>
<button type="button" id="playButton">Watch Video</button> // Create a button to initiate the video loading
<script type="text/javascript" src="https://cdn.applixir.com/applixir.sdk3.0m.js"></script> // Applixir SDK
<div id="applixir_vanishing_div" hidden>
<iframe id="applixir_parent"></iframe>
</div>
<script type="application/javascript">
function adStatusCallback(status) { // Status Callback Method
console.log('Ad Status: ' + status);
}
var options = { // Video Ad Options
zoneId: 2050,
accountId: xxxx, // Required field for RMS
siteId: yyyy, // Required field for RMS
adStatusCb: adStatusCallback,
userId: currentUserID(), // UUID4 recommended
custom: currentUserReward(),
};
playBtn = document.getElementById("playButton");
playBtn.onclick = function () {
invokeApplixirVideoUnit(options); // Invoke Video ad
}
</script>
</body>
2. Configuring the RMS properties in the AppLixir application
Follow the steps listed below to do the settings:
- Go to the AppLixir application.
- Go to the Account Settings and click CALLBACKS.
3. Set the properties and click Save. The table below explains all the fields for the RMS endpoint.
Endpoint Testing: We recommend using Webhook.site for testing your endpoint calls. It only takes a couple of minutes to setup and you can easily see your data and correct any issues there. The endpoint URL format is the same as below except it will reference www.webhook.site/<your-unique-webhook-ID>
Endpoint URL Format: After successfully setting up the reward events, whenever the Applixir application receives an event, it is relayed to the site server. The endpoint is invoked with the parameters in the following format.
https://www.yourdomain.com/yourendpoint?account_id={ACCOUNT_ID}&site_id={SITE_ID}&user_id={USER_ID}&custom={CUSTOM}×tamp={CALLBACK_TIMESTAMP}&uniquetid={UNIQUETID}&checksum={CHECKSUM}
The values in { } will automatically be replaced by the server at run-time.
Note: Do NOT use the {UNIQUETID} parameter for “MD5 Only” mode and don’t use {UNIQUETID} or {CHECKSUM} parameters for “No MD5 or TID” mode.
Following table describes the fields in the RMS endpoint call.
Key points to note:
- It is recommended to use the ‘MD5 and TID’ as the RMS mode.
- When computing MD5 hash in the end-point code, concatenate all the parameters you are using along with the callback secret with no separators between the values as shown in the example below (the order is important):
md5(accountId+siteId+userId+custom+uniquetid+timestamp+callbackSecret);
When processing the parameters received at your endpoint:
Applixir RMS can detect many hacks used by scripters to obtain free rewards without generating ad revenue but there are additional things you can do to detect hacks at your endpoint as follows:
- Verify that the current timestamp is later than the previous timestamp received.
- Ensure that the TID is different from the previous TID received.
- Never use the endpoint secret in JavaScript or anywhere else it can be seen by hackers.
- Rate limiting and daily reward limits are applicable only when the callback mode is set to ‘MD5 and TID’ and a valid user ID is provided in the options passed to invokeApplixirVideoUnit.
- If you detect scripting fraud at your endpoint (e.g. duplicate TID or timestamp values) then return HTTP 418 and the ad system will not reward the user who is scripting to get free rewards.
Next Step: >> Adding Ads.txt File