Server-to-Server Callback Settings

WhiteMobi SDK support server-side events to notify you of rewards that must be granted to your users after successful offers completion events:

Note: You can also use client-side events to grant rewards to users after successful offers completion events.

Check our client-side notification setup documentation for more information.

In the Callback URL field, construct the callback for WhiteMobi to send you after a user performs an ad unit completion, for example:

http://www.mysite.com/mobi?appUserId=[USER_ID]&rewards=[REWARDS]&transactionId=[TRANSACTION_ID]&signature=[SIGNATURE]

The values in brackets are placeholders that are replaced by actual values when WhiteMobi sends you the callback.

There are several HTTP GET parameters we are adding to the callback URL whenever we notify you about the payout to a user:

[TRANSACTION_ID] String The unique transaction ID. Use this to check whether the transaction has already been processed in your system.
[USER_ID] String The unique identifier of the user to be rewarded. This is sent by the calling app when initializing the WhiteMobi SDK.
[REWARDS] Int The number of credit units to be awarded to the user.
[APP_KEY] String Your Application key from the WhiteMobi Dashboard.
[DEVICE_ID] String Unique ID of the user’s device.
[CURRENCY_NAME] String Virtual currency name set up in the WhiteMobi Dashboard.
[MODE] Int Your Application SDK mode set in the WhiteMobi Dashboard.
[PLATFORM] Int Operation System of the user’s devise. Possible values are: [1] for Android and [2] for iOS.
[SIGNATURE] String The request signature, which you should verify to ensure the request's authenticity. The signature is computed as a SHA1 hash of the request parameters: sha1([TRANSACTION_ID][USER_ID][REWARDS]$privateKey) The private key is a string known only by you and WhiteMobi. The private key is added for security as it makes the signature harder to reproduce.

WhiteMobi Response

WhiteMobi’s server will decide whether the callback request was successful based on the HTTP status code of your response:

  • Response: A successful callback needs to return a blank HTTP 200 status code. Please ensure that you only return a blank HTTP 200 status code if crediting the user was successful.
  • Unsuccessful callbacks: If an error occurs on your side, please do not send back the error message to us with an HTTP 200 status code. WhiteMobi’s system would interpret the callback as successful and show the user that he received his virtual currency. Instead, send an HTTP error code (4xx or 5xx) and WhiteMobi’s server will resend the request to the callback URL up to 5 times.
  • Duplicates: If you identify the callback request as a duplicate based on the TRANSACTION_ID, we recommend you to send a HTTP 200 status code response and ignore the request. Otherwise WhiteMobi’s server would try to resend the callback as indicated above.

Whitelisting WhiteMobi IPs

If your server has restrictive security settings and/or is protected by a firewall, you may have to unblock WhiteMobi’s servers’ IP addresse in order to receive callback requests. They are as follows:

IP Address
52.38.169.123

Sample Callback Code – PHP

The following PHP code sample demonstrates a typical callback handler.

<?php
/*
* Request: 
* http://www.mysite.com/mobi?appUserId=[USER_ID]&rewards=[REWARDS]&transactionId=[TRANSACTION_ID]&appKey=[APP_KEY]&deviceId=[DEVICE_ID]&currency=[CURRENCY_NAME]&mode=[MODE]&platform=[PLATFORM]&signature=[SIGNATURE]
*/

// get the variables
$userId = $_GET['appUserId'];
$rewards = $_GET['rewards'];
$transactionId = $_GET['transactionId'];
$deviceId = $_GET['deviceId'];
$currency = $_GET['currency'];
$mode = $_GET['mode'];
$platform = $_GET['platform'];
$signature = $_GET['signature'];
$privateKey = 'your_private_key';

// validate the call using the signature
if (sha1($transactionId . $userId . $rewards . $privateKey) != $signature) {
      header('HTTP/1.1 400 Bad Request', true, 400);
      die();
}

// Your code...