Signing Campaign Integration Code

1 Offer Walls & Offer Overlays

To sign an offer wall or offer overlay campaign’s integration code you must write a script that can build an HTTP query string comprised of:

  • a message parameter
  • an HMAC parameter
  • any custom parameters you wish to pass us

After building the query string, the script must also append it to a base URL.

1.1 Message Parameter

Create a parameter named message and build its value string using the following required components:

Name Sample Value Description
timestamp 1273550207 A UNIX time stamp that you must generate.
sid 100001037544727 A unique number that identifies your customer.

For example, let’s say you’re building the value string using these components:

  • timestamp=1273550207
  • sid=100001037544727

This gives you an un-encoded value string that looks like this:

timestamp=1273550207&sid=100001037544727

Generate an HMAC-MD5 hash (see “HMAC Parameter” below) of your un-encoded value string and then URL-encode the value string and pair it with the parameter. For example, URL-encoding the example value string above and pairing it with the message parameter gives you this name-value pair:

message=timestamp%3D1273550207%26sid%3D100001037544727

1.2 HMAC Parameter

Create a parameter named hmac and build its value by generating an HMAC-MD5 hash of the message parameter’s un-encoded value string using your scripting language’s HMAC-MD5 function and your notification key.

For example, if your notification key is abc123, generating an HMACMD5 hash of the un-encoded value string example above gives you this hash:

82f2ecc46b456cd3dffbc57273cf441f

Pair the value with the hmac parameter. For example:

hmac=a29394d8820370b8f0ce15ea5f0f88a1

1.3 Custom Parameters

You can pass us any custom parameters you wish by appending them to the end of the query-string, after the message and hmac parameters.

1.4 Base URL and Complete Query String

Finally, construct the complete URL by appending the message, hash, and custom parameters to your base URL. Your base URL is the src URL contained within your integration code, without the ?sid= portion.

For example, if your integration code looked like this…

<script type=“text/javascript” src=“http://www.trialpay.com/dispatch/767b134404968db74730ab78e83b9281?sid=”></script>

… your base URL would be:

http://www.trialpay.com/dispatch/767b134404968db74730ab78e83b9281

If you constructed the complete URL using the examples above and two custom parameters (server_id and flow), the new src URL would look like this:

http://www.trialpay.com/dispatch/767b134404968db74730ab78e83b9281?message=timestamp%3D1273550207%26sid%3D100001037544727&hmac=a29394d8820370b8f0ce15ea5f0f88a1&server_id=79&flow=newwindow

Finally, you would replace all of the original integration code’s src URL with the newly constructed one.

2 Direct Payment Campaigns

To sign a direct payment campaign integration code, you must write a script that can build an HTTP query string comprised of:

  • a message parameter
  • an HMAC parameter
  • any custom parameters you wish to pass us

After building the query string, the script must also append it to a base URL.

2.1 Message Parameter

Create a parameter named message and build it’s value string using the following required components:

Name Sample Value Description
currency USD A 3-letter currency code. It’s the currency the customer must pay with.
reward_amount 200 The amount of virtual currency that the customer will buy.
price 20 The price of the virtual currency amount.
payment_method credit_card How the customer will pay for the virtual currency. Do not edit this value.
interface quickpay The payment interface we show the customer. Do not edit this value.
auth_type sid How we will identify the customer. Do not edit this value.
timestamp 1273550207 A UNIX time stamp that you must generate.
sid 100001037544727 The SID number that identifies your customer.

For example, let’s say you’re building the value string using these components:

  • currency=USD
  • reward_amount=200
  • price=20
  • payment_method=credit_card
  • interface=quickpay
  • auth_type=sid
  • timestamp=1273550207
  • sid=100001037544727

This gives you an un-encoded value string that looks like this:

currency=USD&reward_amount=200&price=20&payment_method=credit_card&interface=quickpay&auth_type=sid&timestamp=1273550207&sid=100001037544727

Generate an HMAC-MD5 hash (see “HMAC Parameter” below) of your un-encoded value string and then URL-encode the value string and pair it with the parameter. For example, URL-encoding the example value string above and pairing it with the message parameter gives you this name-value pair:

message=currency%3DUSD%26reward_amount%3D200%26price%3D20%26payment_method%3Dcredit_card%26interface%3Dquickpay%26auth_type%3Dsid%26timestamp%3D1273550207%26sid%3D100001037544727

2.2 HMAC Parameter

Create a parameter named hmac and build its value by generating an HMAC-MD5 hash of the message parameter’s un-encoded value string using your scripting language’s HMAC-MD5 function and your notification key.

For example, if your notification key is abc123, generating an HMACMD5 hash of the un-encoded value string example above gives you this hash:

a29394d8820370b8f0ce15ea5f0f88a1

Pair the value with the hmac parameter. For example:

hmac=a29394d8820370b8f0ce15ea5f0f88a1

2.3 Custom Parameters

You can pass us any custom parameters you wish by appending them to the end of the query-string, after the message and hmac parameters.

2.4 Base URL and Complete Query String

Finally, construct the complete URL by appending the message, hash, and custom parameters to your base URL. To get your base URL, take your integration code’s src URL without its sid, message, and hmac parameters.

For example, if your integration code looked like this…

<iframe scrolling=‘no’ frameborder=‘0’ style=’width: 585px; height: 600px; background-color: white; border: 1px solid #EAEBEC;’ src=“https://www.trialpay.com/dispatch/33a7f59fa2019fb87705bd2153997194?c=94c7fd3&tid=RHyT0ddsid=&message=price%3D10%26currency%3DUSD%26reward_amount%3D100%26payment_method%3Dcredit_card%26interface%3Dquickpay%26auth_type%3Dsid&hmac=a642ba1eaae190ce61ecf8919b0d91cc”></iframe>

… your base URL would be:

https://www.trialpay.com/dispatch/33a7f59fa2019fb87705bd2153997194?c=94c7fd3&tid=RHyT0dd

If you were constructing the complete URL using the examples above and two custom parameters (server_id and flow), the new src URL would look like this:

https://www.trialpay.com/dispatch/33a7f59fa2019fb87705bd2153997194?c=94c7fd3&tid=RHyT0dd&message=currency%3DUSD%26reward_amount%3D200%26price%3D20%26payment_method%3Dcredit_card%26interface%3Dquickpay%26auth_type%3Dsid%26timestamp%3D1273550207%26sid%3D100001037544727&hmac=a29394d8820370b8f0ce15ea5f0f88a1&server_id=79&flow=creditcard_USD

Finally, you would replace all of the original integration code’s src URL with the newly constructed one.