Getting started

In order to integrate the Rewarded Media experience, a signed URL must be generated that a user is sent to in order for them to view the promotion that a user will interact.

The minimum information that is required is:

User ID (string) - This is used for tracking purposes and will be sent back through the webhook so you can credit the correct user
Timestamp (integer) - A real-time signing timestamp
Signed Hash (string) - Used for server-side verification

Building the URL that the user will navigate to to get started

The base URL that the user will be sent to will be provided to you and looks like: https://beta.rewardedmedia.com/api/promo/PROMOTION_SLUG

This endpoint is a signed-link gateway. On each visit we verify mid, ts, and sig, bind the member ID to an httpOnly session cookie, and 302 the user to the promotion page. Invalid or expired signatures return 403.

const crypto = require('crypto');

const baseURL = 'https://beta.rewardedmedia.com/api/promo/PROMOTION_SLUG';
const memberId = 'abc123';
const sharedSecretKey = 'secretKeyThatShouldNotBeStoredInPlaintext';
const timestamp = Math.floor(Date.now() / 1000);
const data = `${memberId}~${sharedSecretKey}~${timestamp}`;

// HMAC-SHA256, keyed with the shared secret, lowercase hex output
const signedHash = crypto.createHmac('sha256', sharedSecretKey).update(data).digest('hex');

const redirectURL = `${baseURL}?mid=${memberId}&ts=${timestamp}&sig=${signedHash}`;

<?php
$baseURL = 'https://beta.rewardedmedia.com/api/promo/PROMOTION_SLUG';
$memberId = 'abc123';
$sharedSecretKey = 'secretKeyThatShouldNotBeStoredInPlaintext';
$timestamp = time();
$data = $memberId . '~' . $sharedSecretKey . '~' . $timestamp;
// HMAC-SHA256, keyed with the shared secret, lowercase hex output
$signedHash = hash_hmac('sha256', $data, $sharedSecretKey);

$redirectURL = $baseURL . '?mid=' . $memberId . '&ts=' . $timestamp . '&sig=' . $signedHash;
echo $redirectURL;
?>

import hmac
import hashlib
import time

base_url = 'https://beta.rewardedmedia.com/api/promo/PROMOTION_SLUG'
member_id = 'abc123'
shared_secret_key = 'secretKeyThatShouldNotBeStoredInPlaintext'
timestamp = int(time.time())

data = f"{member_id}~{shared_secret_key}~{timestamp}"
# HMAC-SHA256, keyed with the shared secret, lowercase hex output
signed_hash = hmac.new(shared_secret_key.encode(), data.encode(), hashlib.sha256).hexdigest()

redirect_url = f"{base_url}?mid={member_id}&ts={timestamp}&sig={signed_hash}"
print(redirect_url)

package main

import (
    "crypto/hmac"
    "crypto/sha256"
    "encoding/hex"
    "fmt"
    "strconv"
    "time"
)

func main() {
    baseURL := "https://beta.rewardedmedia.com/api/promo/PROMOTION_SLUG"
    memberId := "abc123"
    sharedSecretKey := "secretKeyThatShouldNotBeStoredInPlaintext"
    timestamp := time.Now().Unix()

    data := memberId + "~" + sharedSecretKey + "~" + strconv.FormatInt(timestamp, 10)
    // HMAC-SHA256, keyed with the shared secret, lowercase hex output
    mac := hmac.New(sha256.New, []byte(sharedSecretKey))
    mac.Write([]byte(data))
    signedHash := hex.EncodeToString(mac.Sum(nil))

    redirectURL := fmt.Sprintf("%s?mid=%s&ts=%d&sig=%s", baseURL, memberId, timestamp, signedHash)
    fmt.Println(redirectURL)
}

Receiving a ping when the user should be rewarded

Once the user has earned enough credits for a payout, we will pass over a link to your server through a server-side request.

The minimum information available will be:

User ID (string) - The unique identifier passed over during the initial request
Timestamp (integer) - A unix timestamp in seconds
Value Earned (integer) - The value in the denomination of currency set, e.g. 1 = $0.01
Signed Hash (string) - Used for server-side verification

For more details on how webhooks work, see the Webhooks documentation.

Signing The Request →