Webhooks — Fraud Flagged

event = fraud_flagged

Fraud Flagged

Fires when a member trips a block-severity fraud rule — or when an admin has permanently blocked the member's visitor record. Rewarded Media zeros out the payout on our side; this event is your signal to do the same on yours.

Server-side effect: for the transaction this event references, user_payout, org_gross, org_retention, and points_earned are all 0. The org balance is not credited and the ledger is not updated. Only gross_revenue and platform_cut retain their original values (the advertiser was billed via CPC either way).

When it fires

  • On any transaction where one or more active block-severity fraud rules evaluate true against the member.
  • On any transaction for a member whose visitor has been permanently blocked by an admin — regardless of whether any rule would trip.
  • Fires only to webhooks that have fraud_flagged selected in their Events subscription (dashboard → Webhooks → edit → Events).

Fraud rule definitions and block thresholds are configurable per-environment in the Rewarded Media admin panel. Warn-severity and flag-severity rule trips don't fire this event — they're recorded for manual review only.

What to do with it

  • Don't credit this transaction. The dollar fields are already zero in the payload — if you look at {{user_payout}} rather than applying your own formula, you'll get the right answer automatically.
  • Consider flagging the member in your system for review. The same user may continue attempting completions; every blocked one fires this event.
  • If you optimistically credited earlier transactions for this member based on your own signals, reconcile — use {{member_id}} to scope the lookup.

Example payload

With the default body template, the JSON we POST looks like this (note every money field is 0.0000 except gross_revenue and platform_cut): 

{
  "event":                  "fraud_flagged",
  "member_id":              "abc123",
  "user_payout":            "0.0000",
  "org_retention":          "0.0000",
  "org_gross":              "0.0000",
  "cumulative_user_payout": "0.2500",
  "platform_cut":           "0.0080",
  "gross_revenue":          "0.0080",
  "points_earned":          "0",
  "promotion_id":           "42",
  "promotion_slug":         "winter-promo",
  "transaction_id":         "1831",
  "completed_at":           "2026-04-21T16:12:33Z"
}

{{cumulative_user_payout}} reflects only non-blocked transactions the member accumulated before the block took effect — useful when deciding whether to reverse a prior reward on your side.

Handler sketch

// Pseudocode — verify signature, then scrub.
app.post('/webhooks/rewardedmedia', (req, res) => {
  if (!verifyHMAC(req.headers['x-signature'], req.rawBody, SECRET)) {
    return res.status(401).end();
  }

  const { event, member_id, transaction_id } = req.body;

  if (event === 'fraud_flagged') {
    markTransactionRejected(transaction_id);
    flagMemberForReview(member_id);
  }

  res.status(200).end();
});

Full macro reference

The complete list of macros, the default body format, signing, and delivery/retry behavior all live on the Webhooks overview page.

← Event: Reward Unlocked