What is an S2S Postback?
A postback is a server-to-server notification that an affiliate program or advertiser sends to our tracker when an event occurs. This lets us see the complete funnel — from click to deposit — without manual CSV reconciliation or delays.
- Instant conversion delivery after each event.
- Accurate CPA, RevShare, and hybrid model calculation.
- Anti-fraud: postback verification against click logs and IPs.
- Automatic source optimisation by FTD and ROI.
clickid parameterWhere to Send Postbacks
Use HTTPS POST or HTTPS GET. We recommend POST for high volumes and GET for simple integrations using standard affiliate macros.
POST https://postbacks.rs-traffic.net/v1/event
Content-Type: application/json
X-RS-Source: partner_name
{
"clickid": "abc123def456",
"event": "ftd",
"status": "approved",
"amount": "50.00",
"currency": "USD",
"geo": "DE",
"sub_id_1": "fb_de_001",
"sub_id_2": "pwa",
"payment_method": "card",
"timestamp": 1717000000,
"sign": "hmac_sha256_hex"
}https://postbacks.rs-traffic.net/v1/event?clickid={clickid}&event=ftd&status=approved&amount={amount}¤cy={currency}&sign={sign}All requests must include a sign signature. Requests without a valid signature are rejected. Affiliate IPs are whitelisted.
Supported Events
User completed registration and confirmed their account.
User made their first deposit. The most critical event for the CPA model.
User topped up their account again. Used for RevShare and hybrid models.
User submitted contact details or confirmed their email/phone.
We record withdrawals for traffic quality scoring and anti-fraud purposes.
Deposit was rejected by the bank/payment provider or triggered a fraud alert.
Parameter Reference
| Parameter | Type | Required | Description |
|---|---|---|---|
| clickid | string | Yes | Unique click/visitor identifier that we pass in the tracking link. |
| event | string | Yes | Event type: registration, ftd, redeposit, lead, cashout, rejected. |
| status | string | Yes | Conversion status: approved, pending, rejected. |
| amount | decimal | per event | Deposit/payout amount. Send in minimal units or dollars — clarify with your manager. |
| currency | string | per event | Currency in ISO-4217 format (USD, EUR, USDT, etc.). |
| geo | string | No | Two-letter country code (DE, BR, KZ, etc.). |
| sub_id_1 | string | No | Additional parameter for funnel/creative tracking. |
| sub_id_2 | string | No | Second additional parameter. |
| payment_method | string | No | Payment method: card, crypto, ewallet, bank, sbp. |
| reason | string | No | Reason for conversion rejection. |
| timestamp | integer | No | UNIX timestamp of the event. If not provided, the time of receipt is used. |
| sign | string | Yes | HMAC-SHA256 signature of the request body. Requests without a valid signature are rejected. |
How to Generate the sign
The signature is built using HMAC-SHA256 over the request body or an alphabetically sorted parameter string. The secret key is issued after the agreement is signed.
# Python example
import hmac, hashlib, json
secret = "your_secret_key" # issued by RS Traffic manager
payload = {
"clickid": "abc123def456",
"event": "ftd",
"status": "approved",
"amount": "50.00",
"currency": "USD",
"timestamp": 1717000000
}
body = json.dumps(payload, sort_keys=True, separators=(',', ':'))
sign = hmac.new(secret.encode(), body.encode(), hashlib.sha256).hexdigest()
# sign is added to the payload or the X-RS-Sign headerHow to Set Up Postbacks
Sign the Agreement
After the brief and terms agreement, we issue your secret key and whitelist your IPs.
Configure the URL
In your affiliate dashboard, set the RS Traffic endpoint and required macros: clickid, amount, currency, geo.
Verify the Integration
Send a test postback. We will confirm receipt and show you how the event appears in the tracker.
Security & Anti-Fraud
We accept postbacks only with a valid signature and from whitelisted IPs. Each conversion is cross-checked against the click log: if the clickid is not found, the event is flagged for manual review. Each brand receives an individual secret and rate limiting rules.
- IP whitelist and origin verification
- HMAC-SHA256 for every request
- clickid cross-check against traffic log
- Rate-limiting and event deduplication
Need Help with Integration?
Our tech lead will help configure postbacks in your affiliate program, verify the signature, and audit the funnel. Integration typically takes 1–2 business days.