Getting started
In order to integrate the Rewarded Media experience, a signed URL must be generated that a user is sent to in order for them to view the promotion that a user will interact.
The minimum information that is required is:
- User ID (string) - This is used for tracking purposes and will be sent back through the webhook so you can credit the correct user
- Timestamp (integer) - A real-time signing timestamp
- Signed Hash (string) - Used for server-side verification
Building the signed URL
The base URL we provide for your promotion looks like:
https://rewardedmedia.com/api/promo/PROMOTION_SLUG
This endpoint is a signed-link gateway. On each visit we verify mid, ts, and sig, bind the member ID to an httpOnly session cookie, and 302 the user to the promotion page. Invalid or expired signatures return 403.
The full end-to-end signing flow — with runnable code in JavaScript, PHP, Python, Go, and Ruby, plus an interactive debugger — lives on the Signing The Request page. Three steps:
- 1. Gather your inputs — pick a
mid, generate a fresh Unix-secondsts, pull your shared secret server-side - 2. Sign the request — HMAC-SHA-256 keyed with the secret over
mid~secret~ts(not a plain hash) - 3. Compose & send — append
?mid=&ts=&sig=and redirect the user
Receiving a ping when the user should be rewarded
Once the user has earned enough credits for a payout, we will pass over a link to your server through a server-side request.
The minimum information available will be:
- User ID (string) - The unique identifier passed over during the initial request
- Timestamp (integer) - A unix timestamp in seconds
- Value Earned (integer) - The value in the denomination of currency set, e.g. 1 = $0.01
- Signed Hash (string) - Used for server-side verification
For more details on how webhooks work, see the Webhooks documentation.