How Server-to-Server Callback Works

AppLovin’s servers make server-to-server rewarded callbacks to an external server that you define, to notify that server that a user of your app completed a rewarded ad and so qualifies for a reward. This provides another layer of protection against malicious users who attempt to gain extra rewards without finishing rewarded ads. Note that these server-to-server callbacks will not be sent for test ads, only live ads.

For details, see “MAX S2S Rewarded Callback API in this guide.

You can configure these callbacks by setting the value of Server Side Callback URL in the Ad Unit edit page for any of your rewarded ad units.

If you are not using MAX, you can specify the endpoint you want us to notify with that callback after the completion of a rewarded video for each app in the Manage Apps section.

AppLovin’s server-to-server callback has a slightly different implementation than other providers. Here are the important differences:

  1. The AppLovin server-to-server callback never goes through the user’s phone. After the SDK notifies AppLovin that the rewarded video has been fully watched and all other client side processes have been completed, the SDK notifies AppLovin’s server and that server then goes directly to the endpoint you specify. This means that the user can not hack the callback to fraudulently reward themselves so long as you use a unique endpoint in the Manage Apps section.
  2. You can specify which variables (like currency type/amount, user device IDs, etc.) you would like to receive in the server-to-server callback. See “Available Macros” for a complete list of these variables.
  3. You can check that these requests come from AppLovin by taking advantage of your Event Key. You can include {EVENT_ID} (a unique transaction ID) and {EVENT_KEY} as values in your callback. The value that will be replaced by the {EVENT_KEY} macro is calculated using a SHA1 hash of the Event ID and Event Key:

    sha1( The-Event-ID + Your-Event-Key )

    For example, if your event key is "uHXOnmfO2f3wd-syBwXxsj7m53qiJoI9VzXTvE8LOSnIWjS6zzxS8HgSIBJSbQWdS1czmgwXSWDaKwehtjyYl_" and the Event ID is "14a97273742c0c9e8864fe40193dad5506e930bc", the {EVENT_KEY} macro will populate with 3724081c17d32a66276ffff2a14b124a278934e9, which is calculated by sha1(14a97273742c0c9e8864fe40193dad5506e930bcuHXOnmfO2f3wd-syBwXxsj7m53qiJoI9VzXTvE8LOSnIWjS6zzxS8HgSIBJSbQWdS1czmgwXSWDaKwehtjyYl_)

    You can find your Event Key in the Rewarded Video section of any app in AppDiscovery > Monetization > Manage > Applications (the key is the same for your entire account). If you don’t have a key, please open a support ticket at our Developer Support portal to generate one.