Skip to content

How Server-to-Server Callback Works

AppLovin’s servers can make server-to-server rewarded callbacks to an external server endpoint that you define. These callbacks notify you that a user of your app completed a rewarded ad and therefore that user qualifies for a reward. This protects against malicious users who attempt to gain rewards without finishing rewarded ads.

Note that these server-to-server callbacks are not sent for test ads, only live ads.

For details, see the MAX S2S Rewarded Callback API documentation.

You configure these callbacks by setting the value of Server Side Callback URL. For MAX-mediated rewarded ad units, you can do this in the Ad Unit edit page. If you do not use MAX, do this in the Manage Apps section.

AppLovin’s server-to-server callback has a slightly different implementation from some other providers you may be familiar with. Here are the important differences:

  • The AppLovin server-to-server callback never goes through the user’s device. After the SDK verifies that the rewarded video was fully watched, and after all other client-side processes have been completed, the SDK notifies AppLovin’s server. AppLovin’s server then makes a request to the endpoint you specify. Because the AppLovin server (not the user device) makes the request, the user cannot hack the callback to fraudulently reward themselves.

  • You can specify which variables you would like to receive in the server-to-server callback. These variables include currency type/amount, user device IDs, etc. See “Available Macros” for a complete list.

  • You can verify that these requests come from AppLovin by taking advantage of your Event Key. You can include {EVENT_ID} (a unique transaction ID) and {EVENT_KEY} as values in your callback. AppLovin replaces the {EVENT_KEY} macro with a value that it generates via an SHA1 hash of the Event ID and Event Key: sha1( «Event-ID» + «Event-Key» )

    For example, if your event key is "uHXOnmfO2f3wd-syBwXxsj7m53qiJoI9VzXTvE8LOSnIWjS6zzxS8HgSIBJSbQWdS1czmgwXSWDaKwehtjyYl_" and the Event ID is "14a97273742c0c9e8864fe40193dad5506e930bc", the {EVENT_KEY} macro will populate with 3724081c17d32a66276ffff2a14b124a278934e9, which is calculated by sha1(14a97273742c0c9e8864fe40193dad5506e930bcuHXOnmfO2f3wd-syBwXxsj7m53qiJoI9VzXTvE8LOSnIWjS6zzxS8HgSIBJSbQWdS1czmgwXSWDaKwehtjyYl_)

    To find your Event Key, visit AppDiscovery > Monetization > Manage > Applications. Then look for the key in the Rewarded Video section of any of your apps. The key is the same for all of the apps in your account. If you do not yet have a key, open a support ticket at the AppLovin Developer Support portal. AppLovin will generate one for you.