S2S Tracking

Postbacks for Affiliates

Send conversions directly to our server. We track registrations, FTDs, re-deposits, and withdrawals — and optimise traffic in real time.

How it works

What is an S2S Postback?

A postback is a server-to-server notification that an affiliate program or advertiser sends to our tracker when an event occurs. This lets us see the complete funnel — from click to deposit — without manual CSV reconciliation or delays.

  • Instant conversion delivery after each event.
  • Accurate CPA, RevShare, and hybrid model calculation.
  • Anti-fraud: postback verification against click logs and IPs.
  • Automatic source optimisation by FTD and ROI.
Exchange Flow
1RS Traffic generates a link with a clickid parameter
2User follows the link and registers
3The affiliate program records the event and calls our postback
4We receive the data and update statistics in the tracker
Endpoint

Where to Send Postbacks

Use HTTPS POST or HTTPS GET. We recommend POST for high volumes and GET for simple integrations using standard affiliate macros.

POST endpoint
POST https://postbacks.rs-traffic.net/v1/event
Content-Type: application/json
X-RS-Source: partner_name

{
  "clickid": "abc123def456",
  "event": "ftd",
  "status": "approved",
  "amount": "50.00",
  "currency": "USD",
  "geo": "DE",
  "sub_id_1": "fb_de_001",
  "sub_id_2": "pwa",
  "payment_method": "card",
  "timestamp": 1717000000,
  "sign": "hmac_sha256_hex"
}
GET endpoint
https://postbacks.rs-traffic.net/v1/event?clickid={clickid}&event=ftd&status=approved&amount={amount}&currency={currency}&sign={sign}
Security

All requests must include a sign signature. Requests without a valid signature are rejected. Affiliate IPs are whitelisted.

Events

Supported Events

registration
Registration

User completed registration and confirmed their account.

Required:
clickideventstatus
Optional:
geosub_id_1sub_id_2
ftd
First-Time Deposit (FTD)

User made their first deposit. The most critical event for the CPA model.

Required:
clickideventstatusamountcurrency
Optional:
geosub_id_1sub_id_2payment_method
reddeposit
Re-deposit

User topped up their account again. Used for RevShare and hybrid models.

Required:
clickideventstatusamountcurrency
Optional:
geosub_id_1sub_id_2payment_method
lead
Lead (SOI/DOI)

User submitted contact details or confirmed their email/phone.

Required:
clickideventstatus
Optional:
geosub_id_1sub_id_2email
cashout
Withdrawal

We record withdrawals for traffic quality scoring and anti-fraud purposes.

Required:
clickideventstatusamountcurrency
Optional:
geopayment_method
rejected
Rejected Deposit

Deposit was rejected by the bank/payment provider or triggered a fraud alert.

Required:
clickideventstatusreason
Optional:
amountcurrency
Parameters

Parameter Reference

ParameterTypeRequiredDescription
clickidstring YesUnique click/visitor identifier that we pass in the tracking link.
eventstring YesEvent type: registration, ftd, redeposit, lead, cashout, rejected.
statusstring YesConversion status: approved, pending, rejected.
amountdecimalper eventDeposit/payout amount. Send in minimal units or dollars — clarify with your manager.
currencystringper eventCurrency in ISO-4217 format (USD, EUR, USDT, etc.).
geostringNoTwo-letter country code (DE, BR, KZ, etc.).
sub_id_1stringNoAdditional parameter for funnel/creative tracking.
sub_id_2stringNoSecond additional parameter.
payment_methodstringNoPayment method: card, crypto, ewallet, bank, sbp.
reasonstringNoReason for conversion rejection.
timestampintegerNoUNIX timestamp of the event. If not provided, the time of receipt is used.
signstring YesHMAC-SHA256 signature of the request body. Requests without a valid signature are rejected.
Signature

How to Generate the sign

The signature is built using HMAC-SHA256 over the request body or an alphabetically sorted parameter string. The secret key is issued after the agreement is signed.

Signature generation example
# Python example
import hmac, hashlib, json

secret = "your_secret_key"  # issued by RS Traffic manager
payload = {
    "clickid": "abc123def456",
    "event": "ftd",
    "status": "approved",
    "amount": "50.00",
    "currency": "USD",
    "timestamp": 1717000000
}
body = json.dumps(payload, sort_keys=True, separators=(',', ':'))
sign = hmac.new(secret.encode(), body.encode(), hashlib.sha256).hexdigest()
# sign is added to the payload or the X-RS-Sign header
Integration

How to Set Up Postbacks

01

Sign the Agreement

After the brief and terms agreement, we issue your secret key and whitelist your IPs.

02

Configure the URL

In your affiliate dashboard, set the RS Traffic endpoint and required macros: clickid, amount, currency, geo.

03

Verify the Integration

Send a test postback. We will confirm receipt and show you how the event appears in the tracker.

Security & Anti-Fraud

We accept postbacks only with a valid signature and from whitelisted IPs. Each conversion is cross-checked against the click log: if the clickid is not found, the event is flagged for manual review. Each brand receives an individual secret and rate limiting rules.

  • IP whitelist and origin verification
  • HMAC-SHA256 for every request
  • clickid cross-check against traffic log
  • Rate-limiting and event deduplication

Need Help with Integration?

Our tech lead will help configure postbacks in your affiliate program, verify the signature, and audit the funnel. Integration typically takes 1–2 business days.

We accept payments in cryptocurrency

  • Bitcoin
  • Ethereum
  • Tether USDT
  • Solana
  • TON
  • Litecoin
  • Dogecoin
  • Bitcoin Cash
  • Dash