Integrations & postbacks

The Integrations section gives you the connection details needed to report web or store conversions to Attribloom.

Key values

Postback URL. The endpoint your server calls when a sale completes. POST each conversion here, signed with your Postback secret.

Redirect base. The root URL of every tracking link. A complete tracking link is the Redirect base plus the affiliate's unique code. When a visitor opens the link, Attribloom records the click and immediately forwards them to the campaign's destination.

Postback secret. A secret key used to sign postback requests via HMAC. Keep this server-side only — never expose it in client code, browser URLs, or public repositories. Anyone who holds the secret can forge a conversion.

How postbacks work

When a sale completes on your server:

1. Build the postback payload (conversion amount, currency, a unique order reference, and the affiliate's code or click ID).

2. Sign the payload with the Postback secret using HMAC.

3. POST the signed request to your Postback URL.

4. Attribloom verifies the signature, matches the conversion to the affiliate's recorded click, and credits commission.

If the signature is invalid or the click cannot be matched, the postback is rejected and no commission is credited.

When is the secret created?

The Postback secret is created when you provision your first campaign. If you have not yet created a campaign, the Integrations section will prompt you to do so.