All articles

Custom attribution

How signed conversion postbacks and refunds work

Sign the exact request bytes, reuse a stable external conversion ID, and send refunds to the refund endpoint so commission reverses idempotently.

Published · Last reviewed

Conversion

Your server sends POST /v1/conversions with integer minor units, currency, a stable externalId, and an affiliate click or code. Sign timestamp-dot-raw-body with HMAC-SHA256 and send the surface, timestamp, and signature headers.

  • Use Unix seconds and a fresh timestamp.
  • Sign the exact bytes you send.
  • Keep the secret server-side.
  • Retry with the same externalId so duplicates remain safe.

Refund

Send POST /v1/conversions/refund with the original externalId, a stable refundId, refunded minor units, and matching currency. Full and partial refunds reverse the corresponding commission on the same ledger.

What this does not do

A signed postback proves the configured server sent the event. It does not validate an unsigned browser claim, replace your order system, or make floating-point currency safe.

Next steps

Frequently asked

Can I safely retry a refund?

Yes. Reuse the same stable refundId. Attribloom's released refund path is idempotent.

In the glossary

Continue reading

Get startedSee pricingMore articles