# How signed conversion postbacks and refunds work

> Sign the exact request bytes, reuse a stable external conversion ID, and send refunds to the refund endpoint so commission reverses idempotently.

Published: 2026-07-14 · Last reviewed: 2026-07-14

## Conversion

Your server sends POST /v1/conversions with integer minor units, currency, a stable externalId, and an affiliate click or code. Sign timestamp-dot-raw-body with HMAC-SHA256 and send the surface, timestamp, and signature headers.

- Use Unix seconds and a fresh timestamp.
- Sign the exact bytes you send.
- Keep the secret server-side.
- Retry with the same externalId so duplicates remain safe.

## Refund

Send POST /v1/conversions/refund with the original externalId, a stable refundId, refunded minor units, and matching currency. Full and partial refunds reverse the corresponding commission on the same ledger.

## What this does not do

A signed postback proves the configured server sent the event. It does not validate an unsigned browser claim, replace your order system, or make floating-point currency safe.

## Frequently asked

### Can I safely retry a refund?

Yes. Reuse the same stable refundId. Attribloom's released refund path is idempotent.

## Next steps

- [Signed webhook guide](/guides/webhook)
- [OpenAPI contract](https://api.attribloom.com/openapi.json)
- [Clawbacks](/learn/how-commission-holds-and-clawbacks-protect-a-program)
