Article

Verifying an Install Validation Postback

Receive and verify an install validation message to confirm an ad conversion.

Overview

When a user installs and launches an app as a result of your ad, you receive a postback request that validates the installation. The request is sent to the ad network URL you provided in registration.

The following JSON shows an example of an install validation postback request:


{
  "ad-network-id" : "com.example",
  "transaction-id" : "6aafb7a5-0170-41b5-bbe4-fe71dedf1e28",
  "campaign-id" : 42,
  "app-id" : 1229670720,
  "attribution-signature" : "MDYCGQCsQ4y8d4BlYU9b8Qb9BPWPi+ixk\/OiRysCGQDZZ8fpJnuqs9my8iSQVbJO\/oU1AXUROYU="
}

The parameters are:

ad-network-id

Your ad network identifier.

transaction-id

A unique value for this validation; useful for deduplicating install validation messages.

campaign-id

The campaign ID you provided when displaying the ad.

app-id

The item identifier of the advertised product.

attribution-signature

Apple's signature.

Verify the Ad Conversion Message

To verify that the request is from Apple, verify Apple's signature as follows:

  1. Create a UTF-8 string by combining the parameter values in the following order, with an invisible separator ('\u2063') between them: ad network ID, campaign ID, app ID, transaction ID.

  2. Decode Apple's public key, which Apple provides as a Base64-encoded string. The result is a byte array.

  3. Create an X.509 standard public key from the byte array.

  4. Using Apple's public key, verify Apple's signed value from the attribution-signature parameter against the UTF-8 string you created in step 1.

An example of the UTF-8 string is:

ad-network-id + '\u2063' + campaign-id + '\u2063' + app-id + '\u2063’ + transaction-id 

See Also

Verifying an Ad Conversion

+ registerAppForAdNetworkAttribution

Verifies the first launch of an app installed as a result of an ad.