Getting Started

The Reward Postback is a webhook designed to enable Playfull to send postback to developers when our users rewarded with in-game reward.

Playfull will send a POST request to your webhook url. The request payload will be JSON formatted and will be signed using the client secret key. The resulting signature will be included in the request header Playfull-Signature.

Verifying postback signature

const crypto = require('crypto')
 
app.post('/webhook', async (request, response) => {
  const signature = request.headers['playfull-signature']
  const isValid = verifySignature(signature, request.body.toString())
})
 
const verifySignature = function (receivedSignature, payload) {
  const hash = crypto
  .createHmac('sha256', <secret_token>)
  .update(payload)
  .digest('base64')
  return receivedSignature === hash
}

Payload Definition

{
  id: string (unique id of the webhook request)
  user_id: string (user id),
  item_id: string (item id of the reward),
  quantity: string (quantity of the item)
  timestamp: long (UNIX seconds)
}

Examples Limits