S2S Conversion
AdPriva supports server-to-server (S2S) postbacks for signups, installs or custom events.
Unlike cookies or client-side pixels (easily spoofed), every conversion in AdPriva is cryptographically linked to a valid click.
Why S2S Conversions?
- Fraud-resistant → Blocks cookie stuffing, pixel spoofing and fake postbacks.
- Privacy-first → Only proof IDs transmitted, no personal data.
- Accurate → Server-side validation prevents tracking loss.
- Compliant → Conversions tied to Consent Receipts, respecting user opt-ins.
How It Works
- ClickProof Generated → Created when a user clicks a tracked element.
- Conversion Event → Your server records a signup, install or custom event.
- S2S Postback → Your server sends a signed payload to AdPriva’s API.
- Validation → HMAC signature, timestamp and click_proof_id are checked.
- ConversionProof Issued → Logged in the AdPriva Explorer.
API Example
Request
POST /conversions
Content-Type: application/json
Authorization: Bearer YOUR_API_KEY
{
"click_proof_id": "PRF_12345",
"event": "signup",
"timestamp": "2025-09-25T14:12:00Z",
"signature": "hmac_sha256_signature"
}
Response
{
"conversion_id": "CNV_55555",
"status": "verified",
"proof_id": "PRF_12345",
"explorer_url": "https://explorer.adpriva.com/CNV_55555"
}
Required Fields
- click_proof_id → ID of the valid click.
- event → Event type (signup, install, custom).
- timestamp → UTC ISO timestamp.
- signature → HMAC-SHA256 signature with your secret key.
Generate secret keys in the AdPriva Dashboard. Sandbox keys available for testing.
Fraud Protection
- Replay Prevention → Each click can only generate one ConversionProof.
- HMAC Signatures → Spoofed postbacks automatically rejected.
- Consent Linkage → Conversions only logged if user consent exists.
- Tamper Evidence → ConversionProofs batch-anchored on-chain.
With S2S validation, AdPriva makes server-side event verification fraud-resistant and privacy-preserving, so every recorded event is provably tied to a real, consented click.
{% @mermaid/diagram content="sequenceDiagram
participant U as User
participant P as Publisher Site/App
participant A as Your Server
participant API as AdPriva API
participant V as Validation Layer
participant X as AdPriva Explorer
U->>P: Clicks tracked element
P->>API: Generates ClickProof (PRF_12345)
API-->>A: ClickProof ID returned
A->>API: Sends S2S Postback (signup/install/custom)
API->>V: Validate (HMAC, timestamp, consent, linkage)
V-->>API: Conversion verified
API->>X: Logs ConversionProof
X-->>All: Public verification available" %}