Skip to content

Banned Player Webhooks

Our Banned Player Webhook is designed to give your team even more control and flexibility. When a player is banned from AdGem, we’ll notify you instantly, allowing you to take immediate action. This allows you to ensure that banned players won’t receive reward redemptions or be shown any offers, preventing any issues before they arise.

For API-integrated publishers, this real-time notification system offers a seamless experience, enabling you to use the data we send to automatically filter out ineligible users, determine advertising logic, and maintain a streamlined, positive experience for your audience. By preventing banned players from interacting with offers or rewards, you protect both your users and your brand’s reputation, all while saving valuable time and effort.

Structure

A POST request will be made to your webhook url. The webhook url can be placed and your secret token generated in the AdGem Publisher Dashboard in the Apps/Properties tab.

support_url

Here is an example of the request body:

{
  "data": {
    "player_id": "player123",
    "app_id": 1,
    "ban_reason": "events from 3 or more countries in 2 days",
    "created_at": "2025-01-01T00:00:00.000000Z"
  },
  "type": "player.banned",
  "timestamp": "2025-01-01T00:00:00.000000Z"
}
Field
Explanation
player_id The parameter which represents the unique player as used internally in your application.
app_id The AdGem App ID associated with the player event.
ban_reason The reason the player_id has been banned.
created_at The timestamp associated to the player event in the AdGem system.
type The type of player event that has occurred.
timestamp The unix time when the request was generated. Expect a slight delay between the time that the request is generated and the time it is received.

Retrying Failed Requests

When a webhook request is sent, a response with a 2xx-series status code is expected. If the response includes any other status code, the request will be retried up to three times. Be sure to account for this to avoid double-rewarding players.

Authentication

The webhook request headers contain a Signature. This is calculated by hashing the request body and the secret key using the HMAC-SHA256 algorithm. To authenticate the request, hash the request body and the secret key using the HMAC-SHA256 algorithm. Compare the result to Signature value to confirm a match.

Examples:

Route::post('/webhook-receiver', function () {
    $receivedSignature = request()->headers->get('Signature');

    $expectedSignature = hash_hmac('sha256', request()->getContent(), 'secret-key');

    if ($expectedSignature === $receivedSignature) {
        return response()->noContent(200);
    } else {
        return response()->noContent(401);
    }
});

const express = require('express');
const crypto = require('crypto');

const app = express();
const port = 3000;

app.use(express.json());

app.post('/webhook-receiver', (req, res) => {
    const receivedSignature = req.headers['Signature'];

    const postData = JSON.stringify(req.body);
    const expectedSignature = crypto.createHmac('sha256', 'secret-key').update(postData, 'utf8').digest('hex');

    if (expectedSignature === receivedSignature) {
        res.status(200).send();
    } else {
        res.status(401).send();
    }
});

app.listen(port, () => {
    console.log(`Server running on port ${port}`);
});