The article covers the following topics:
- What is the Click signing feature?
- How to enable Click signing?
- How does Click signing work for AppsFlyer?
- How does Click signing work for Kochava?
What is the Click signing feature?
The feature provides you an opportunity to sign every single click sent to AppsFlyer or Kochava. It is an anti-fraud measure that prevents a situation when an ad network isn't aware of sending fraud traffic to the advertiser.
The work principle is: a unique token (code) with a certain period of validity is attached to a click and sent via the advertiser's tracking link. If the token is expired or wrong, AppsFlyer or Kochava will define such clicks as fraud traffic. The blocking of traffic can happen. You can learn more about this feature here (AppsFlyer) and here (Kochava).
How to enable Click signing?
Step 1: enable the feature on Affise
You need to turn the feature on. It can be done on two levels:
- The Advertisers section -> the Advertisers subsection -> the advertiser's edit page -> the Third party integration section:
The feature is used for all offers of this particular advertiser.
- The Offers section -> the offer's edit page -> the Third party integration tab:
The feature is used for this particular offer.
The offer’s settings are in priority over the advertiser’s ones. For example, if AppsFlyer Click Signing is chosen at the advertiser’s level and Kochava Click Validation is chosen at the offer’s level of this advertiser, the click is validated for Kochava.
Step 2: take the API token on AppsFlyer or Kochava and put it on Affise
Take the API token on AppsFlyer. Check this article to find out how to do it.
Go to the Settings section -> Appsflyer -> the API token field and insert the API token. Click Save.
Take the Private key on Kochava's side.
Go to the Settings section -> Kochava -> the Private key field and insert the key itself. Click Save.
Step 3: choose a mode for Click signing (available for AppsFlyer only)
There're three types of mode configuration:
- Disable - No click signature validation is done by AppsFlyer.
- Enable - AppsFlyer blocks clicks with invalid or missing signatures.
- Report only (No rejection) - AppsFlyer validates click signatures, but doesn't block clicks with invalid signatures.
AppsFlyer recommends to set the mode to Enable after you run in Report only mode for few hours and check your reports to ensure the configuration is correct and that all clicks passed signature validation.
How does Click signing work for AppsFlyer?
Once a day, Affise makes a request to AppsFlyer using the API token you've provided to get a secret key: a unique signature for clicks. The secret key's period of validity is 36 hours. As a result, there can be two valid secret keys at the same time.
Once Affise gets the secret key and its expiry date, it adds two parameters to the advertiser's tracking link:
- &expires=the_click's_expiry_date (the time of click creation + five mins according to the UTC +00.00)
When click comes to AppsFlyer, it validates values in both parameters and clicks signing mode. As a result, there are three positive scenarios possible:
- Disable: clicks signing mode Affise keeps sending &exprires=the_secret_key's_expiry_date&signature=the_secret_key_itself parameters via AppsFlyer tracking link, while it ignores the parameters passed.
- Enable: clicks signing mode Affise keeps sending &exprires=the_secret_key's_expiry_date&signature=the_secret_key_itself parameters via AppsFlyer tracking link, while it validates the expedition date and the secret key and blocks the clicks when they're invalid.
- Report only (No rejection): clicks signing mode Affise keeps sending &exprires=the_secret_key's_expiry_date&signature=the_secret_key_itself parameters via AppsFlyer tracking link, while it validates the expedition date and the secret key and does not block clicks if they're invalid - just report on them.
How does Click signing work for Kochava?
The Private key you've added in Settings is a click signature itself.
Once you have the key in Settings, the system adds two parameters to the advertiser's tracking link:
- &expires=the_click's_expiry_date (the time of click creation + one min according to the UTC +00.00)
1) Should I enable Click signing on Appsflyer or Kochava?
No, no need to do anything on AppsFlyer or Kochava to turn the feature on.
2) How often does Affise update the secret key for AppsFlyer?
Once a day (24 hours).
3) Is the click signature for Kochava updated from time to time?
No, the key is static. It is the Private key you've added to Settings. If you want to change it, refer to Kochava, please.
3) I user Affise Server Parallel tracking. Where should &expires= and &signature= parameters be passed?
Both parameters will be passed via links in both fields:
4) Can I export the click signature itself as well as its expiry date?
Yes. Go to Statistics -> Daily -> Click log (detailed click statistics). Here you can export both values:
The expiry date is exported in the UNIX Timestamp format.
You may also find the following articles helpful:
- Affise <-> AppsFlyer integration
- Affise <-> Kochava integration
- Click signing feature: AppsFlyer documentation
- Click signing feature: Kochava documentation
- How to get your API token on AppsFlyer