Tracking callback

The tracking callback is an HTTP request that the publisher server receives after a user successfully watches a video. It's sent from the Virool server. Please retry if a request has failed.

NOTE: Publisher could also track player events with Widget message API.

Aside from the standard URL, the tracking callback also supports the following parameters:

Param Type Example Details
[USER_ID] String user1234 Site User ID
[TRACKING_ID] String 2bf0c971-f914-07b8-0424-541fb0f53dd7 Unique tracking ID. Could be used to prevent double crediting.
[REWARD] Integer 3 Reward in local currency
[REWARD_USD] Numeric 0.03 Reward in USD
[TIMESTAMP] Integer 1385977129 Event timestamp as UNIX time
[SITE_REF] String site123 Site ID. Useful when the same server handles several sites.
[SIGNATURE] String user123456-3-1385977129 see below

Using these parameters will allow you to identify which user to be rewarded.

Example:[USER_ID]&reward=[REWARD]&time=[TIMESTAMP] template produces tracking callback for user user1234 with 3 gems reward at 2013-12-02 09:38:49 UTC


The tracking callback is sent from Virool's server and is not visible to the user. However, it could be intercepted in an open network by a malicious user and could be used to forge false successful callbacks. This can lead to getting credited without watching videos. Utilizing a site signature is a way to prevent malicious activity and possible fraud. The tracking callback template could refer to a signature using the [SIGNATURE] parameter.

Encryption methods

The [SIGNATURE] parameter could use 5 different encryption methods, depending on the publisher's needs. It might be a very basic string without any encryption, or it could be a highly secure digest. The publisher should choose the encryption method depending on his or her needs.


  • Very basic method
  • no encryption and no protection against request forgery
  • simple returning formatted signature string
  • Variable length, unescaped characters

Example: [USER_ID]-[REWARD]-[TIMESTAMP] produces user123456-3-1385977129


  • MD5 hash of formatted signature string
  • Always 32 characters long.
  • Perfect fit for small sites

Example: [USER_ID]-[REWARD]-[TIMESTAMP] produces 7cfebb975112012453bd5d3d8333efbf


  • SHA1 hash of formatted signature string
  • 40 characters long

Example: [USER_ID]-[REWARD]-[TIMESTAMP] produces 4179232977014275408f2dc893630eeab9e28f8f


  • MD5 digest of formatted signature string
  • Encrypted by encryption key
  • 32 characters long
  • provides a highly secure solution when the encryption key is longer than 10 characters

Example: [USER_ID]-[REWARD]-[TIMESTAMP] with secretkey as an encryption key, produces da61a528653b40c8707b3c40a92e06a6


  • SHA1 digest of formatted signature string
  • Encrypted by encryption key
  • 40 characters long
  • provides highly secure solution when encryption key longer than 10 characters
  • Perfect fit for large sites

Example: [USER_ID]-[REWARD]-[TIMESTAMP] with secretkey as an encryption key, produces a6d3b0d432996e31e0dcfda0effeec61eac69a2c

The following parameters are used in all examples above:

  • [USER_ID] user123456
  • [REWARD] 3
  • [TIMESTAMP]1385977129`
  • Signature [USER_ID]-[REWARD]-[TIMESTAMP]