Developer Docs

Publisher Integration Guide

Easily connect the SplitGrid offerwall to your website or platform using standard responsive iframes and secure cryptographic postbacks.

1

Obtain API Credentials

To start, you will need to register a free publisher account and create your App/Website entry inside your SplitGrid dashboard. Once created, you will be assigned two essential keys:

API Key (Public Key)

Used inside your frontend iframe source to load and display your branded offerwall.

App Secret Key (Private)

Stored securely on your server backend. Used solely to verify signature handshakes from our postbacks.

2

Embed the Responsive IFrame

Load the SplitGrid offerwall in any container of your website by embedding a standard, lightweight HTML IFrame. You must dynamically pass your user's unique account ID to the **`sub_id`** query parameter. 

<iframe 
    src="https://splitgrid.net/iframe.php?api_key=YOUR_API_KEY&sub_id=USER_ID" 
    width="100%" 
    height="800px" 
    frameborder="0">
</iframe>
Parameter Information:
  • api_key: Your unique publisher public API key.
  • sub_id: The user ID of the visitor currently browsing your website. We will send this ID back in the S2S postback so you know exactly whose balance to credit!
3

Setup S2S Postbacks

S2S (Server-to-Server) postbacks let our network immediately notify your server backend whenever a user converts or completes a task. SplitGrid sends a standard **GET** request containing all conversion parameters.

Macro Placeholders

Configure your postback endpoint in the dashboard using the following macros:

{sub_id} — User's ID
{reward} — Points payout
{trans_id} — Trans ID
{signature} — Security Hash
https://yoursite.com/postback.php?user_id={sub_id}&points={reward}&trans_id={trans_id}&signature={signature}
4

Cryptographic Signature Handshake

To prevent malicious users from triggering postbacks manually and exploiting points, you **must verify the signature hash** on your backend server. The signature is calculated by combining transaction details with your Private Secret Key using **SHA256**. 

<?php
// 1. Fetch your secret key from your SplitGrid Publisher panel
$secret_key = "YOUR_APP_SECRET_KEY";

// 2. Read incoming GET parameters
$sub_id    = $_GET['user_id'];
$reward    = $_GET['points'];
$trans_id  = $_GET['trans_id'];
$signature = $_GET['signature'];

// 3. Generate your local hash
$local_hash = hash('sha256', $sub_id . $reward . $trans_id . $secret_key);

// 4. Validate
if ($signature === $local_hash) {
    // Signature is valid!
    // Credit the user's account safely inside your database here
    
    echo "OK"; // Output OK so our server knows it converted successfully!
} else {
    // Signature invalid. Reject the postback attempt!
    http_response_code(400);
    echo "ERROR: Invalid Signature Handshake";
}
?>