Publisher API documentation
Send users to MoneyRain with a hosted link or iframe widget. After a completed ad view, MoneyRain can send a signed callback to your site so you can credit your own user.
Send users to MoneyRain with a hosted link or iframe widget. After a completed ad view, MoneyRain can send a signed callback to your site so you can credit your own user.
| Step | What to do | Where |
|---|---|---|
| 1 | Copy your publisher link or iframe widget. | Dashboard - Publisher links / Iframe widget |
| 2 | Replace {USER_ID} with your own local user ID. | Your website |
| 3 | Save a default callback URL and secret, or add named site callbacks. | Dashboard - Publisher callback |
| 4 | Verify the callback signature before crediting. | Your callback endpoint |
Redirect users to this link when they want to earn from your site.
https://offerwall.moneyrain.top/wall.php?pub=PUBLISHER_ID&uid=YOUR_USER_ID
For multiple publisher sites, add a site key. The site key is just a name and does not need to be a URL.
https://offerwall.moneyrain.top/wall.php?pub=PUBLISHER_ID&site=example.com&uid=YOUR_USER_ID
| Parameter | Required | Description | Example |
|---|---|---|---|
pub | Required | Your MoneyRain user ID. | 123 |
site | Optional | Named site key for routing callbacks to a site-specific callback URL. | example.com |
uid | Optional | Your local user ID. Keep it stable and do not include private data. | user-42 |
Use this when you want a small embedded widget with buttons for autosurf, PTC, and YouTube ads.
<iframe
src="https://offerwall.moneyrain.top/embed.php?pub=PUBLISHER_ID&uid=YOUR_USER_ID"
width="360"
height="360"
style="border:0;border-radius:8px;overflow:hidden"
loading="lazy"></iframe>
For a named site callback, add &site=example.com to the iframe URL.
| Setting | Recommendation |
|---|---|
| Width | At least 360 pixels. |
| Height | At least 360 pixels. |
| User ID | Replace YOUR_USER_ID before rendering the iframe. |
MoneyRain sends one callback after a publisher-link ad completion is credited. Configure the default callback for links without site, or add extra publisher sites for links with site=SITE_KEY.
| Field | Required | Description | Example |
|---|---|---|---|
| Site key | Optional | Name used in &site=. Leave out for the default callback. | example.com |
| Callback URL | Required | HTTPS endpoint on your site that receives the JSON POST. Saving a URL activates that callback. | https://example.com/moneyrain-callback |
| Callback secret | Required | Secret used for HMAC signatures. Generated secrets are shown once. You can reset/change a secret 3 times per day per site. | 64-random-chars |
| Display currency | Optional | Your default display currency, or an override on each extra site. | 50 Penny coins per 1 USDT |
Your endpoint receives a JSON POST. Read the raw body before decoding it because the signature is calculated from the exact raw body.
POST https://your-site.example/moneyrain-callback
Content-Type: application/json
User-Agent: MoneyRain-Offerwall/1.0.0
X-MoneyRain-Event: reward.completed
X-MoneyRain-Timestamp: 1782730000
X-MoneyRain-Signature: sha256=HEX_HMAC_SHA256
| Header | Description | Example |
|---|---|---|
X-MoneyRain-Event | Callback event name. | reward.completed |
X-MoneyRain-Timestamp | Unix timestamp generated by MoneyRain. | 1782730000 |
X-MoneyRain-Signature | sha256= plus HMAC SHA-256 of the raw body. | sha256=abc123... |
{
"event": "reward.completed",
"publisher_id": 123,
"site": "example.com",
"external_uid": "your-user-42",
"view_id": 98765,
"campaign_id": 555,
"ad_type": "ptc",
"reward_usdt": "0.00003000",
"reward_currency_amount": "0.00150000",
"reward_currency_name": "Penny coins",
"reward_currency_per_usdt": "50.00000000",
"advertiser_cost_usdt": "0.00005000",
"status": "completed",
"timestamp": 1782730000,
"nonce": "random24hex"
}
| Field | Description | Example |
|---|---|---|
external_uid | Your user ID from the hosted link or iframe. | your-user-42 |
site | Site key from the hosted link or iframe. Empty string for the default publisher callback. | example.com |
view_id | Unique MoneyRain view completion ID. Store it to prevent double crediting. | 98765 |
reward_usdt | Publisher reward in USDT. | 0.00003000 |
reward_currency_amount | Reward converted to your display currency. | 0.00150000 |
advertiser_cost_usdt | Total advertiser cost for the completed view. | 0.00005000 |
nonce | Random value for audit/logging and duplicate protection. | random24hex |
Compare signatures with hash_equals. Only credit after the signature is valid and the view_id has not been credited before.
<?php
$secret = 'your callback secret';
$body = file_get_contents('php://input');
$header = $_SERVER['HTTP_X_MONEYRAIN_SIGNATURE'] ?? '';
$expected = 'sha256=' . hash_hmac('sha256', $body, $secret);
if (!hash_equals($expected, $header)) {
http_response_code(403);
exit('bad signature');
}
$payload = json_decode($body, true);
if (!is_array($payload) || ($payload['event'] ?? '') !== 'reward.completed') {
http_response_code(400);
exit('bad payload');
}
// 1. Check that view_id was not credited before.
// 2. Store view_id or nonce in your database.
// 3. Credit external_uid with reward_currency_amount.
http_response_code(200);
echo 'OK';
| Your response | Meaning |
|---|---|
200, 201, 202, or 204 | MoneyRain treats the callback as accepted. |
| Any other status | MoneyRain stores the failure status and increments the failure counter. |
| No response | MoneyRain stores no_response. |
V1 stores the last callback status and failure count, but does not queue automatic retries. Respond with success only after you have safely recorded the reward.
| Check | Why it matters |
|---|---|
| Use HTTPS | Callback secrets and reward payloads must not travel over plain HTTP. |
| Verify the HMAC signature | Confirms the callback came from MoneyRain and was not modified. |
Store view_id | Prevents duplicate credits if a request is repeated. |
Validate external_uid | Make sure the user exists on your site before crediting. |
| Log payloads safely | Useful for support and reconciliation without exposing secrets. |