MoneyRain Offerwall

Publisher API documentation

Send users to MoneyRain with a hosted link or iframe widget. After a completed ad view, MoneyRain can send a signed callback to your site so you can credit your own user.

1. Send trafficUse the hosted wall link or iframe widget.
2. Save callbackSet a HTTPS callback URL and secret in Dashboard.
3. Verify and creditCheck the HMAC signature, then credit your user once.
Quick Start
StepWhat to doWhere
1Copy your publisher link or iframe widget.Dashboard - Publisher links / Iframe widget
2Replace {USER_ID} with your own local user ID.Your website
3Save a default callback URL and secret, or add named site callbacks.Dashboard - Publisher callback
4Verify the callback signature before crediting.Your callback endpoint
Hosted Offerwall Link

Redirect users to this link when they want to earn from your site.

https://offerwall.moneyrain.top/wall.php?pub=PUBLISHER_ID&uid=YOUR_USER_ID

For multiple publisher sites, add a site key. The site key is just a name and does not need to be a URL.

https://offerwall.moneyrain.top/wall.php?pub=PUBLISHER_ID&site=example.com&uid=YOUR_USER_ID
ParameterRequiredDescriptionExample
pubRequiredYour MoneyRain user ID.123
siteOptionalNamed site key for routing callbacks to a site-specific callback URL.example.com
uidOptionalYour local user ID. Keep it stable and do not include private data.user-42
Iframe Widget

Use this when you want a small embedded widget with buttons for autosurf, PTC, and YouTube ads.

<iframe
  src="https://offerwall.moneyrain.top/embed.php?pub=PUBLISHER_ID&uid=YOUR_USER_ID"
  width="360"
  height="360"
  style="border:0;border-radius:8px;overflow:hidden"
  loading="lazy"></iframe>

For a named site callback, add &site=example.com to the iframe URL.

SettingRecommendation
WidthAt least 360 pixels.
HeightAt least 360 pixels.
User IDReplace YOUR_USER_ID before rendering the iframe.
Publisher Callback Setup

MoneyRain sends one callback after a publisher-link ad completion is credited. Configure the default callback for links without site, or add extra publisher sites for links with site=SITE_KEY.

FieldRequiredDescriptionExample
Site keyOptionalName used in &site=. Leave out for the default callback.example.com
Callback URLRequiredHTTPS endpoint on your site that receives the JSON POST. Saving a URL activates that callback.https://example.com/moneyrain-callback
Callback secretRequiredSecret used for HMAC signatures. Generated secrets are shown once. You can reset/change a secret 3 times per day per site.64-random-chars
Display currencyOptionalYour default display currency, or an override on each extra site.50 Penny coins per 1 USDT
Callback HTTP Request

Your endpoint receives a JSON POST. Read the raw body before decoding it because the signature is calculated from the exact raw body.

POST https://your-site.example/moneyrain-callback
Content-Type: application/json
User-Agent: MoneyRain-Offerwall/1.0.0
X-MoneyRain-Event: reward.completed
X-MoneyRain-Timestamp: 1782730000
X-MoneyRain-Signature: sha256=HEX_HMAC_SHA256
HeaderDescriptionExample
X-MoneyRain-EventCallback event name.reward.completed
X-MoneyRain-TimestampUnix timestamp generated by MoneyRain.1782730000
X-MoneyRain-Signaturesha256= plus HMAC SHA-256 of the raw body.sha256=abc123...
Callback Payload
{
  "event": "reward.completed",
  "publisher_id": 123,
  "site": "example.com",
  "external_uid": "your-user-42",
  "view_id": 98765,
  "campaign_id": 555,
  "ad_type": "ptc",
  "reward_usdt": "0.00003000",
  "reward_currency_amount": "0.00150000",
  "reward_currency_name": "Penny coins",
  "reward_currency_per_usdt": "50.00000000",
  "advertiser_cost_usdt": "0.00005000",
  "status": "completed",
  "timestamp": 1782730000,
  "nonce": "random24hex"
}
FieldDescriptionExample
external_uidYour user ID from the hosted link or iframe.your-user-42
siteSite key from the hosted link or iframe. Empty string for the default publisher callback.example.com
view_idUnique MoneyRain view completion ID. Store it to prevent double crediting.98765
reward_usdtPublisher reward in USDT.0.00003000
reward_currency_amountReward converted to your display currency.0.00150000
advertiser_cost_usdtTotal advertiser cost for the completed view.0.00005000
nonceRandom value for audit/logging and duplicate protection.random24hex
PHP Signature Verification Example

Compare signatures with hash_equals. Only credit after the signature is valid and the view_id has not been credited before.

<?php
$secret = 'your callback secret';
$body = file_get_contents('php://input');
$header = $_SERVER['HTTP_X_MONEYRAIN_SIGNATURE'] ?? '';
$expected = 'sha256=' . hash_hmac('sha256', $body, $secret);

if (!hash_equals($expected, $header)) {
    http_response_code(403);
    exit('bad signature');
}

$payload = json_decode($body, true);
if (!is_array($payload) || ($payload['event'] ?? '') !== 'reward.completed') {
    http_response_code(400);
    exit('bad payload');
}

// 1. Check that view_id was not credited before.
// 2. Store view_id or nonce in your database.
// 3. Credit external_uid with reward_currency_amount.

http_response_code(200);
echo 'OK';
Response And Retry Rules
Your responseMeaning
200, 201, 202, or 204MoneyRain treats the callback as accepted.
Any other statusMoneyRain stores the failure status and increments the failure counter.
No responseMoneyRain stores no_response.

V1 stores the last callback status and failure count, but does not queue automatic retries. Respond with success only after you have safely recorded the reward.

Security Checklist
CheckWhy it matters
Use HTTPSCallback secrets and reward payloads must not travel over plain HTTP.
Verify the HMAC signatureConfirms the callback came from MoneyRain and was not modified.
Store view_idPrevents duplicate credits if a request is repeated.
Validate external_uidMake sure the user exists on your site before crediting.
Log payloads safelyUseful for support and reconciliation without exposing secrets.