The article covers the following topics:

What is the Click signing feature?

The feature provides you an opportunity to sign every single click sent to AppsFlyer or Kochava. It is an anti-fraud measure that prevents a situation when an ad network isn't aware of sending fraud traffic to the advertiser.

The work principle is: a unique token (code) with a certain period of validity is attached to a click and sent via the advertiser's tracking link. If the token is expired or wrong, AppsFlyer or Kochava will define such clicks as fraud traffic. The blocking of traffic can happen. You can learn more about this feature here (AppsFlyer) and here (Kochava).

How to enable Click signing?

Step 1: enable the feature on Affise

You need to turn the feature on. It can be done on two levels:

  • The Advertisers section -> the Advertisers subsection -> the advertiser's edit page -> the Third party integration section:

Screen Recording 2022-01-10 at 02.29.58.10 PM

The feature is used for all offers of this particular advertiser.

  • The Offers section -> the offer's edit page -> the Third party integration tab:

    Screen Recording 2022-01-10 at 02.42.11.37 PM

The feature is used for this particular offer.

❗️ The offer’s settings are in priority over the advertiser’s ones. For example, if AppsFlyer Click Signing is chosen at the advertiser’s level and Kochava Click Validation is chosen at the offer’s level of this advertiser, the click is validated for Kochava.

Step 2: take the API token on AppsFlyer or Kochava and put it on Affise

For AppsFlyer:

Take the API token on AppsFlyer. Check this article to find out how to do it.

Go to the Settings section -> Appsflyer -> Edit -> the API token field and insert the API token.

For Kochava:

Take the Private key on Kochava's side.

Go to the Settings section -> Kochava -> the Private key field and insert the key itself. Click Save.

Step 3: choose modes for Click signing and Circuit breaker (available for AppsFlyer only)

There're three types of mode configuration:

  • Disable - No click signature validation is done by AppsFlyer.

  • Enable - AppsFlyer blocks clicks with invalid or missing signatures.

  • Report only (No rejection) - AppsFlyer validates click signatures, but doesn't block clicks with invalid signatures.

❗️ AppsFlyer recommends to set the mode to Enable after you run in Report only mode for few hours and check your reports to ensure the configuration is correct and that all clicks passed signature validation.

Circuit breaker is a tool that protects the ad network from having too many blocked clicks. AppsFlyer stops click signature validation and reverts to the Report Only mode when more than 90% of clicks in an hour fail signature validation.

There're two types of circuit breaker mode:

  • Disable - AppsFlyer continues to block all clicks marked as invalid, even when the block percentage is unusually high.

  • Enable - if AppsFlyer detects that too many clicks are marked as invalid, then in order to protect the ad network from having potentially incorrectly blocked clicks:

    • Configure mode API changes to report-only.

    • Email alert is sent to the ad network to verify the click signing API is correctly set up.

Read more about Circuit breaker here.

Step 4: choose the App IDs you want to exclude (available for AppsFlyer only)

You have the ability to exclude some app IDs from the clicks’ validation check.

After saving, Appsflyer integration settings will look like that:

How does Click signing work for AppsFlyer?

Once a day, Affise makes a request to AppsFlyer using the API token you've provided to get a secret key: a unique signature for clicks. The secret key's period of validity is 36 hours. As a result, there can be two valid secret keys at the same time.

Once Affise gets the secret key and its expiry date, it adds two parameters to the advertiser's tracking link:

  • &expires=the_click's_expiry_date (the time of click creation + five mins according to the UTC +00.00)

  • &signature=the_secret_key_itself

When click comes to AppsFlyer, it validates values in both parameters and clicks signing mode. As a result, there are three positive scenarios possible:

  • Disable: clicks signing mode Affise keeps sending &exprires=the_secret_key's_expiry_date&signature=the_secret_key_itself parameters via AppsFlyer tracking link, while it ignores the parameters passed.

  • Enable: clicks signing mode Affise keeps sending &exprires=the_secret_key's_expiry_date&signature=the_secret_key_itself parameters via AppsFlyer tracking link, while it validates the expedition date and the secret key and blocks the clicks when they're invalid.

  • Report only (No rejection): clicks signing mode Affise keeps sending &exprires=the_secret_key's_expiry_date&signature=the_secret_key_itself parameters via AppsFlyer tracking link, while it validates the expedition date and the secret key and does not block clicks if they're invalid - just report on them.

How does Click signing work for Kochava?

The Private key you've added in Settings is a click signature itself.

Once you have the key in Settings, the system adds two parameters to the advertiser's tracking link:

  • &expires=the_click's_expiry_date (the time of click creation + one min according to the UTC +00.00)

  • &signature=the_private_key_itself.

FAQ

1) Should I enable Click signing on Appsflyer or Kochava?

No, no need to do anything on AppsFlyer or Kochava to turn the feature on.

2) How often does Affise update the secret key for AppsFlyer?

Once a day (24 hours).

3) Is the click signature for Kochava updated from time to time?

No, the key is static. It is the Private key you've added to Settings. If you want to change it, refer to Kochava, please.

3) I use Affise Server Parallel tracking. Where should &expire= and &signature= parameters be passed?

Both parameters will be passed via links in both fields:

4) I set up click signing correctly. Why don't I see &expire= and &signature= parameters in the Tracking URL?

Affise adds these parameters to the Tracking link, and makes them invisible. The parameters are seen on the advertiser's end, and they are validated when clicks come to Appsflyer. To check the &expire= and &signature= parameters, add &format=json parameter to Affise tracking link and insert in the browser.

5) Can I export the click signature itself as well as its expiry date?

Yes. Go to Statistics -> Daily -> Click log (detailed click statistics). Here you can export Click Signature and Click Signature Expires:

The expiry date is exported in the UNIX Timestamp format.

You may also find the following articles helpful:


If you have more questions on the Integration with AppsFlyer, feel free to contact the AppsFlyer Support Team via the AppsFlyer Help Center or the Kochava Support.

Did this answer your question?