Postback Guide

What is postback?

Postback is option for server owners to get notified when someone vote for their server. Postback is very popular and needed for vote for silks feature.

Postback is also called as webhook or callback.

How to make postback work?

First of all add your server to list. There are 2 fields in add server form. Postback URL and Postback Secret Key. To get notified about votes you need to enter your Postback URL, example: https://yourdomain.com/postback.php. We will call (request) this URL every time we get valid vote to your server.

Every postback call is GET request.

How to protect postback and verify request?

As we mentioned above, you can enter Postback Secret Key. This is your secret postback key which we will send in every request header Srodb-Com-Postback-Key. Keep this secret key in private!

We also send User-Agent header in every request with value SRODBCOM.

How to identify player?

If you visit server list and go to vote page to specific server you will see URL like https://srodb.com/server/1-server-online. 1-server-online will be unique based on your server name. This is vote page for every single server.

Add any value to userid parameter to identify player. You can use player's account ID, player's in-game name, player's login ID or whatever you want to use to identify player. Vote URL will be like https://srodb.com/server/1-server-online?userid=srodbcom.

If player vote on this URL we will add userid parameter to postback request. Parameter name is userid too. So final postback call to you looks like https://yourdomain.com/postback.php?userid=srodbcom.

Why you don't send voter's IP in postback?

IP address is personal information and it's under GDPR. Don't worry, we validate every vote on our portal for you.

Can you give me PHP code sample to catch postbacks?

Yes, here we go.

Warning: This is just code sample. You need to modify code to your needs and validate inputs! 

<?php
$userId = $_GET["userid"] ?? null; // sanitize + escape
$postbackSecretKey = "secretKey123"; // replace by your key

// Check if there is $userId value => dont need to continue without it
if ($userId) {
    // Get all request headers
    $headers = getallheaders();

    // Check headers and values
    if (isset($headers["User-Agent"], $headers["Srodb-Com-Postback-Key"]) && $headers["User-Agent"] === "SRODBCOM") && $headers["Srodb-Com-Postback-Key"] === $postbackSecretKey) {
        // do your stuff here
    }
}