Server-side postback setup (HMAC)
For brands that can call our HMAC-verified server-side postback endpoint, sales attribute with zero browser-side dependency, works even when ad blockers strip cookies.
When postback applies to you
You don’t configure postback, the brand does. Postback is the brand’s server calling Keepface’s server when a sale clears. As an influencer you just take the link and share; if attribution comes back via postback, it’s invisible to you.
Why postback matters
It’s the most reliable method:
- Works when ad blockers strip cookies
- Works for purchases via apps (not just browsers)
- Survives same-device + cross-device attribution
For brands that have this set up, your commission rate is typically the same as JS pixel; the difference is reliability.
Verification
Postback events arrive at Keepface with HMAC signature for authenticity. We reject unsigned or tampered events. Brand-side replay attacks fail.
How to know if a brand uses postback
Check the offer card, methods listed include “S2S postback” if enabled. Multiple methods can be active simultaneously; we pick the most reliable signal per sale.