Developers

API Docs

Track conversions from any language. Every endpoint is documented with cURL, JavaScript, and Python examples.

S2S Postback URL

Fire this URL from your advertiser platform when a conversion happens. {click_id} resolves via tracker_click_id → sub1 → internal UUID.

cURL
curl -X GET 'https://partners.leadmedia.in/api/public/postback?click_id={click_id}&payout={payout}&currency=USD'
JavaScript
await fetch(
  `https://partners.leadmedia.in/api/public/postback?click_id=${clickId}&payout=${payout}&currency=USD`
);
Python
import requests
requests.get(
  "https://partners.leadmedia.in/api/public/postback",
  params={"click_id": click_id, "payout": payout, "currency": "USD"},
)

Tracking Pixel (client-side)

Drop this on your thank-you page for iframe-based conversion tracking.

HTML
<img
  src="https://partners.leadmedia.in/api/public/pixel/OFFER_ID?click_id=CLICK_ID&payout=9.99"
  width="1" height="1" style="display:none" alt=""
/>

Conversion Webhook Payload

Every outbound webhook is signed with HMAC-SHA256 in the X-SwiftTrack-Signature header. Verify before trusting the payload.

Payload (JSON)
{
  "event": "conversion.approved",
  "conversion_id": "d31a...",
  "click_id": "8bee...",
  "tracker_click_id": "D-21978919-...",
  "offer_id": "b7c9...",
  "aff_id": "3f21...",
  "payout": 9.99,
  "currency": "USD",
  "created_at": "2026-07-02T12:34:56Z"
}
Verify (Node.js)
import { createHmac, timingSafeEqual } from "crypto";

const sig = req.headers["x-swifttrack-signature"];
const expected = createHmac("sha256", SECRET)
  .update(rawBody)
  .digest("hex");

if (!timingSafeEqual(Buffer.from(sig), Buffer.from(expected))) {
  return res.status(401).end("Invalid signature");
}

Rate Limits

  • • Admin API keys: 600 req/min
  • • Affiliate API keys: 120 req/min
  • • Postback endpoint: unlimited (per click_id dedupe applies)