Server-Side Verification (SSV)
Rewarded playables only
SSV applies to Rewarded Playables only.
SSV allows your server to verify that a reward is legitimate before it is granted, preventing spoofed or replayed reward claims.
How It Works
- A user completes a rewarded ad.
- Simula's server sends a POST request to your callback URL with the user ID, reward details, a unique
transaction_id, and an HMAC-SHA256signature. - Your server verifies the
signatureusing yoursignature_secretand deduplicates bytransaction_id. - You grant the reward and return
200.
Publisher Configuration
Configure the following fields in the SSV Configuration section when creating the ad unit:
| Field | What to enter |
|---|---|
| Callback URL | Your server endpoint. Must include {user_id} as a URL parameter. Optionally include {transaction_id} to deduplicate. Example: https://internal.character.ai/simula/reward?user_id={user_id}&txn={transaction_id} |
| reward_item | Name of the reward, e.g. "charms" |
| reward_amount | Quantity to grant, e.g. 10 |
Fields Provided by Simula
| Field | Details |
|---|---|
| signature_secret | Secret key for verifying callbacks. |
| transaction_id | Unique ID included in every callback. Use it to ensure each reward is granted only once. |
| signature | HMAC-SHA256 over the callback payload, signed with your signature_secret. Verify this on every callback. |
| ad_network | Always "simula" — identifies the callback source. |
Callback Format
Simula substitutes live values into the URL template and issues a POST request:
text
POST https://internal.character.ai/simula/reward?user_id=u_98234723&txn=18fa792de1bca816048293fc71035638json
{
"ad_network": "simula",
"ad_unit_id": "SIM-RWD-A3F9K2BX",
"user_id": "u_98234723",
"transaction_id": "18fa792de1bca816048293fc71035638",
"reward_item": "crystals",
"reward_amount": 10,
"timestamp": 1707770365237,
"signature": "a3f9c2...hmac-sha256-hex"
}