Advanced security options
After you test your callbacks, you can update your callbacks to make their structure private and keep them safe from false triggers.
Protect your callback structure
To maintain the privacy of your callback structure, you can use a placeholder for the static part of your URL.
Email us at integration@adjust.com and let us know which parts of your callback are static. You will receive up a placeholder that maps to the static part of your URL. This placeholder starts with either
httporhttps.Attach the dynamic parts of your callback URL to this placeholder, and call the placeholder like any other typical callback URL.
Secure your Adjust callback
If you think that someone could falsely trigger your callbacks, you can protect your HTTP handles by allowing only Adjust’s servers to make those calls. The callbacks all come from one of Adjust’s server IPs.
- Depending on the structure of your callback interface, block fraudulent calls on the application level or use a proxy. For example, if you are using Nginx, this is how it would look like:
location /callback {
// add this condition to only check callbacks having an "adjust" parameter
// set to 1 for the origin - if this location only processes Adjust calls,
// remove the condition
if ($arg_adjust = 1) {
allow 178.162.216.64/26; allow 178.162.216.128/26; deny all;
} }
If you need assistance in setting up your proxy or application, contact us at integration@adjust.com.
- Append
&adjust=1to your callback.
The Adjust server checks for the correct origin IP before triggering the callbacks. This makes fraudulent calls impossible.