Troubleshooting UID & Checksum

This guide helps resolve the most common “wrong checksum”, “lower quality score”, and iFrame access errors publishers encounter.

Core checklist

• App ID can be alphanumeric. Copy it exactly from the dashboard.
• Use App Key (API key) for UID checksum. Do NOT use App Secret/Transaction Key.
• Compute MD5 of this exact string (with hyphens): "<internalUserId>-<appId>-<appKey>".
• UID format must be: <internalUserId>-<appId>-<checksum> (case-sensitive).
• URL-encode the final UID when sending as ?userId=....
• Do not include other query params in the UID value itself.

Common mistakes and fixes

• Using App Secret instead of App Key

  • Symptom: “wrong checksum” for all users
  • Fix: Switch to App Key for checksum; keep App Secret for callbacks only.

• Missing hyphens in the MD5 input

  • Symptom: “wrong checksum” despite correct values
  • Fix: Input must be userId-appId-appKey with hyphens; concatenation without separators produces a different hash.

• Treating App ID as numeric only

  • Symptom: Code casts/trims App ID; resulting UID mismatches
  • Fix: App ID can be alphanumeric; keep it as-is.

• Pre-encoding pieces before hashing

  • Symptom: Intermittent mismatches for special characters
  • Fix: Hash the raw values with hyphens; only URL-encode the final UID for the link.

• Putting query string into the UID

  • Symptom: UID contains ?userId=... or other & parameters
  • Fix: UID is only the three-part string; place it as the value of the userId parameter.

About “lower quality score / VPN/proxy not allowed”

• This message can appear for several blocks (checksum mismatch, quality filters, VPN/proxy detection, account restrictions).
• If you are testing integration and see this for all users:
  • First confirm UID correctness using the checklist above.
  • Try a new test user and a clean browser session without extensions/VPNs.
  • If it persists across multiple users/IPs with valid UIDs, contact support with example UIDs and IPs for review.

Snippets (correct pattern)

// JavaScript (Node)
import crypto from 'crypto';
const checksum = crypto.createHash('md5').update(`${internalUserId}-${appId}-${appKey}`).digest('hex');
const uid = `${internalUserId}-${appId}-${checksum}`;
const src = `https://www.rapidoreach.com/ofw/?userId=${encodeURIComponent(uid)}`;

# Python
import hashlib
checksum = hashlib.md5(f"{user}-{app_id}-{app_key}".encode('utf-8')).hexdigest()
uid = f"{user}-{app_id}-{checksum}"

Terminology

• App Key: used for UID checksum, also used as API key for Monetization API.
• App Secret (Transaction Key): used for S2S callbacks and HMAC signatures; not used in UID.

Need help?

• Send support: your App ID, example internal user IDs, generated UIDs, and a timestamp. We’ll verify and advise quickly.

Verify via API

• Endpoint: POST https://www.rapidoreach.com/offerwall/uid/verify
• Body: { "userId": "<internalUserId>-<appId>-<checksum>" }
• Response: { valid: true|false, reason: 'OK'|'FORMAT_INVALID'|'APP_NOT_FOUND'|'CHECKSUM_MISMATCH', hints?: [...] }