Autologin URL: no save no cheat

Autologin URL: no save no cheat

In this article, I again want to such a part of the process of sending leads of crypto traffic as an autologin link. What it is? When the lead clicked on the ad, read the success story on the pre-lander, went to the landing page and left his or her registration data there, they go to the broker via the API. The broker, in turn, returns the autologin link that the user uses to get into his personal account inside the Elon Musk System. The link only lives for a couple of minutes, and it is necessary for the lead to follow it right at the moment of its creation.

The dark side of the force

And so, by manipulating this link, you can either deceive the broker for the sake of a selfish thirst for profit, or help him, all the while saving your profit along the way. Let’s start with what all affiliates love. From cheating!

Case 1. Saving nighttime traffic

There can be many situations when a lead needs to be transferred to another broker. For example:

  • It just suddenly stopped working.
  • Something is broken at the broker and the system is not working.
  • The lead came in the evening or at night, when the call center is not working and the system is not processing leads.

The last option is the most common. Brokers want leads that have just signed up, followed an autologin link, and are waiting for a call center manager to call them. The faster the call, the higher the probability of receiving a deposit. But many call centers are so snickering that they do not work at night, and some even announce a siesta from 17:00 local time. What to do?

We put all the restless leads into the sump and, according to their data, we register with the broker in the morning, when he deigned to open his sleepy and rested call center. He sends an autologin link, but the lead will not follow it, he left to do his own thing. A transition is needed. What to do?

I’ll tell you on the fingers, your techie implements. So, we take the user agent of the user and its IP, cram it into the headers (part of the HTTP request) and just make a request to the autologin link ourselves. Is there a transition? Yep. And no broker will check whether the transition is real (spoiler: no) due to his great laziness, which at least here will play into our hands.

Code example:

User-Agent: $useragent
X-Forwarded-For: $ip
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip, deflate, br

Inside AlterCPA, the autologiner hack is responsible for such dirty tricks, which tries to take into account all possible parameters for a better simulation of clicking on a link.

Case 2. Protecting broker contacts

Back in the summer, when I was just starting my blog, I leaked a life hack, how to find direct crypto-advertising five minutes. There, to achieve the goal, just the autologin link was used, through which you can dig out the necessary contact in order to get a fresh offer to your affiliate network. Then there were posts, how to protect yourself from such impudent theft, and one of the most primitive and effective tips is to disable the link autologin.

There is only one problem. Brokers require the link to work and users to follow it. We proceed in this case in the same way as in the first situation. We replace user data and automatically send our fake transition to the broker.

What to do with all this?

If you are an affiliate network, implement this technology at your place. It is simple, but increases profit by 5-10%. Are you an arbitrator? Contact your manager and find out what happens to your leads if the broker is not available at the time of registration. And integrate the mechanics I described above. Imitation of following the autologin link eliminates problems with brokers, but at the same time allows you to save your leads and send them to the broker for processing. And you can safely protect the contacts of the advertiser so that competitors do not get access to them.

The light side of the force

We consider situations when we want the autologin link to be processed correctly. Yes, yes, saving the link also makes sense. Brokers do not just want the user to follow it and get into the office. When the product is in front of your eyes, it will be easier for the call center to make sales, and, accordingly, the affiliate program and the arbitrator get more deposits on the same traffic.

What is a duplicate and how does it appear?

Do you think brokers have modern supercomputer systems that process data quickly? Nope! In reality, in many cases, after sending the lead data, it takes time to create and send the autologin link to the person. Sometimes 15 seconds, which is already a very long time, sometimes 2-3 minutes, which is generally inadequate. The fact is that there are a lot of gateways between the lead and the broker, and even if one slows down, there will be an unpleasant delay in responding to the request.

As a result, we get two possible problems:

  • What does a person do in such cases? Clicks on the “Register” button again. Once again. What’s going on with the broker? He gets a new lead every time! Those are duplicates. In such cases, the browser itself discards the first request and forgets about it. And the server, in turn, discards duplicates. As a result, we get a situation where the browser is waiting for a response to the last request, and it receives a response to the first one. And the user can no longer get into the system. The broker will be angry, and the conversion to the deposit will be lower.
  • The broker’s server is idle for too long and the lead gets an error like “Response timed out”. And at best, it goes back and acts on the previous paragraph.

How to get rid of duplicates and save the autologin link?

Let’s take both problems in turn. There is only one way to protect yourself from maniacal clicking on the registration button. Block the “Register” button after the first request and display a notification that the account is being created and it takes time. If you are an arbitrage specialist, use this in your landings. If it is an affiliate, pass it on to your layout designers and issue secure landing pages to the web. If you have AlterCPA, don’t forget to check the box to block resubmitting the form when creating a landing page. Blocking is implemented through JS. At the time of submitting the form, either a layer is created on top of the entire site, in which the loader is shown, or all buttons on the site receive the disabled attribute.

In the case when an error occurs, you can save yourself by properly setting up the TDS affiliate program, which I implemented in my AlterCPA. Setting up TDS correctly is just sending rejected leads to other advertisers. In our system, a “cancellation processing script” is used for this. It specifies the conditions for redirection to other companies. For example, duplicates – to one company, incorrect GEO – to another.

If the lead did not run away after such a mistake, then he has only one option – to go back to the landing page and click on the registration button again. While the lead was suffering at the monitor, the affiliate network has already received the autologin link, and the task of the system is to save it as the only correct one and send it to the lead in response to a new request, which it will execute after returning to the landing page. At the same time, we block all new requests on our side and do not even send them to the broker.

When data comes to the broker again, he yells: “Duplicate, duplicate!”, And the data just goes into the void. Don’t be like a broker! Why yell when you can just give out the autologin link again? It was not in vain that you carefully preserved it when you first sent it.


Losing a conversion due to the fact that a person has been waiting for a response from a broker’s slow system for a long time is extremely disappointing. Above are two simple life hacks, by applying which you can increase your profit by 3-7%, as our statistics show.