New: Separate security tokens for serverside callbacks and SDK

You can now define a dedicated security token to use for serverside callbacks. If you’re using your own server to handle user rewards, instead of the Fyber Virtual Currency Server (VCS), you can make use of this new token if you wish to use a different value than the one that’s stored in your client code.

Each app now has the following security tokens:

Client Security Token: Use this in your SDK configuration to allow the client to communicate with Fyber’s servers. This is always required for mobile apps.


Serverside Callback Security Token: This is only required (and visible) if you have selected to use serverside callbacks for reward handling. Use this token in your own serverside code to parse the callbacks we send each time the user earns a reward (more information here).


How to use the security tokens

  • For existing apps:
    Both security tokens are now available for your use. For existing apps, both tokens will have the same value as the SDK token – so you don’t need to change anything and your integration will continue to work as usual. If you want to change either token, you can find them in the App Settings page in the Fyber Dashboard.
  • For new apps created in the Fyber Dashboard:
    New apps will have a separate SDK and serverside callback token generated, so you will need to use each of these values to integrate your app and respond to the callbacks we send to your server.

If you have any questions regarding these changes, don’t hesitate to contact your Account Manager.

The Fyber Product Team


Read these next

Contact Us

    By sharing your information you are agreeing to receive communications in regards to any questions or requests submitted on this form. Fyber will keep your information solely for internal tracking purposes and will not use this information for any other purpose. You may request to delete the information provided at any time.

    If you send us a message by clicking the "Send" button, we use a recaptcha service provided by Google LLC to check whether the message was sent by a natural person or a computer program ("bot") in order to ensure that only valid user requests are forwarded to us. Google LLC processes personal information from your browser, such as your browser settings and your click behavior on this screen. Please refer to the Privacy Policy for further information on data processing procedures of our third-party services.