Tracking links
Every affiliate gets exactly one URL. The Go edge tracker turns it into attributed, fraud-screened clicks — and the visitor never notices a thing.
The redirect
GET {EDGE_URL}/r/:affiliate_id
HTTP/1.1 302 Found
Location: <campaign destination>?argus_cid=<click id>The tracker resolves the affiliate’s campaign destination from a Redis cache, persists the click asynchronously and answers in well under 10 ms. The argus_cid appended to the destination is a 32-character hex click id (128 bits of crypto/rand) — unguessable and unique per click.
$ curl -i http://localhost:8080/r/9b2f1c3a-7e4d-4f6a-b1c2-d3e4f5a6b7c8
HTTP/1.1 302 Found
Location: http://localhost:3002/?argus_cid=4f1d2e3c8a9b4c5d6e7f8091a2b3c4d5Shadow-ban rate limiting
Each visitor IP is salted and hashed before any use — the plaintext address is never stored. Past 60 requests per minute per hashed IP (configurable via RATE_LIMIT_MAX and RATE_LIMIT_WINDOW_SECONDS), new clicks are flagged shadow_banned.
The crucial part: the visitor is still redirected, exactly like a valid click. A fraudster hammering their own link sees normal behavior and has no signal to adapt to. Meanwhile, shadow-banned clicks earn no contest points and any conversion they later produce is automatically rejected (see Webhooks).
Forward the click id to checkout
Attribution survives navigation only if argus_cid reaches your checkout. Stash it when the visitor lands, then attach it to the purchase event:
// On the landing page: capture the click id once
const cid = new URLSearchParams(location.search).get("argus_cid");
if (cid) sessionStorage.setItem("argus_cid", cid);
// At checkout: attach it to your webhook payload
// (or to Stripe metadata / client_reference_id)
const argus_cid = sessionStorage.getItem("argus_cid");With Stripe Checkout, set it as metadata.argus_cid or client_reference_id when creating the session — Argus Grape reads both.