Documentation

Vote callback integration

Every time a player votes for your server, RSPS List fires a GET request at your callback URL. Your endpoint verifies the secret, rewards the player, and returns 200. That is the entire contract. The examples below cover PHP, Node.js and Java so you can drop something working into your stack in minutes.

List your server

Create your listing with clear tags, a strong banner, and the callback secret we use to sign every vote notification.

Wire up the endpoint

Point your callback URL at a handler that checks the secret, rewards the player, and returns HTTP 200 to confirm receipt.

Climb the rankings

In-game rewards drive repeat votes from your active players. More real votes push your server higher on the RSPS List toplist.

How the callback request works

When a vote is confirmed, RSPS List sends a GET request to the URL you configured in your server settings:

https://yourdomain.com/vote/callback?callback=Player123&ip=1.2.3.4&secret=YOUR_SECRET

The request carries three query parameters:

callback
The player username or identifier passed through the voting link.
ip
The IP address the vote originated from.
secret
Your private key, proof that the request genuinely came from RSPS List.

Your endpoint must do three things:

  • Verify the secret matches the one in your RSPS List server settings.
  • Reward the player identified by the callback parameter.
  • Return HTTP 200 OK to acknowledge the notification.
PHP Integration
PHP
<?php
$secret = "YOUR_SECRET_KEY"; // must match your RSPS List settings

if (!isset($_GET['secret']) || $_GET['secret'] !== $secret) {
    http_response_code(403);
    exit("Invalid secret");
}

$player = $_GET['callback'] ?? 'unknown';
$ip = $_GET['ip'] ?? 'unknown';

http_response_code(200);
echo "Vote registered for $player (IP: $ip)";
?>
Node.js (Express)
JavaScript
import express from "express";
const app = express();

const CALLBACK_SECRET = "YOUR_SECRET_KEY";

app.get("/vote/callback", (req, res) => {
  const { callback, ip, secret } = req.query;

  if (secret !== CALLBACK_SECRET) {
    return res.status(403).send("Invalid secret");
  }

  console.log(`Vote received for ${callback} from IP ${ip}`);
  res.status(200).send("Vote registered successfully");
});

app.listen(3000, () => console.log("Callback listener running on port 3000"));
Java (Spring Boot)
Java
package com.example.vote;

import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class VoteCallbackController {

    private static final String CALLBACK_SECRET = "YOUR_SECRET_KEY";

    @GetMapping("/vote/callback")
    public String handleVoteCallback(
            @RequestParam String callback,
            @RequestParam String ip,
            @RequestParam String secret
    ) {
        if (!CALLBACK_SECRET.equals(secret)) {
            return "Invalid secret";
        }

        System.out.println("Vote received for " + callback + " from IP " + ip);
        return "Vote registered successfully";
    }
}
Testing your integration

Hit your endpoint directly with curl before going live. You should see a 200 and your reward logic fire:

curl "https://yourdomain.com/vote/callback?callback=TestUser&ip=1.2.3.4&secret=YOUR_SECRET_KEY"
Always validate the secret before touching the player record.
Use HTTPS, not plain HTTP, for all callback URLs.
Log every incoming request so you can audit suspicious activity.
Respond with HTTP 200 to confirm receipt.
One callback endpoint per server listing.
Handle duplicate vote attempts gracefully.
List your server