Best Practices

Note the following best practices for using the Reward API.

General

  • Moments charges you for the action when you call the getReward method of the Reward API, not when the user actually redeems the reward. Take care where you place that method call in your code, so that the app calls the method only when you are about to present the reward URL to the user.

Security

  • For security reasons, do not call the Rewards API methods from your app client. Always call the Rewards API methods from your server code.

  • Your app server that sends the Moments API requests should either have a dedicated public ip address or share a NAT IP address. This allows the Reward API servers to accept API requests only from the valid IP addresses.

Localization

  • We recommend that you use constant string IDs for display text in your server code. This will allow your server to more easily handle localization.

User experience

  • We recommend that you provide the reward notification and redemption experience in your app or website, so that customers are more likely to complete the actions.

  • Embed Reward URL in a “Redeem Now” button in the app and/or send the Reward URL to the user in an email.

  • To go to the Amazon site from your app, use a webview.

Troubleshooting and support

  • We recommend that you create a log each time your server receives an API response from the Rewards API. Include a timestamp and the raw payload, including the header and the raw response.

  • We recommend that you create a log each time you send a Reward Notification URL to the client. Include the URL itself, your customer identify and a timestamp. If the end user has a problem (for example, did not receive the URL) the log provides valuable information to help resolve the problem.

  • Always use the message in the response from the Rewards API for announcement and confirmation. This will avoid code changes when a message needs to be updated.