Tracked deep links
One tracked link per piece of content or campaign, with a Sub-ID. The fastest way to start, zero code.
- Deep links per page and per offer
- Sub-ID per campaign, content or point of sale
- 90-day attribution cookie, last-click
Developer platform
A signed conversion API, tracked deep links and S2S postback to your stack. Wire up HelloSafe travel insurance in days, without becoming an insurer.
Integration paths
From a tracked link in an afternoon to a REST quote API: pick your level of integration. Same cover, same commissions.
One tracked link per piece of content or campaign, with a Sub-ID. The fastest way to start, zero code.
Notify Atlas when an attributed sale lands or changes state. HMAC-signed request, state machine, idempotent.
Send conversions back to wherever you run your business: Impact, Partnerize, Awin, Voluum, RedTrack, Everflow or a BI webhook.
Quote, compare and bind policies over an API. REST endpoints and a sandbox, in private beta.
Expose HelloSafe as typed tools your LLM can call: search, compare, bind. In private beta.
The conversion API, concretely
The conversion API is live today. You post an attributed sale, Atlas matches it to the link, converts to EUR (our accounting currency) and computes the commission from your rate card.
During the launch phase, keys are granted on request. You get a key_id and a signing secret scoped to your integration.
Compute HMAC-SHA256 of the secret over timestamp.body, then send the x-atlas-key-id, x-atlas-timestamp and x-atlas-signature headers. The replay window is 5 minutes.
Send ref and externalOrderId, plus the gross amount in its native currency and the state. Atlas freezes the FX rate, computes the commission and returns the applied state.
import { createHmac } from "node:crypto";
const secret = process.env.ATLAS_SIGNING_SECRET;
const body = JSON.stringify({
ref: "hs-acme-7f3k9",
externalOrderId: "ORDER-5821",
amount: 79.90,
currency: "GBP",
status: "validated"
});
const ts = Math.floor(Date.now() / 1000).toString();
const signature = "v1=" + createHmac("sha256", secret)
.update(`${ts}.${body}`)
.digest("hex");
await fetch("https://atlas.hellosafe.com/api/postback/conversion", {
method: "POST",
headers: {
"Content-Type": "application/json",
"x-atlas-key-id": "pbk_live_a1b2c3",
"x-atlas-timestamp": ts,
"x-atlas-signature": signature
},
body
});
// → 200 { ok: true, action: "inserted", status: "validated" } Postback signed with HMAC-SHA256. A 200 returns the applied action and state.
Payload reference
JSON. ref and externalOrderId are required; everything else is optional. Any commission you send is ignored, the ledger is the source of truth.
| Field | Type | Required | Description |
|---|---|---|---|
ref | string | Yes | Attribution identifier, in the partnerCode-shortCode format. |
externalOrderId | string | Yes | Your order identifier. Acts as the idempotency key on the Atlas side. |
amount | number | No | Gross sale amount, in its native currency. |
currency | string (3) | No | ISO 4217 code. An unknown currency is stored needs_fx and priced later. |
status | enum | No | pending, validated or cancelled. Defaults to pending. |
subId | string | No | Campaign or content sub-identifier, for your reporting. |
Response codes
Explicit HTTP codes. Forbidden state transitions are never silently applied.
| Code | Meaning |
|---|---|
200 | Conversion recorded. action: inserted, updated, transitioned or unchanged. |
400 | Missing fields, invalid ref, or a ref that does not match the link owner. |
401 | Invalid signature, key or timestamp (5-minute window). |
404 | No link found for this ref. |
409 | Forbidden state transition: the state machine refuses it. |
422 | Amount above the per-conversion safety ceiling. |
Authentication & security
Every caller has its own key and its own secret. Nothing is shared, everything is revocable.
A distinct key_id and signing secret per integration. Revoke one without touching the others.
The signature covers timestamp.body byte for byte. Any tampering with the body invalidates the request.
Requests whose timestamp is more than 5 minutes off are rejected. No replaying a captured request.
pending to validated or cancelled; validated to cancelled only; cancelled is terminal. Re-sending the same state is a no-op.
Pricing
No setup fee, no monthly platform fee, no per-call charge. HelloSafe earns its share from the insurers; your revenue is purely commission.
$0
Getting your API key, connecting your integration and testing in our environment costs nothing. No NDA, no procurement process.
$0
The conversion API, deep links and S2S postback have no per-call charge and no monthly minimum. Scale as fast as your users travel.
50%
You earn half of HelloSafe's commission on every purchase and renewal your integration drives, paid monthly.
Reliability & support
The conversion API and tracked links run on Cloudflare's edge network. Here is what you can plan around for uptime, retries and support.
99.9%
Postbacks and tracked links run on Cloudflare Workers with automatic failover. No single region can take the service down.
300+
Requests are served from the Cloudflare point of presence nearest your users; commission and FX are then computed asynchronously, off your checkout's critical path.
< 24h
Email support answers within one business day, on business days. Integration questions reach the partner engineering team, not an anonymous queue.
5 min
Idempotent by externalOrderId: retry on any timeout without double-counting, and a captured request cannot be replayed past five minutes.
A public status page is on the roadmap. Until it ships, your integration and incident contact is the partner team, reachable from the contact page.
Early access
Beyond conversion, these capabilities exist in private beta. Tell us what you are building to join the programme.
Multi-insurer quotes, comparison and binding over an API, with a sandbox and OpenAPI documentation.
The first 6 digits of a card return what the card already covers, so you only sell the gap.
Typed tools so your AI agents can search, compare and bind, grounded in live data.
What teams ask before they integrate.
Nothing. There is no setup fee, no monthly platform fee and no per-call charge on the conversion API or deep links. You earn 50% of commissions on sales your integration drives; that is the only money flow in the programme.
The conversion (postback) API is live. The REST quote-and-bind API exists in private beta: request early access and we will open a sandbox for you.
Per-caller signed keys. You compute HMAC-SHA256 of the secret over timestamp.body and send it in x-atlas-signature, with a 5-minute replay window. A legacy Bearer path exists while existing callers migrate.
The gross amount in its native currency, with the currency code (GBP for UK sales). Atlas freezes the rate at ingest, converts to EUR (our internal accounting currency) and computes the commission from your rate card. Any commission you send is ignored.
Yes. externalOrderId is the key: re-sending the same state is a no-op, and the state machine refuses forbidden transitions with a 409 rather than applying them silently.
Yes. We expose a standard S2S postback that connects natively to Impact, Partnerize, Awin, Voluum, RedTrack and Everflow, or a webhook to your BI.
An OpenAPI reference ships with the REST quote API in private beta. The conversion API is documented by its contract above: endpoint, signed headers, payload and response codes.
Yes, in private beta. The MCP server exposes quoting, comparison and binding as typed tools your LLM or agent can call.
The conversion API and tracked links run on Cloudflare Workers, deployed across 300+ edge locations with automatic failover, for a target of 99.9% uptime. Email support answers within one business day. The postback is idempotent, so any timeout is safe to retry. A public status page is on the roadmap.
Have a technical or commercial question? Contact us
Let's build
Tell us what you're building. We'll map the fastest path (links, postback or API) and open a key for you.