The problems and what I wanted to achieve
When looking at some content locking solutions I came to the conclusion that most of them are pretty insecure. I mean they just add some overlay over the content? Ever heard of developer tools? You can just remove this stuff by deleting it from the HTML markup. I mean most people may not know how to do this and maybe this isn’t too much of a problem but e.g. I know someone who has a page in the gaming niche where he would give away stuff which costs him 30-40c for every lead someone gets him. Unlimited. Now think someone could go around this, that would be pretty bad.
The next thing is when you’re doing stuff which is a little bit “blackhat” you maybe don’t want your CPA network to see where the guys filling out the offers come from. So you need some way to “cloak” your locked pages.
Another problem I had was that I needed a way to let the user see the content only one time and really only one time, so when he reloads the page it should be locked again immediately. Most content locking solutions I saw would relock the page only after some time span like min. 24h.
This whole thing is split into two parts:
- the page with the offers (let’s call it “offer-page”)
- all pages where content needs to be locked (“content-page”)
But how to connect them?
The idea here is that on the “offer-page”, when someone fills out an offer and generates a lead it shows some kind of “key” (random generated hash). This page has an API which allows you to “talk” to it from another page and check if a key is valid.
The “content-page” shows at first only a form with an input box for such a key and some notice like “You need an unlock key to view this content” along with a link that says “Get your unlock key here!” which points to the offer-page. When an unlock key is entered on the content-page it will make a request to the offer-page to check if the key is valid and if it is it show the locked content.
Let’s go into more detail about this.
What do you need
- a domain and hosting naturally
- an API from a CPA network
- a database
How to set it up
You need a frontend for the user which displays the available offers. Pull the data for the offers from the API of your CPA network and display it on the page.
On the server this check should do the following:
It checks the API of the network with the IP of the user. If the lead count is more then 0 it should generate a key and store this key into a DB table and send it back. Now there’s the problem that the lead count will stay at 1 also if a key is generated already so what I did was make a second DB table which stores the IP of the user and a counter that’s always set to the lead count when a key is generated. That way also if you get 1 lead back from the API but 1 key was generated already it would still not count as lead and wouldn’t create another key.
When doing it that way you should always get the all time lead count from the API or otherwise set an expiration time in the IP database.
Now when the JS gets a key sent back from the server it just removes the offers with something like “Your unlock key is: [key]”.
Now the user has a key and this key is stored in your database.
The last thing you’ll need for this offer-page is some API endpoint where you can send a request to from another page, including a key, and which sends back either if it is valid or not. Since we only want the user to see the page a single time it also should delete the key from the database after confirming it true.
The content page
The scenario is that the user can view the page only once with a key. Therefor when he loads the page he has a possibility of entering a key and if it’s valid the real content shows up.
For this the easiest way to achieve is in checking the request method. When the user enters a URL in the browser or gets to the page it’s always a GET request. But if he submits a form a POST request is done. So in the background it checks for this and sends back the key form if it’s a GET request. But if it’s a POST request which includes the key it sends the key to the offer page via API call and if it’s a valid key it sends back the real content. Otherwise it again just sends back the key form (maybe with some “invalid key” message).
Update: A member on BHW told me that his conversion rate was higher when using the overlay instead of completely hiding the locked content away. I haven’t tested this but it sounds pretty logical, because I guess it’s more tempting for a user to get the content when he already gets an hint of what is waiting for him. So when using this solution you might think of either adding a background image which makes it look like it’s an overlay or adding a screenshot of the content on this page. So basically let the user see what he’s getting this key for, but without making him able to access it without the key 😉
- People can’t just remove some elements from the HTML markup and go around the locker
- You can use the offer-page for any content you want to lock, on any page. Could also easily be built as WordPress Plugin.
- For your CPA network all leads and clicks are coming from one single page and if you do blackhat stuff and they ask you where your traffic is coming from you could easily fool them since you can lock stuff on any page. Just take some legitimate blog, add the key form lock to some articles and tell them that’s where your traffic comes from
- You could also include multiple CPA networks API’s so you would have even more offers to show and that could make you more revenue per lead since you could place more rentable offers on the page
- You could be sure people have to fill out an offer any time they want to see that content again
Maybe this gives someone some ideas, it’s not a step-by-step instruction but more of a guideline but I think it’s pretty useful for some projects. Also this could be adjusted for other scenarios quite easily.
If you need someone to implement this or any similar solution to your page(s) don’t hesitate to conact me 😉