OpenID Connect

NATS 4

About NATS 4
NATS4 Requirements
NATS4 vs NATS3 Advantages
IPSP Integration
NATS4 Changelog

For Affiliates
Affiliate Adtools
Automatic Campaigns
Affiliate Payment Information
Affiliate Defaults
Linkcodes
Affiliate Stats Dumps
ASP Query String
Deep Linking
Main Program Page
NATSCode

NATS 4.1 Affiliate Area
NATS 4.1 Affiliate Area
Affiliate Account Details
Affiliate Account Change Log
Affiliate Adtools
Affiliate Adtools Search
Affiliate Campaigns
Affiliate Dashboard
Dashboard Key Statistics
Dashboard Statistics Summary
Affiliate Display Settings
Affiliate Email and Notification Settings
Affiliate Linkcodes
Affiliate Linkcode Settings
Affiliate Login History
Affiliate Messages
Affiliate Payment History
Affiliate Referrals Report
Affiliate Referring URL Report
Affiliate Signup
Affiliate Skins and Languages
Affiliate Statistic Filters
Affiliate Statistic Views
Quick Links
Affiliate Bonus Rewards

NATS 4 Upgrade Changelog
Administration Changes
Admins
Admin Overview
Reports Admin
Payments Admin
News and Notifications Admin
Affiliates Admin
Members Admin
Sites Admin
Difference between NATS4 and NATS3 Postback URL
Programs Admin
Billers Admin
Adtools Admin
Upsells Admin
Includes Admin
Mailing Admin
Skins & Templates Admin
Configuration Admin
Cleanup and Maintenance Admin
Logs Admin
Affiliate Changes
Affiliate Dashboard
Affiliate Statistics
Affiliate Adtools
Affiliate My Account
Affiliate Support

NATS Setup
Post-Installation Steps
Apache Configuration
MySQL Settings
Creating Admin Accounts
Multiple Server Setup
Using Memcached for Caching
File Upload Setup
Link Domain
HTTPS Setup
NATS4 Files and Directories
NATS4 Go Live Checklist
NATS3 to NATS4 Going Live Checklist
Moving NATS4

Admin Overview
The Admin Overview

Reporting Admin
The Reporting Admin
track and strack
Fraud Reports

Report Breakdowns
The Profit and Loss Report
The Retention Report
The Subscription Report
The Transactions Report
The Detailed Trial Report
The Cascade Activity Report
The Fraud Report
The Account Rep Report
The Surfer Actions Report
The Affiliate Referral Tier Payouts Report
The Affiliate Referral Signup Payouts Report
The Additional Payout Report
The Graphical Affiliate Comparison Report
The Single Day Comparison Report
The Affiliate Liability Details Report

Payments Admin
The Payments Admin
Creating and Editing PayVia Options and Dump Formats
Pay Via Types
Check Functions
Payment Dump Entry Numbers
Bulk Invoice Import
Payment Dump Variables
Payment Periods
Payout Period Configuration
Manual Invoices

Payment Methods
Intercash
RevUpCard
ePayService
Payza

News and Notifications Admin
The News and Notifications Admin
Add News Item
Sending Messages

Affiliates Admin
The Affiliates Admin
ID Numbers
Account Representatives
Affiliate Referrals
Affiliate Activation
Affiliate Access Permissions
Affiliate Admin Settings
Affiliate Overrides
Creating Admin Accounts
In-House Accounts
Affiliate-Specific Join Options and Payouts
Add Manual Sale
Manual Invoices
Affiliate Groups
Affiliate Documents
Change Affiliate Status

Members Admin
The Members Admin
View Member Details
Add Member
MySQL Auth
Mod Authn DB
Multisite Access
Member Logging
Member Password Retrieval
OpenID Connect
Mod Auth OpenIDC
ID Numbers

Sites Admin
The Sites Admin
Sites
Site Setup
Site Templates
Tour Setup
Join Options
No Cost Registration
Special Pricing Options
Join Option Rules
Post URL Usage
Post URLs in NATS4
Approval/Upgrade/Denial Variables
Approval/Upgrade/Denial Template Variables
Mobile Tours
Token Sites
ID Numbers
Site Partner
Site User Management
Example Postbacks for Site User Management
Configure Redirects
Split A-B Testing
Username Checking
Form Validation
Post-Biller Templates
Send Information To Special Biller
Join Option Box vs Button
Qualified Join Page Hits
Allowed languages
Customize Join Form
Package Plus
Token Plus
Signup Plus
Type-In Traffic
Coupon Codes
Setting Rules
Site Groups
Options Simulator
ATVOD Verification Process

Programs Admin
The Programs Admin
Adding Programs
Payout Changes
NATS4 Affiliate Referrals
ID Numbers
NATS Program
Special Pricing Options
Setting Rules

Billers Admin
The Billers Admin
Biller
Biller Fees
Taxes
NATS Cascades
Add Cascade
Cascade Weight
Autocascade
Hidden Cascades
Geo-Targeting Cascades
Post-Biller Templates
HTTPS Gateways
Timed Cascade Rules
Upgrade Plus
Token Plus
Gateway One Step Join
Extra Biller Fields
Send Information To Special Biller
Setting Rules
Cross Sell Supported Billers
Upsell Supported Billers
Packageplus Supported Billers
Tokenplus Supported Billers

Biller Instructions
NATS4 Biller List
2000Charge
2000Charge Gateway
2KCHARGE
A1Payments
Aebill
Aconti
Allopass
AltoBilling
Argus
Authorize.net
Bill1st Gateway
BillAPay Gateway
Billing Revolution
Billing United
Bit-Pay
BoaCompra
Braintree Payments
C2Bill
CardFlex
CCBill
CCBill Flexform
CCBill Web900
CashSend
CashtoCode
Centili
Centrobill
Clearcard
Clearcard IDV
Click and Buy
CoinGate
CoinPayments
CommerceGate
CurePay
DHD
DHDGateway
DIMOCO
EGatePay
ElectraCash
eMerchantPay Gateway
eMPPay.com
Epoch
Escalion
EuroBill
EPGBill.com
Ezic, Inc.
Focal Payments
FXBilling
FXBilling Native
Gateway tokens
Gigadat
Global Access
GlobalCharge
Global DPS
GoCoin
Greta 11 (G11Bill)
GTBill
GTBill GATEWAY
GXBill
ICN Ltd.
Itelebill
Jettis International
Jettis International Gateway
LocalBilling
MobiusPay
MerlinBill
NETbilling
NETbilling Native
NetCash
NetMobile
Netpay International
NoCreditCard
OrbitalPay
Password By Phone
Pay4
Pay900
Payment Network
Paygarden
Paygea
PayPal
Paysite Cash
Payspace
Payspace Gateway
Plug'n Pay
Prime Orange
Probiller
PumaPay
Rocketfuel
RocketGate
RocketGate Native
RSBilling
RSBilling Native
SafeCharge
SafeCharge Native
Secure Billing Worldwide
Secure Billing Worldwide Gateway
Secure Trading
SecurionPay
SegPay
SegPay Gateway
SOFORTdauerauftrag
Sonic Bill
StandardBill
TrustCharge
Telecom
UKash
Vendo Services
Vendo
Verotel Pro
Voxtel
VXSBill
WebBilling
Wispay
WTS
WTSeu
Zombaio
Shopping Cart Sales
Switching From Epoch to Epoch EU

Third Party Admin
Third Parties
Supported Third Parties
AdultFriendFinder
AdultFriendFinderAPI
Cams.com
Datingfactory
DatingGold
EffexMedia
Fling
Flirt4Free
GameLink
MallCom
MyDirtyHobby
SexGoesMobile (SGM)
StreaMate
WebCamClub
WebCams
Wister
XloveCash
XOnDemand

Adtools Admin
The Adtools Admin
Duplicating Adtool Types
Add New Adtools
Add New Adtool Type
Bulk Import Adtools
Downloadable Content Adtool Type
Get Hosted Galleries
Adtool Templates
Content of the Day
Linkcodes and Tools Admin
Setting Rules

Default Adtool Types
Adtool Types
Image Banners
Geo Banners
Flash Banners
Free Hosted Galleries
Mailers
Feeds
Content
Fan Signs
Flash Videos
Embedded Videos
Hosted Videos
Page Peels
IM Popups
Footer Ads
Page Ads
Hosted Free Sites
Overlays

Upsells Admin
The Upsells Admin
Configuring Cross Sells
Configuring Upsells
Cross Sell Supported Billers
Upsell Supported Billers
Process Gateway Cross Sales Outside NATS
Cross Sells: A to Z
Upsells: A to Z
Upsell Plus
Setting Rules

Includes Admin
The Includes Admin
The Promotionals Admin
IntelliChat

Mailing Admin
The Mailing Admin
Create New Mailer
Email Configuration
The Mailing Queue
Mailer Template Variables
Mass Mailing Template Variables
Common Mailer Examples
Setting Rules

Skins and Templates Admin
The Skins and Templates Admin
Skins
Templates
Site Templates
Language Skins
Language Files
custom_errors.php
Join Page Variables
Skipping NATS Join Form
Post URL Variables
Member Usernames & Passwords
Form Validation
Username Recommendations
Password Retrieval
Post-Biller Templates
Geo-Target Join Options
Random Usernames and Passwords
Smarty
Smarty print array
Smarty Plugins
Available Smarty Functions
Affiliate Support Template
Adding a Verification Image
Custom Program and Campaign Selection Pages
Output An Affiliate's Last Paid Date
Affiliate Signup Email
Affiliate Join Page Linkcodes
Approval/Upgrade/Denial Variables
Approval/Upgrade/Denial Template Variables
CSS Theme Builder

Template Functions
nats_add_to_array
nats_adtool_replace_linkcode
nats_array_flip
nats_array_to_xml
nats_build_array_by_reference
nats_convert_bytes
nats_decode
nats_display_account_campaigns
nats_display_account_change_history
nats_display_account_notifications
nats_display_account_preview
nats_display_admin_links
nats_display_admin_message
nats_display_adtool_form
nats_display_adtool_types
nats_display_adtools
nats_display_adtools_type_limit
nats_display_choose_adtools_group
nats_display_code_info
nats_display_create_campaign
nats_display_edit_account_details
nats_display_edit_account_settings
nats_display_edit_defaults
nats_display_edit_password
nats_display_edit_payvia
nats_display_edit_payvia_info
nats_display_edit_skin
nats_display_gallery_builder
nats_display_graph
nats_display_hourly_sales
nats_display_latest_adtools
nats_display_map
nats_display_news
nats_display_page_peel
nats_display_payment_history
nats_display_payment_summary
nats_display_ratio
nats_display_reward_category
nats_display_reward_order
nats_display_reward_purchases
nats_display_signup_advanced
nats_display_signup_basic
nats_display_signup_payvia
nats_display_stats
nats_display_stats_calendar
nats_display_stats_form
nats_display_stats_referrals
nats_display_stats_retention
nats_display_stats_subscription_details
nats_display_stats_table
nats_display_timezones
nats_display_top_stats
nats_dump_data
nats_encode
nats_get_first_in_array
nats_get_payment_breakdown
nats_get_period_end
nats_get_reward_categories
nats_get_member
nats_list_adtool_groups
nats_list_affiliates
nats_list_billers
nats_list_campaigns
nats_list_linkcodes
nats_list_options
nats_get_option_details
nats_list_programs
nats_list_sites
nats_list_tool_categories
nats_list_tours
nats_list_xsells
nats_smarty_function_amount_owed
nats_smarty_function_getbonus
nats_smarty_rebuild_form
nats_smarty_rebuild_link
nats_smarty_rebuild_query
nats_tooltip
nats_track_link
nats_strack_link
tmm_admin_pagination
Template Shortcuts
add_to_array
adtool_replace_linkcode
affiliate_select_form
array_flip
array_to_xml
amount_owed
build_array_by_reference
convert_bytes
display_account_campaigns
display_account_change_history
display_account_notifications
display_account_preview
display_admin_links
display_adtool_form
display_adtool_types
display_adtools
display_adtools_type_limit
display_choose_adtools_group
display_code_info
display_create_campaign
display_gallery_builder
display_stats_referrals
display_edit_account_details
display_edit_account_settings
display_edit_defaults
display_edit_password
display_edit_payvia
display_edit_payvia_info
display_edit_skin
display_graph
display_hourly_sales
display_latest_adtools
display_map
display_news
display_page_peel
display_payment_history
display_payment_summary
display_ratio
display_reward_category
display_reward_order
display_reward_purchases
display_signup_advanced
display_signup_basic
display_signup_payvia
display_stats
display_stats_calendar
display_stats_table
display_stats_form
display_stats_retention
display_stats_subscription_details
display_top_stats
display_timezones
dump_data
get_first
get_period_end
get_reward_categories
list_billers
list_campaigns
list_linkcodes
list_options
list_programs
list_sites
list_tool_categories
list_tours
list_xsells
rebuild_form
rebuild_link
rebuild_query
reward_points
tooltip
Common Parameters
assign
assign_prefix
count
data_only
display_on_assign
start
tpl

NATS Configuration Admin
The Configuration Admin
Log Admin Activity
IP Address Filtering
MEMBER_EXPIRE_PAD
SKIP COUNTRIES
Fraud Configuration
Email Configuration
Affiliate Signup Email
Affiliate Postback
Affiliate Postback NEW
Affiliate Analytics
Throttling
NATS4 Terms of Service feature
GeoIP2

SOAP API
API
API Best Practices
WSDL Cache
Add Affiliate
Add Member Note
Admin Get Adtools
Adtool Categories
Adtool Types
Affiliate Get Campaigns
Bulk Import Adtools
Caching
Decode Natscode
Expire Manual Member
Get Affiliate Campaigns
Get Affiliate Hit Data
Get Affiliate Loginids
Get Affiliate Nats Codes
Get Affiliate Payout
Get Affiliate Program Campaign List
Get_Affiliate_Program_Campaign_List
Get Member Details
Get Member Instant Upgrade String
Get Member Package Upgrade String
Get Member Token Rebuy String
Get Member Upsell String
Get Payment Data
Get Payvia Rule
Get Profit Loss Report
Ping
Record Member Login
Search Affiliate Info
Search Member Info
Send Email API Function
Set Affiliate Admin Settings
Set Affiliate Customs
Set Affiliate Defaults
Set Affiliate Information
Set Affiliate Settings
Set Member Details
Set Payment Status
Set Payvia Rule

REST API
API Overview
API Best Practices
REST API PATH UPDATES
Adtools
GET /adtools/admin
GET /adtools/categories
GET /adtools/types
POST /adtools/importdump
Affiliate
GET /affiliate/campaigns
GET /affiliate/hitdata
GET /affiliate/payout
GET /affiliate/searchinfo
POST /affiliate/addaffiliate
POST /affiliate/invoice
PATCH /affiliate/setadminsettings
PATCH /affiliate/setcustoms
PATCH /affiliate/setdefaults
PATCH /affiliate/setinformation
PATCH /affiliate/setpayviainfo
PATCH /affiliate/setsettings
PATCH /affiliate/status
Member
GET /member/authstring
GET /member/details
GET /member/searchinfo
GET /suggestedcanceloffers
PATCH /member/setdetails
PATCH /member/setexpiration
POST /member/addnote
POST /member/recordlogin
PUT /member/expiremanual
PATCH /member/forget
Option
GET /option/options
GET /option/rule
PATCH /option/rule
PATCH/option/text
POST /option/rule
Payments
GET /payments/getpayments
GET /payviarule
PATCH /payments/setstatus
PATCH /payviarule
Report
GET /profitlossreport
Get /transactionpayouts
GET /report/transaction
Service
GET /service/decodenatscode
GET /service/ping
POST /service/sendemail

Misc. Admins
Database Cleanup
Support Admin
Logs Admin
Rules
Freeform Date
Rewards Admin

Troubleshooting
Common Errors
Email_Issues
Fix Graphs
Expired License
Zend License
Zip Files in Internet Explorer

NATS Extras
TMMid
Gallery Builder Module
CAPTCHA
Remote Affiliate Authentication
Build Your Own Anything Module
Shopping Cart Sales
Moving Tours, Members' Area, and Galleries
Admin Areas
Extended Sales
NATS Code Wordpress Plugin
Error_message_display
ATVOD Verification Process

As of version 4.1.21.1 NATS can be used as an OpenID Connect server. This is another option for member authentication. In order to utilize this feature, you will need to use an OpenID Connect client. When developing this feature, we used the mod_auth_openidc apache module. Here is an example implementation. Unlike the standard OpenID Connect server implementation, consent for the surfer to provide protected details (like username and email) to the client (members area) is implied.

Setup

Go to the NATS config admin -> surfers and scroll down to the 'Member OpenID Connect Server' section.
Enable the ENABLE_MEMBER_OPENID config option.
Provide a list of all ips defined on your member area server(s) by entering it into the MEMBER_OPENID_SECURE_IPS field.
Enter the password that your member area(s) will use for the token endpoint authentication into the MEMBER_OPENID_CLIENT_SECRET field. If you are using mod_auth_openidc as the client, this is the value you will need for the OIDCClientSecret field.
Decide what domain (and protocol) you will use for the authorization (login) page as well as the token and the userinfo endpoints
Determine what claims you want returned.
NOTE: Confirm there is a value set for MEMBER_OPENID_SIGNING_KEY_ID. If it is not set, contact TMM Support to generate the signing key for you.
Set up an OpenID Connect client in your members area(s).

Additional Configuration Options

MEMBER_OPENID_EXPIRED_LOGIN - Enabling this option will allow expired members to login. You will be able to differentiate active members from expired members by using the status claim. It will have value 1 for active members and 2 for expired members.

MEMBER_OPENID_SETUP_ERROR_SHOW_TEMPLATE - Enabling this option will display a NATS site template when a configuration error occurs instead of redirecting back to the members area. An example of a configuration error would be leaving the ENABLE_MEMBER_OPENID option disabled.

MEMBER_OPENID_AUTH_CODE_DURATION - This option determines the length of time (in seconds) that the auth code (from the authorization endpoint aka the login page) is good for.

MEMBER_OPENID_ACCESS_TOKEN_DURATION - This option determines the length of time (in seconds) that the access token (from the token endpoint) is good for. If you are using mod_auth_openidc as the client, you will need to set the OIDCUserInfoSignedResponseAlg field.

MEMBER_OPENID_SIGN_USERINFO_REPLY - Enabling this option will cause NATS OpenID Connect server to sign the userinfo endpoint reply (in the same way that id_token is signed in the token endpoint reply) and return a JSON Web Token instead of a JSON encoded array. If you are using mod_auth_openidc as the client, this is the value you will need for the OIDCSessionMaxDuration field.

THROTTLE_LOGIN, THROTTLE_LOGIN_MAX_COUNT, THROTTLE_LOGIN_TIME_LIMIT - These work like the other throttling settings and apply to the authorization endpoint

The following options are useful for debugging, but for security reasons we recommend leaving them disabled in production environments:

MEMBER_OPENID_DESCRIPTIVE_LOGIN_ERROR - Enabling this option will display a descriptive error message on the login page when the authentication fails. Some of the example error messages include 'Incorrect username!' and 'Incorrect password!'. If this option is disabled, regardless of the reason for failed authentication, members will receive the 'Login Failed!' error message.

MEMBER_OPENID_REDIECT_ERROR_DETAIL - Enabling this option will provide a detailed error description when a configuration error occurs at the authorization endpoint.

MEMBER_OPENID_POST_ERROR_DETAIL - Enabling this option will provide a detailed error description on token and userinfo endpoint errors.

Authorization Domain

You have a couple options when deciding what domain (and protocol) will be used for the authorization (login) page, as well as the token and the userinfo endpoints.

You can use the main NATS url. In this case, the value of the PROJECT_HOSTNAME config setting will be used for the domain, and the protocol will be determined by the PROJECT_HOSTNAME_DISPLAY_HTTPS config setting.
You can provide a single domain (and protocol) to use via the MEMBER_OPENID_DOMAIN config setting. This is very similar to the option above, except that it will be different than the main NATS domain.
You can use each site's link domain. To do this, you will need to enable the MEMBER_OPENID_DYNAMIC_DOMAIN config option.
You can make a custom authorization domain for each site. This is very similar to the option above, except that it will be different than the domain of the join page (login.yoursite.com instead of join.yoursite.com). You will need to set up each of these domains in a similar way that you set up your link domains.

Claims

The id_token that is generated by the token endpoint contains only the sub claim. The value is the NATS member id for the successfully authenticated member. The userinfo endpoint contains a variety of other claims. NATS OpenID Connect server will return all claims that you enabled. Here is the breakdown of claims that the NATS OpenID Connect server can return:

Default:
- sub (NATS memberid)
- username

Enabling MEMBER_OPENID_BASE_INFO will return:
- email
- firstname
- lastname
- trial (1 if in trial, 0 otherwise)
- status (1 if active, 2 if expired)
- siteid

Enabling MEMBER_OPENID_JOIN_EXPIRE_INFO will return a JSON encoded array named join_expire containing the following fields (all UNIX timestamps):
- joined
- expired
- expires
- nats_expires
- biller_expires

Enabling MEMBER_OPENID_IDENTIFIER_INFO will return a JSON encoded array named identifier containing the following fields:
- identid (internal NATS identifier id)
- loginid (id of the affiliate)
- campaignid
- programid
- optoinid
- siteid
- tourid
- countryid
- adtoolid
- billerid
- subid1
- subid2
- promotionalid

Enabling MEMBER_OPENID_ADDRESS_INFO will return a JSON encoded array named address containing the following fields:
- address1
- address2
- city
- state
- zip
- country

Enabling MEMBER_OPENID_CUSTOM_INFO will return a JSON encoded array named customs containing the custom1..10 fields

Enabling MEMBER_OPENID_PASSTHROUGH_INFO will return a JSON encoded array named passthroughs containing the passthroughs1..5 fields (affiliate passthroughs)

Additional Troubleshooting

If you are running FastCGI and receiving errors about missing the Authorization header, you may want to add the following line to your htaccess files: SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

Additional Resources

TMM wiki on mod_auth_openidc
OpenID Connect Specs

OpenID Connect

Contents

Setup

Additional Configuration Options

Authorization Domain

Claims

Additional Troubleshooting

Additional Resources

Navigation menu

Page actions

Page actions

Personal tools

Navigation

Products

Tools

Search